Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

WS.Filmora...64.rar

windows10-1703-x64

9

Resubmissions

03/02/2023, 17:43

230203-wa1m5agd53 9

03/02/2023, 17:32

230203-v4ky4abg91 3

Analysis

  • max time kernel
    840s
  • max time network
    869s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/02/2023, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WS.Filmora.11.7.3.814.w64.rar

  • Size

    471.9MB

  • MD5

    4c80d5d58c201cb78fd5af10000cf85d

  • SHA1

    041356b6fee6ebcde2a769c43d3c99afa22f5c6d

  • SHA256

    4a386815be0781d9ec8defe96bf6818f196b28a1c484357733b13bd8804f2f85

  • SHA512

    3240123d22aeeca127b75804657ef83882738f77ec6beaec4a41a860d2e2b02395ea73857e15b9b225d0a3c922c5b918bdfadd408a89e43884b0f61206dcad27

  • SSDEEP

    12582912:MZDK+XshsBiG+0e5yb/ORHC0WO9sjzUV4s7AesKarfAn1eqtlju:EDK+cSiGR5b/wi0W0lV1Mes1Angula

Score
9/10
bootkitdiscoveryevasionpersistencethemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
    evasion
  • Drops file in Drivers directory 1 IoCs
  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 14 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 44 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 7 IoCs
    persistence
  • Themida packer 9 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 7 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 14 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 27 IoCs
  • Drops file in Program Files directory 58 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 9 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 7 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\WS.Filmora.11.7.3.814.w64.rar
    1⤵
      PID:2496
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2984
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3624
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\WS.Filmora.11.7.3.814.w64\" -ad -an -ai#7zMap12970:130:7zEvent5834
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4188
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\Readme.txt
        1⤵
        • Opens file in notepad (likely ransom note)
        • Suspicious use of FindShellTrayWindow
        PID:4976
      • C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\filmora_64bit_full846.exe
        "C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\filmora_64bit_full846.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4772
        • C:\Users\Admin\AppData\Local\Temp\is-JE435.tmp\filmora_64bit_full846.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-JE435.tmp\filmora_64bit_full846.tmp" /SL5="$20330,464353272,421888,C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\filmora_64bit_full846.exe"
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:164
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            "powershell.exe" [Environment]::GetFolderPath('MyDocuments') | Out-File "C:\Users\Public\Documents\B30281EA-BA02-4586-86F8-C9BE813884C1.txt" -Encoding UTF8
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2116
          • C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\_isetup\_setup64.tmp
            helper 105 0x394
            3⤵
            • Executes dropped EXE
            PID:1868
          • C:\Windows\system32\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s atimpenc.dll
            3⤵
              PID:5032
            • C:\Windows\system32\regsvr32.exe
              "C:\Windows\system32\regsvr32.exe" /s atixcode.dll
              3⤵
                PID:1136
              • C:\Windows\system32\regsvr32.exe
                "C:\Windows\system32\regsvr32.exe" /s CFDecode64.ax
                3⤵
                  PID:684
                • C:\Windows\system32\ie4uinit.exe
                  "C:\Windows\system32\ie4uinit.exe" -show
                  3⤵
                  • Modifies Installed Components in the registry
                  • Registers COM server for autorun
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  PID:892
                • C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\Wondershare Helper Compact.exe
                  "C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\Wondershare Helper Compact.exe" /VERYSILENT /SP-
                  3⤵
                  • Executes dropped EXE
                  • Suspicious use of WriteProcessMemory
                  PID:4668
                  • C:\Users\Admin\AppData\Local\Temp\is-3NQ68.tmp\Wondershare Helper Compact.tmp
                    "C:\Users\Admin\AppData\Local\Temp\is-3NQ68.tmp\Wondershare Helper Compact.tmp" /SL5="$1039E,2101212,54272,C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\Wondershare Helper Compact.exe" /VERYSILENT /SP-
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Adds Run key to start application
                    • Drops file in Program Files directory
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:3696
                    • C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
                      "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" /regserver
                      5⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies registry class
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SetWindowsHookEx
                      PID:4924
                • C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\vcredist_x64.exe
                  "C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\vcredist_x64.exe" /q
                  3⤵
                  • Executes dropped EXE
                  • Suspicious use of WriteProcessMemory
                  PID:196
                  • \??\c:\60eb8cab421249f901\install.exe
                    c:\60eb8cab421249f901\.\install.exe /q
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2936
                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare NativePush.exe
                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare NativePush.exe" /VERYSILENT /BINDINSTALL
                  3⤵
                  • Executes dropped EXE
                  • Suspicious use of WriteProcessMemory
                  PID:1608
                  • C:\Users\Admin\AppData\Local\Temp\is-CHCMN.tmp\Wondershare NativePush.tmp
                    "C:\Users\Admin\AppData\Local\Temp\is-CHCMN.tmp\Wondershare NativePush.tmp" /SL5="$503C2,2940891,938496,C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare NativePush.exe" /VERYSILENT /BINDINSTALL
                    4⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of WriteProcessMemory
                    PID:3508
                    • C:\Users\Admin\AppData\Local\Temp\is-TM76G.tmp\_isetup\_setup64.tmp
                      helper 105 0x3EC
                      5⤵
                      • Executes dropped EXE
                      PID:3388
                    • C:\Windows\system32\netsh.exe
                      "netsh.exe" advfirewall firewall add rule name="WsToastNotification" dir=in security=authnoencap action=allow program="C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe"
                      5⤵
                      • Modifies Windows Firewall
                      PID:1136
                    • C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
                      "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" install
                      5⤵
                      • Executes dropped EXE
                      PID:2356
                    • C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
                      "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" start
                      5⤵
                      • Executes dropped EXE
                      PID:2324
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" http://cbs.wondershare.com/go.php?pid=846&m=i&product_version=11.7.3.814&client_sign={32F18BD3-1ECE-4020-8949-0B6EB7162604}&is_silent_install=0
                  3⤵
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of WriteProcessMemory
                  PID:3596
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xec,0xf0,0xf4,0xc8,0xf8,0x7ff9cf0d4f50,0x7ff9cf0d4f60,0x7ff9cf0d4f70
                    4⤵
                      PID:3664
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1680 /prefetch:8
                      4⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1280
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1508 /prefetch:2
                      4⤵
                        PID:860
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 /prefetch:8
                        4⤵
                          PID:2548
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
                          4⤵
                            PID:1256
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
                            4⤵
                              PID:4992
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
                              4⤵
                                PID:3968
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4128 /prefetch:8
                                4⤵
                                  PID:3952
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
                                  4⤵
                                    PID:3296
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
                                    4⤵
                                      PID:2056
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
                                      4⤵
                                        PID:1472
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
                                        4⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3456
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 /prefetch:8
                                        4⤵
                                          PID:4344
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
                                          4⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:432
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8
                                          4⤵
                                            PID:1008
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5884 /prefetch:8
                                            4⤵
                                              PID:4112
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5856 /prefetch:8
                                              4⤵
                                                PID:748
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                                                4⤵
                                                  PID:352
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:868
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1704
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2260
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:8
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5088
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5568 /prefetch:8
                                                  4⤵
                                                    PID:2696
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=800 /prefetch:8
                                                    4⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:712
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:8
                                                    4⤵
                                                      PID:4544
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
                                                      4⤵
                                                        PID:4192
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=804 /prefetch:2
                                                        4⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4616
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
                                                        4⤵
                                                          PID:2936
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5532 /prefetch:8
                                                          4⤵
                                                            PID:4256
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:8
                                                            4⤵
                                                              PID:5292
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5916 /prefetch:8
                                                              4⤵
                                                                PID:5836
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=888 /prefetch:8
                                                                4⤵
                                                                  PID:5184
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
                                                                  4⤵
                                                                    PID:2968
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,17651307475028399291,7459500885824843109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
                                                                    4⤵
                                                                      PID:5328
                                                                  • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\Wondershare Filmora 11.exe
                                                                    "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\Wondershare Filmora 11.exe"
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:2028
                                                                    • C:\Windows\explorer.exe
                                                                      "C:\Windows\explorer.exe" C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora 11.exe
                                                                      4⤵
                                                                        PID:3712
                                                                • C:\Windows\system32\msiexec.exe
                                                                  C:\Windows\system32\msiexec.exe /V
                                                                  1⤵
                                                                  • Enumerates connected drives
                                                                  • Drops file in Windows directory
                                                                  • Modifies data under HKEY_USERS
                                                                  • Modifies registry class
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:2932
                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of WriteProcessMemory
                                                                  PID:3172
                                                                  • C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
                                                                    "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Registers COM server for autorun
                                                                    • Modifies registry class
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:2404
                                                                • C:\Windows\explorer.exe
                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                  1⤵
                                                                    PID:1896
                                                                    • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora 11.exe
                                                                      "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora 11.exe"
                                                                      2⤵
                                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                      • Checks BIOS information in registry
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • Checks whether UAC is enabled
                                                                      • Writes to the Master Boot Record (MBR)
                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                      • Checks processor information in registry
                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:376
                                                                      • C:\Windows\System32\Wbem\wmic.exe
                                                                        wmic diskdrive where index=1 get serialnumber
                                                                        3⤵
                                                                          PID:4632
                                                                        • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe
                                                                          "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814\resources" 0
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          PID:4128
                                                                        • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe
                                                                          "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814\resources" 1
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          PID:3964
                                                                        • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\FilmoraPlayer.exe
                                                                          "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\FilmoraPlayer.exe" check
                                                                          3⤵
                                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                          • Checks BIOS information in registry
                                                                          • Executes dropped EXE
                                                                          • Checks whether UAC is enabled
                                                                          • Enumerates connected drives
                                                                          • Writes to the Master Boot Record (MBR)
                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                          • Suspicious behavior: AddClipboardFormatListener
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:4788
                                                                    • C:\Windows\system32\taskmgr.exe
                                                                      "C:\Windows\system32\taskmgr.exe" /4
                                                                      1⤵
                                                                      • Drops file in Windows directory
                                                                      • Checks SCSI registry key(s)
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious use of FindShellTrayWindow
                                                                      • Suspicious use of SendNotifyMessage
                                                                      PID:2620
                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                      C:\Windows\system32\AUDIODG.EXE 0x3dc
                                                                      1⤵
                                                                        PID:1700
                                                                      • C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\TC_Medicine11.7.3.exe
                                                                        "C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\TC_Medicine11.7.3.exe"
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2308
                                                                      • C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\Blue_BorFX_Medicine.exe
                                                                        "C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\Blue_BorFX_Medicine.exe"
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        • Drops file in Program Files directory
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:652
                                                                      • C:\Windows\system32\OpenWith.exe
                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                        1⤵
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:4500
                                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Windows\System32\drivers\etc\hosts
                                                                          2⤵
                                                                          • Drops file in Drivers directory
                                                                          PID:4256
                                                                      • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\Wondershare Filmora 11.exe
                                                                        "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\Wondershare Filmora 11.exe"
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:1776
                                                                        • C:\Windows\explorer.exe
                                                                          "C:\Windows\explorer.exe" C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora 11.exe
                                                                          2⤵
                                                                            PID:4200
                                                                        • C:\Windows\explorer.exe
                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                          1⤵
                                                                            PID:2984
                                                                            • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora 11.exe
                                                                              "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora 11.exe"
                                                                              2⤵
                                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                              • Checks BIOS information in registry
                                                                              • Executes dropped EXE
                                                                              • Checks whether UAC is enabled
                                                                              • Writes to the Master Boot Record (MBR)
                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                              • Checks processor information in registry
                                                                              • Modifies registry class
                                                                              • Suspicious behavior: AddClipboardFormatListener
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                              PID:2308
                                                                              • C:\Windows\System32\Wbem\wmic.exe
                                                                                wmic diskdrive where index=1 get serialnumber
                                                                                3⤵
                                                                                  PID:3676
                                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe
                                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814\resources" 0
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:3372
                                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe
                                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\AlgorithmRunTest.exe" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814" "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814\resources" 1
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:4060
                                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\FilmoraPlayer.exe
                                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\FilmoraPlayer.exe" check
                                                                                  3⤵
                                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                  • Checks BIOS information in registry
                                                                                  • Executes dropped EXE
                                                                                  • Checks whether UAC is enabled
                                                                                  • Enumerates connected drives
                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: AddClipboardFormatListener
                                                                                  PID:3480
                                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\ocl_check.exe
                                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\ocl_check.exe" --blacklist "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\opencl_black_list.xml" --whitelist "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\opencl_white_list.xml" --gpu 0 --result "C:/Users/Admin/Documents\Wondershare/Wondershare Filmora\GPUConfig"\ --recheck 0
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:1660
                                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\ocl_check.exe
                                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\ocl_check.exe" --blacklist "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\opencl_black_list.xml" --whitelist "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\opencl_white_list.xml" --gpu 1 --result "C:/Users/Admin/Documents\Wondershare/Wondershare Filmora\GPUConfig"\ --recheck 0
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:2344
                                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\ocl_check.exe
                                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\ocl_check.exe" --blacklist "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\opencl_black_list.xml" --whitelist "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\opencl_white_list.xml" --gpu 2 --result "C:/Users/Admin/Documents\Wondershare/Wondershare Filmora\GPUConfig"\ --recheck 0
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:764
                                                                                • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\DataReporting.exe
                                                                                  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\DataReporting.exe" WondershareFilmora
                                                                                  3⤵
                                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                  • Checks BIOS information in registry
                                                                                  • Executes dropped EXE
                                                                                  • Checks whether UAC is enabled
                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: AddClipboardFormatListener
                                                                                  PID:1224
                                                                                • C:\Windows\System32\Wbem\wmic.exe
                                                                                  wmic diskdrive where index=1 get serialnumber
                                                                                  3⤵
                                                                                    PID:4660
                                                                                  • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\FilmoraPlayer.exe
                                                                                    "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\FilmoraPlayer.exe" ""
                                                                                    3⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Checks whether UAC is enabled
                                                                                    • Enumerates connected drives
                                                                                    • Writes to the Master Boot Record (MBR)
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • Suspicious behavior: AddClipboardFormatListener
                                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                                    PID:3456
                                                                                  • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\perf_check.exe
                                                                                    "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\perf_check.exe" --hwinfo "C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora/11.7.3.814/hwinfo.json"
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:2156
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c dxdiag.exe /dontskip /whql:off /x C:\Users\Admin\AppData\Local\Temp\_000000D7DEEFFA18_.xml
                                                                                      4⤵
                                                                                        PID:1336
                                                                                        • C:\Windows\system32\dxdiag.exe
                                                                                          dxdiag.exe /dontskip /whql:off /x C:\Users\Admin\AppData\Local\Temp\_000000D7DEEFFA18_.xml
                                                                                          5⤵
                                                                                          • Registers COM server for autorun
                                                                                          • Drops file in System32 directory
                                                                                          • Drops file in Windows directory
                                                                                          • Checks SCSI registry key(s)
                                                                                          • Modifies registry class
                                                                                          PID:516
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c del /f /s /q C:\Users\Admin\AppData\Local\Temp\_000000D7DEEFFA18_.xml
                                                                                        4⤵
                                                                                          PID:5520
                                                                                      • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\cmdCheckATI.exe
                                                                                        "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\cmdCheckATI.exe"
                                                                                        3⤵
                                                                                          PID:5112
                                                                                        • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora Update(x64).exe
                                                                                          "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\\Wondershare Filmora Update(x64).exe" /VERYSILENT /SP- "/DIR=C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora Update/"
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:2264
                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-7LCVT.tmp\Wondershare Filmora Update(x64).tmp
                                                                                            "C:\Users\Admin\AppData\Local\Temp\is-7LCVT.tmp\Wondershare Filmora Update(x64).tmp" /SL5="$4040A,8177289,163840,C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Wondershare Filmora Update(x64).exe" /VERYSILENT /SP- "/DIR=C:/Users/Admin/AppData/Local/Wondershare/Wondershare Filmora Update/"
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:3964
                                                                                            • C:\Users\Admin\AppData\Local\Temp\is-294L7.tmp\_isetup\_setup64.tmp
                                                                                              helper 105 0x3EC
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:3312
                                                                                        • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\coremediaserver.exe
                                                                                          "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\coremediaserver.exe" bd1a36123630429c-aa9b13b43c190a6b 23542 2308 "C:\Users\Admin\AppData\Local\Temp\Wondershare Filmora\MediaInfo\Wondershare Filmora 11.exe.sqldb" "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\proxypath" "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\" "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\" "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\Log"
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Checks processor information in registry
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:1688
                                                                                        • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\cmdCheckHEVC.exe
                                                                                          "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\cmdCheckHEVC.exe" 875967049 320 240 1000 3000
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Checks processor information in registry
                                                                                          PID:3700
                                                                                        • C:\Windows\System32\Wbem\wmic.exe
                                                                                          wmic diskdrive where index=1 get serialnumber
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Checks processor information in registry
                                                                                          PID:5112
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer /select, "C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Output\My Video.mp4"
                                                                                          3⤵
                                                                                            PID:3964
                                                                                          • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\MessageService.exe
                                                                                            "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\MessageService.exe" CMD_NATIVEENGINE_METHORD_CLICK_CADDY -1 "" "{ \"accessToken\": \"\", \"autoLoginToken\": \"\", \"deviveUsedCount\": \"-1\", \"email\": \"\", \"expiresTime\": \"1675450811\", \"firstName\": \"\", \"lastName\": \"\", \"licenseType\": \"0\", \"loginState\": \"0\", \"maxDeviveCount\": \"-1\", \"nAvatar\": \"\", \"nickName\": \"\", \"refreshToken\": \"\", \"uid\": \"\" } "
                                                                                            3⤵
                                                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                            • Checks BIOS information in registry
                                                                                            • Executes dropped EXE
                                                                                            • Checks whether UAC is enabled
                                                                                            • Writes to the Master Boot Record (MBR)
                                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                            • Suspicious behavior: AddClipboardFormatListener
                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                            PID:4060
                                                                                            • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\CefViewWing.exe
                                                                                              "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\CefViewWing.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\locales" --log-file="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\debug.log" --log-severity=verbose --resources-dir-path="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814" --user-agent="CEF3.3538.1852.win64/QCefView 1.0 (Windows; en-us) wondershare_filmora_win" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --locales-dir-path="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\locales" --log-file="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\debug.log" --log-severity=verbose --resources-dir-path="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814" --user-agent="CEF3.3538.1852.win64/QCefView 1.0 (Windows; en-us) wondershare_filmora_win" --lang=en-US --service-request-channel-token=17789937545681945604 --mojo-platform-channel-handle=1740 /prefetch:2
                                                                                              4⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:5528
                                                                                            • C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\CefViewWing.exe
                                                                                              "C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\CefViewWing.exe" --type=renderer --no-sandbox --force-device-scale-factor=1 --service-pipe-token=14698208365706329142 --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\locales" --log-file="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814\debug.log" --log-severity=verbose --resources-dir-path="C:\Users\Admin\AppData\Local\Wondershare\Wondershare Filmora\11.7.3.814" --user-agent="CEF3.3538.1852.win64/QCefView 1.0 (Windows; en-us) wondershare_filmora_win" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14698208365706329142 --renderer-client-id=3 --mojo-platform-channel-handle=2584 /prefetch:1
                                                                                              4⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:3148
                                                                                            • C:\Windows\SYSTEM32\TASKKILL.exe
                                                                                              TASKKILL.exe /F /IM MessageService.exe
                                                                                              4⤵
                                                                                              • Kills process with taskkill
                                                                                              PID:5248
                                                                                      • C:\PROGRA~2\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe
                                                                                        C:\PROGRA~2\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe -Embedding
                                                                                        1⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:360
                                                                                      • C:\Windows\explorer.exe
                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                        1⤵
                                                                                        • Modifies Internet Explorer settings
                                                                                        • Modifies registry class
                                                                                        • Suspicious behavior: AddClipboardFormatListener
                                                                                        PID:5304
                                                                                        • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Output\My Video-highlight.mp4"
                                                                                          2⤵
                                                                                          • Suspicious behavior: AddClipboardFormatListener
                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                          • Suspicious use of SendNotifyMessage
                                                                                          PID:5224
                                                                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
                                                                                        1⤵
                                                                                        • Drops file in Program Files directory
                                                                                        PID:5308
                                                                                        • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5308_129792926\ChromeRecovery.exe
                                                                                          "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5308_129792926\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={396ef623-96ac-41ef-a116-4c91872250e0} --system
                                                                                          2⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:324

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v6

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\_isetup\_setup64.tmp
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        4ff75f505fddcc6a9ae62216446205d9

                                                                                        SHA1

                                                                                        efe32d504ce72f32e92dcf01aa2752b04d81a342

                                                                                        SHA256

                                                                                        a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81

                                                                                        SHA512

                                                                                        ba0469851438212d19906d6da8c4ae95ff1c0711a095d9f21f13530a6b8b21c3acbb0ff55edb8a35b41c1a9a342f5d3421c00ba395bc13bb1ef5902b979ce824

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\_isetup\_setup64.tmp
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        4ff75f505fddcc6a9ae62216446205d9

                                                                                        SHA1

                                                                                        efe32d504ce72f32e92dcf01aa2752b04d81a342

                                                                                        SHA256

                                                                                        a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81

                                                                                        SHA512

                                                                                        ba0469851438212d19906d6da8c4ae95ff1c0711a095d9f21f13530a6b8b21c3acbb0ff55edb8a35b41c1a9a342f5d3421c00ba395bc13bb1ef5902b979ce824

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\is-JE435.tmp\filmora_64bit_full846.tmp
                                                                                        Filesize

                                                                                        1.4MB

                                                                                        MD5

                                                                                        2af0d4e9978fbb968cf508e1c74d7aa4

                                                                                        SHA1

                                                                                        d30c337db80324e82fb9728cd243f8d1617e8fe0

                                                                                        SHA256

                                                                                        48c138ce7c8d80bfaa079c8a387dbd844aebbc0b4be15e3f0ff2bd5dacee85de

                                                                                        SHA512

                                                                                        89d35efdbad77558efd17175621a710470497dbfc124e853e14883ce625b1f8fd7b6cb4d98bc2ee13be875056fc9bd3f76343829db4c53b7ab5dab49dd919861

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\is-JE435.tmp\filmora_64bit_full846.tmp
                                                                                        Filesize

                                                                                        1.4MB

                                                                                        MD5

                                                                                        2af0d4e9978fbb968cf508e1c74d7aa4

                                                                                        SHA1

                                                                                        d30c337db80324e82fb9728cd243f8d1617e8fe0

                                                                                        SHA256

                                                                                        48c138ce7c8d80bfaa079c8a387dbd844aebbc0b4be15e3f0ff2bd5dacee85de

                                                                                        SHA512

                                                                                        89d35efdbad77558efd17175621a710470497dbfc124e853e14883ce625b1f8fd7b6cb4d98bc2ee13be875056fc9bd3f76343829db4c53b7ab5dab49dd919861

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\Readme.txt
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        c9b73ad4887cb9ab23499df67a3be49b

                                                                                        SHA1

                                                                                        8d13d5eb6f48d94ec2fd2385b7cc03715e6d85e4

                                                                                        SHA256

                                                                                        8c1ed89cbffc73ece59ab347cc7c8efad1aa33338fbadccfe25d8900aabb6484

                                                                                        SHA512

                                                                                        384923ee1674950a1d32d998d984fe4d5600d2ae9f8efe4b9522430e70426f27be48f74c864424c5013c52e3bdb23d4f576517af6531ce34814ec6aa0390781e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\filmora_64bit_full846.exe
                                                                                        Filesize

                                                                                        444.6MB

                                                                                        MD5

                                                                                        d0c1fd8374b9241906c3201f91eb7b35

                                                                                        SHA1

                                                                                        53ab7408b83d5163b70c4e792009a7a3b16b5cf1

                                                                                        SHA256

                                                                                        8d0ce60fb79cf6d404332ab17ba16ee54dd0c5c046c8e6b09424eea23223b534

                                                                                        SHA512

                                                                                        8a33d642e2edd3cf562f17429d0ba630e7368e1a2b294bde3a1f9529ecf45b980a5f8455187cfadcc0b3c2647316d18a58c9de1dc7eba422a675cb2e38953fba

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Desktop\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\WS.Filmora.11.7.3.814.w64\filmora_64bit_full846.exe
                                                                                        Filesize

                                                                                        444.6MB

                                                                                        MD5

                                                                                        d0c1fd8374b9241906c3201f91eb7b35

                                                                                        SHA1

                                                                                        53ab7408b83d5163b70c4e792009a7a3b16b5cf1

                                                                                        SHA256

                                                                                        8d0ce60fb79cf6d404332ab17ba16ee54dd0c5c046c8e6b09424eea23223b534

                                                                                        SHA512

                                                                                        8a33d642e2edd3cf562f17429d0ba630e7368e1a2b294bde3a1f9529ecf45b980a5f8455187cfadcc0b3c2647316d18a58c9de1dc7eba422a675cb2e38953fba

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\audio\6_Manos_Mars_-_The_Tunning\Data\Manos Mars - The Tunning.mp3
                                                                                        Filesize

                                                                                        5.1MB

                                                                                        MD5

                                                                                        230d1dcaf630727b6959ed3c7e052162

                                                                                        SHA1

                                                                                        a2e94a13b600563d7c8f67401d2b99c6bda1601f

                                                                                        SHA256

                                                                                        69b9e0e222a073c72a84b139a21ee039af5deb9870175421dd56c4430af0c4a7

                                                                                        SHA512

                                                                                        b1d8efb77aea1f0779a09c85be1dc9f23397caa24d474c97fce46b2ff1aaeaad9024079586eda358ee5977308734b2841d046e9c7cd779fe5941304e504bb038

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\audio\6_Manos_Mars_-_The_Tunning\Manos Mars - The Tunning.jpg
                                                                                        Filesize

                                                                                        43KB

                                                                                        MD5

                                                                                        18a745db233bd85792f1a19a5036ee46

                                                                                        SHA1

                                                                                        e0be9174c3905e54e42fc2a2e253add05e144e5d

                                                                                        SHA256

                                                                                        5c36703eeb195224fd1185b5cc1b1bec94694624c3793bfc8624a6a6a89f9f13

                                                                                        SHA512

                                                                                        d2a69c7235caf43204d9b146a2a6312e0228ff75fcf091ddd71df5e9a9cdb5b9829ec9b47572b070d93081abf11121589710c010ca6228b2b3410050db9b753b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\audio\6_Manos_Mars_-_The_Tunning\resinfo.json
                                                                                        Filesize

                                                                                        1017B

                                                                                        MD5

                                                                                        a071b748e0d54b1f85868b4447ffbb8d

                                                                                        SHA1

                                                                                        46e3433968fe27ff4e179842f15a1424d45f938f

                                                                                        SHA256

                                                                                        a7ca782def0a8456271735093bf770974ee6dbe6c50ae0a9c45d44d5cd2216ca

                                                                                        SHA512

                                                                                        35d85a42057b5b287c5b017c63c077ecc8901035c7afc1732c5be3b10bbd21516b491d5e90f7125535bdaad071fc80598652db9a11563c89af6ef8e0e324fa96

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\audio\6_Manos_Mars_-_The_Tunning\thumbnail.png
                                                                                        Filesize

                                                                                        43KB

                                                                                        MD5

                                                                                        18a745db233bd85792f1a19a5036ee46

                                                                                        SHA1

                                                                                        e0be9174c3905e54e42fc2a2e253add05e144e5d

                                                                                        SHA256

                                                                                        5c36703eeb195224fd1185b5cc1b1bec94694624c3793bfc8624a6a6a89f9f13

                                                                                        SHA512

                                                                                        d2a69c7235caf43204d9b146a2a6312e0228ff75fcf091ddd71df5e9a9cdb5b9829ec9b47572b070d93081abf11121589710c010ca6228b2b3410050db9b753b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Blur\Data\Blur.conf
                                                                                        Filesize

                                                                                        580B

                                                                                        MD5

                                                                                        2cba176f7e6da606d24280bcb4f21800

                                                                                        SHA1

                                                                                        22682801b63821d984bcef0ddbc8041c1106008e

                                                                                        SHA256

                                                                                        54f56b411a846c05988fb205893dd2b9a7c9611ef4996f5d0a85c3acc3b97b41

                                                                                        SHA512

                                                                                        2807feec2188de0508cfe48c542993f4f321b8500c1a7156a2ecc2533ad2194188665f9b257206f608b04611ed9185107f3e22ad2d7514a86a51c6d692daba7b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Blur\Data\data.xml
                                                                                        Filesize

                                                                                        890B

                                                                                        MD5

                                                                                        7fc70db5c481bed7f8d31bbc706ed680

                                                                                        SHA1

                                                                                        802a368654e54aaf866a20596afec96115d89475

                                                                                        SHA256

                                                                                        fe4d6be90fcfc68d9938a8600eead89cc9d4718959804cdf31cc9ad3e6e66352

                                                                                        SHA512

                                                                                        f75280c5bd5710b47fa8b8968538c694d2729b3b2aaa85de31bcd3c556a27ec4c5e3b0944b87c71ddd773f8b23bb4bd52a2ec411dedd0aaa64ef08447e429e90

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Blur\Data\filter.xml
                                                                                        Filesize

                                                                                        247B

                                                                                        MD5

                                                                                        05d76d67a79e794a44e2112e200fcff0

                                                                                        SHA1

                                                                                        d2337f191ab40dbd8d0d833e2e77d5555b2f5950

                                                                                        SHA256

                                                                                        2a8f8c8f2ef31c33bb27b709ad8e7d27eb5d197bb291b99ea43852399d2c93e3

                                                                                        SHA512

                                                                                        587887fb407a4e3b2b5cd1fc4745ea0f530f5997a200097dabf5dd876dd17d132e570b10f4941a8279c652a385810d86c096021c2ee09249f5ad269c88314431

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Blur\Giddiness.jpg
                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        0a07da55f97eb90c485b20362c092eb5

                                                                                        SHA1

                                                                                        8689ce0f4374f4263754b2f59fe5b21f2b47fb43

                                                                                        SHA256

                                                                                        38eb2e95a3647178e69a2f3fd0d267fadee1048902a6896db66128476e6b9cb9

                                                                                        SHA512

                                                                                        faa7618078a198ef8b81de545952383a4ae6bebe21304b3b768accea3f0249586ae2b18626bb07bdfa21413f19f06d9e85d46536e4ac3bd0ddef7125ea04c83d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Blur\resinfo.json
                                                                                        Filesize

                                                                                        806B

                                                                                        MD5

                                                                                        44d8b16d87a46b429c2fdd8862c2d33e

                                                                                        SHA1

                                                                                        b5f73423ec32ed9d88d975d5a1a720bfb41da483

                                                                                        SHA256

                                                                                        fbfdf49a2c3d23d6a607b4fc067c6a655e97a2ab77ec4140352e1d459749a44b

                                                                                        SHA512

                                                                                        a7e02ba36626602088d79bf45fc51ff407feb418f9a6cbbcff57d283ba6f8df591b187a9846f2698bf8506b5aab663b9e3c9d380b30bd2b3e8b04d52150f924c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Blur\thumbnail.png
                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        0a07da55f97eb90c485b20362c092eb5

                                                                                        SHA1

                                                                                        8689ce0f4374f4263754b2f59fe5b21f2b47fb43

                                                                                        SHA256

                                                                                        38eb2e95a3647178e69a2f3fd0d267fadee1048902a6896db66128476e6b9cb9

                                                                                        SHA512

                                                                                        faa7618078a198ef8b81de545952383a4ae6bebe21304b3b768accea3f0249586ae2b18626bb07bdfa21413f19f06d9e85d46536e4ac3bd0ddef7125ea04c83d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\Data\Canvas.cl
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        b96393ff4273330ba4934148f3c6cf33

                                                                                        SHA1

                                                                                        d29b4bf12cabfffd4bb40542626ee0031972ba1d

                                                                                        SHA256

                                                                                        3fd5b0ca591f07f0db067e92b520bc8025c99e0f14d743648cdfbab90fd11c0d

                                                                                        SHA512

                                                                                        9fc90d011df78911a72801221225df84d85295a9b4b24706df681553f6acfb42716ddf1bd5cb2e74b8331f5461030a54f4ed901a95aa1f1109bc553a0f4ea3ce

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\Data\Canvas.conf
                                                                                        Filesize

                                                                                        312B

                                                                                        MD5

                                                                                        3709157c6cc272fe7c75d6119f59bbbc

                                                                                        SHA1

                                                                                        d5fd54977cf30fcaa0810a56a7dcda964d35558e

                                                                                        SHA256

                                                                                        94567b68e6a97bc104afb8429e72d3e963688bb70375f927cfd6b2fb833c6095

                                                                                        SHA512

                                                                                        5df95e4e0e23b0159981d071263d5bd3891aaf47464a9aeea89a10bcf898ba36edfda27a551e57775e26c31ec55e4af4a765c2e4a07353338de9d029bef11d2e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\Data\Canvas.frag
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        44cbb017a22c59291327187083eb953e

                                                                                        SHA1

                                                                                        a7fc71b9b0e0b3abbef18f2b129076a612b2aff1

                                                                                        SHA256

                                                                                        2c84ec5d86cdb681e62f3ed5478a2afb2c32d793e7448ef2c31770c248ba34c9

                                                                                        SHA512

                                                                                        5b119f3c2afac4258a03b6e3f524cb93c1862577c56d7deaec6792a9b71bd6df8955621715547e6d77a977e98442f6b111502f85ddc059dfd3623c0960faf575

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\Data\data.xml
                                                                                        Filesize

                                                                                        881B

                                                                                        MD5

                                                                                        c787222397eb2d14a6071eee02bbd0a3

                                                                                        SHA1

                                                                                        ec1ec8bb0acb1748530c7934bb23cfc0f9400628

                                                                                        SHA256

                                                                                        89e1f9f1760f65a3ced17a88d54f7193de94272d503c1964687ad27c0f0a3fcb

                                                                                        SHA512

                                                                                        31bdfd64b594b52c120a1407811d7d635a10d75f0ae53bf4bd32caac57c3e99575f3b8405bd4da416d8339ee35aec934e4b3f4d3e2f562f7736c02e10bcc7103

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\Data\filter.xml
                                                                                        Filesize

                                                                                        251B

                                                                                        MD5

                                                                                        52d1f7b3af9de519f666e932df3f08ad

                                                                                        SHA1

                                                                                        db769adfb974e8807de745e04180948c6a44ee87

                                                                                        SHA256

                                                                                        ac8e595eab14933d54dac071a67e27ce7791ae0af1db4d64361a330fe841e5e3

                                                                                        SHA512

                                                                                        afd16c623df65c974645c2c6bd20244665a1c9b93221028ffb1083e92859397b573d3d96ebdd2800254e337aa70061ebfd67805bca143d370ad9d27c0c1af37d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\Data\sketch.png
                                                                                        Filesize

                                                                                        406KB

                                                                                        MD5

                                                                                        6a12135e615e8bc6a709a1c75b14915a

                                                                                        SHA1

                                                                                        28afaa531d56f0687a6aec34c7d63ba779e1630d

                                                                                        SHA256

                                                                                        07d7a66090ccfceaa73ee3eee3d45235ed0610d503f85333d1a88ca8e38ffdf1

                                                                                        SHA512

                                                                                        e7b558d545038ee8bac621cd90352d2ce4f2608317715e6597c0c8817321c384e8b525dc81ba9e593d3afd18b7fdf5f880f1974a0ca3f85022d2a32dc187d5ab

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\detail.json
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        d6829b8d6ae1096c49b9671efd42a066

                                                                                        SHA1

                                                                                        5d629e7ce81f1176fffb0a51992f96920bc701ee

                                                                                        SHA256

                                                                                        5e75b0ba1b6d79d48b0bceaf9504f4f166f14c2ffda0beaa18a31e332c484ab1

                                                                                        SHA512

                                                                                        cb12875b2bbb70cf9e43f1374c9f2228789aad29901584ba1c5a09bf41db493075510412d57bb952563d416a090f94d6f44b773749f472ae0c6719b7b6f1bb5a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\resinfo.json
                                                                                        Filesize

                                                                                        851B

                                                                                        MD5

                                                                                        9860cbd54f5e5ba3786029297a13130c

                                                                                        SHA1

                                                                                        030258fe0328c002d5c0927b4e0e793c02f533e4

                                                                                        SHA256

                                                                                        5a10cc775c2cd405c4b91ff6b175e3d09e8ff16873be7e5691fd911e12a84189

                                                                                        SHA512

                                                                                        fe1949b3672017154e2f2cd097d10d4646af6a6b257033b7bee38742f44092c9b1c6319eda9dc998aa85b3b6dabb5d30001e1d242719820d48a95fb1f24814d6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Canvas\thumbnail.png
                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        861750c7bce751a1facce5f95496e4ad

                                                                                        SHA1

                                                                                        91ad4f3bc6b2c34104288741d7c3d38ba60c0c8b

                                                                                        SHA256

                                                                                        fcdf318c236ccbbc316de791d42cb45f7513b81ea3d4d67543d23a4f53714cf8

                                                                                        SHA512

                                                                                        5ad43efbd0e1f528b1a609c477582148de3a77299bbef5c950e96e1db8a6d03a8c4d44c484661bb76c300b14cc2067d88d85746591dc86cc14ba75dc73056add

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\Data\Chromatic Aberration.cl
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        efdc96441b214f968c76692ce5cdc4cf

                                                                                        SHA1

                                                                                        1b4950edcb73e038c6636bfe744c6b12cb8d15cd

                                                                                        SHA256

                                                                                        dee4d16cfa62da12f591996626f7a2290b0116c51a5bc188b957d384453b440c

                                                                                        SHA512

                                                                                        bbf5b6249160e59ce9f196cf212e15df835da63f59f10e27121d5cd5dc987d7b0a9bceffc19b13c4167de7eba23461b95c9a45da31ebf8b6547d969f213fb8fe

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\Data\Chromatic Aberration.conf
                                                                                        Filesize

                                                                                        373B

                                                                                        MD5

                                                                                        fa4fd0cb17fcd44d173a637dfbe86a39

                                                                                        SHA1

                                                                                        afa7151bcc93bc16f4c11b9933f992b28811dd78

                                                                                        SHA256

                                                                                        13ead3bc5bd9bf867e6a8a887faaf71a000c2ddfe224478485fbc1bf24b59539

                                                                                        SHA512

                                                                                        74af52cad8c563dd35826f0ec35b4f3ffd02d105eb4e1f340a97541c62f70bd23008abf2edf96245c895ac44a36088005d44788ee390bb35e8820b9c6e582292

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\Data\Chromatic Aberration.frag
                                                                                        Filesize

                                                                                        813B

                                                                                        MD5

                                                                                        3cd820caec58eac715848422f37a3d68

                                                                                        SHA1

                                                                                        5d63ef1f7a284c028c54321e0d37aa6e670f661b

                                                                                        SHA256

                                                                                        b0946f203d53cb0cc7cf69971d287f753a2573e7458aabc7b235abdb69a4a019

                                                                                        SHA512

                                                                                        9de2f48aca685c045a394c0abb26b2a851b86eb9269cb8573fc0478dccaacf87478e349fe8a54adeb9558c18db4eda75420905d4a7028ef3d641cc25e4deb3db

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\Data\data.xml
                                                                                        Filesize

                                                                                        881B

                                                                                        MD5

                                                                                        c787222397eb2d14a6071eee02bbd0a3

                                                                                        SHA1

                                                                                        ec1ec8bb0acb1748530c7934bb23cfc0f9400628

                                                                                        SHA256

                                                                                        89e1f9f1760f65a3ced17a88d54f7193de94272d503c1964687ad27c0f0a3fcb

                                                                                        SHA512

                                                                                        31bdfd64b594b52c120a1407811d7d635a10d75f0ae53bf4bd32caac57c3e99575f3b8405bd4da416d8339ee35aec934e4b3f4d3e2f562f7736c02e10bcc7103

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\Data\filter.xml
                                                                                        Filesize

                                                                                        284B

                                                                                        MD5

                                                                                        6e617237af4130ccea2db527c1ed9d68

                                                                                        SHA1

                                                                                        9f6fec29b675d43f46d77026191de7d6a234e28f

                                                                                        SHA256

                                                                                        b747530e7368e030a10ffd1881b97eff9016024db8e3b6c8cc30882437c083b2

                                                                                        SHA512

                                                                                        3512250d6303673a65ccfe0d90d99fa9392dee765d9a1e85ef4d82b0795a824a21bb424ed6e08bbbc6c61e92c8b767ad179f2ee8b9bf6f00341cc972295b7572

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\detail.json
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        87bcd107365aafe24d87a87804d70a40

                                                                                        SHA1

                                                                                        25c2e87c40f8076cfadef98f29a42986b8b97e21

                                                                                        SHA256

                                                                                        af2067abff4961face1c668b8a3c659400b9b205e38486ecf72dc2d2e09063ce

                                                                                        SHA512

                                                                                        3fe1b2324dfd8965a36c6128bb281773ae95340a434604477caf45b8bf82d18466308e6cd9cf403543f28506807a99ffd336861104afd37817bac1c72d78f3f6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\resinfo.json
                                                                                        Filesize

                                                                                        1004B

                                                                                        MD5

                                                                                        ace93952cbc6fce4afdddd9b4aa7d79c

                                                                                        SHA1

                                                                                        2b9b1759f599543d592808a04174b05a28e3d73a

                                                                                        SHA256

                                                                                        cd34c4b1b9c06f606a6868fdc44876b85a3c1969e0a95aef9d17aef7ea649f2a

                                                                                        SHA512

                                                                                        e1d4f56ccc521928171e023cd6730a903d28e1c1ae236ac2cde46053cd018c36c480815843a876a9e8f9ad532a2e1015a27925b58788b1682cbb7e7946af9c9b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Chromatic_Aberration\thumbnail.png
                                                                                        Filesize

                                                                                        17KB

                                                                                        MD5

                                                                                        e3d183803380efa74659828b75686d3f

                                                                                        SHA1

                                                                                        a838d896a9a571bfc9b11d19eb0474f369f4f769

                                                                                        SHA256

                                                                                        260e5a2eeb77859882e9bc93c4c20e65dc34feca055597c4d45d4bd56a94070e

                                                                                        SHA512

                                                                                        747639bd6cffe2d5199f45f1630a5605d1d9821733dfd6ed2bba0e7764f4d1443724d68b5c426149c1c31361481064ba5343bf7d473c8b9042b19e70ea3eaa22

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Cool_Film\Data\Cool Film.CUBE
                                                                                        Filesize

                                                                                        896KB

                                                                                        MD5

                                                                                        d012b05a24f80a19d278636e97fee454

                                                                                        SHA1

                                                                                        9faa9a1695c1b69578c1c7ebdce8745276763f73

                                                                                        SHA256

                                                                                        da828049365592b2c45b048094e989f9b9b14990633259e7ab6aa648dc12131e

                                                                                        SHA512

                                                                                        00d0bcb917039a7d5e39dd21fc9b851c58b2dd367721b7ea996cd5839a2117f3a7e6b4b2d0c0043a0dd49e34dac98d6c153634967dfc4abaede7625f88da3150

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Cool_Film\Data\data.xml
                                                                                        Filesize

                                                                                        881B

                                                                                        MD5

                                                                                        c787222397eb2d14a6071eee02bbd0a3

                                                                                        SHA1

                                                                                        ec1ec8bb0acb1748530c7934bb23cfc0f9400628

                                                                                        SHA256

                                                                                        89e1f9f1760f65a3ced17a88d54f7193de94272d503c1964687ad27c0f0a3fcb

                                                                                        SHA512

                                                                                        31bdfd64b594b52c120a1407811d7d635a10d75f0ae53bf4bd32caac57c3e99575f3b8405bd4da416d8339ee35aec934e4b3f4d3e2f562f7736c02e10bcc7103

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Cool_Film\Data\filter.xml
                                                                                        Filesize

                                                                                        240B

                                                                                        MD5

                                                                                        564c47e034810b2905d3c68a9ed36af9

                                                                                        SHA1

                                                                                        ca5ce4cc54ebcc24f19cd59e7d3c85d48c9faf0d

                                                                                        SHA256

                                                                                        69a0ebb6d127be5de9a8f745d0b72bd79395e83a0e2ecf57270a61cf53dab998

                                                                                        SHA512

                                                                                        08c545f1b022eda5f50c677a7cbdc98b02c658ecae8aa2f15cc455de86eeafe9e126976987c838a0287b1dc65ee44ce22a54455a5710f823049380f4f9b8a09f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Cool_Film\detail.json
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        23f30bb8847f37cb2332244b07222ec7

                                                                                        SHA1

                                                                                        d8f0b4b2d23ab8f49d12380a1ecbee59ede05205

                                                                                        SHA256

                                                                                        4fc7b3a16758e14473beb6f2a00d17babd45d473f05e922784314ea6eec4d6c6

                                                                                        SHA512

                                                                                        9d2aeb22afd7bb15195f36b64d8ac1e7909b827ad534bf834c21e2bb12cfb081c6e96bd6beb932e18d3f9261efd96a51d6e11fe2f60a68d583619f53442d5fed

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Cool_Film\resinfo.json
                                                                                        Filesize

                                                                                        925B

                                                                                        MD5

                                                                                        ca4257fe37e7f38fcf265c2f099cb496

                                                                                        SHA1

                                                                                        8df5f77fc8fea1e94f76a29c3ca2639575ba0c0b

                                                                                        SHA256

                                                                                        03f4fb5db998dd397e6505e59b858b085a874ec9babdd61a44e76017809ee1b5

                                                                                        SHA512

                                                                                        7be17d942f1075ffa3f780b2d256eef4684dbdf6823158b04605e9b3d8191475914b1e9c08acda7fb676e9c0b17ea77bfc5fba80ec96fa7531b85ffe64d232ff

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Cool_Film\thumbnail.png
                                                                                        Filesize

                                                                                        14KB

                                                                                        MD5

                                                                                        fcdc0a162c89241e1862ecb50a2f8b59

                                                                                        SHA1

                                                                                        3c28fa259010d10f09d8583895320e79eb52fcde

                                                                                        SHA256

                                                                                        abca20fa9763524b84d62f065b49fb170a8dd5d34cd25d049a6d34ef3956cee4

                                                                                        SHA512

                                                                                        6b957189a0c7a247a064ba28e8d8c3c79de6acf9fc7f6b35ea7185c2ca9fd183f01949a468a3e72136e85bc64ba65a21f05ca4dc93f2c10353ec06af5bd114ca

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Four_Seasons\Data\FourSeason.conf
                                                                                        Filesize

                                                                                        233B

                                                                                        MD5

                                                                                        079b01f20da6542f247e120f153e0e4d

                                                                                        SHA1

                                                                                        5ca043e39701d8bef7204360a4169b8a0d0cf356

                                                                                        SHA256

                                                                                        37b297099235ebd38377b0cd2df8479ba9a35c7931fdda5f216565d3f65e424a

                                                                                        SHA512

                                                                                        9a0083f6d348c54d606c70e16605b02939d7f716962c395ef1097e5316e273be97ac229f296e52e2c6491a4e2eafe7353e249ee7db0d44a98cae528ee76c1cf0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Four_Seasons\Data\data.xml
                                                                                        Filesize

                                                                                        881B

                                                                                        MD5

                                                                                        c787222397eb2d14a6071eee02bbd0a3

                                                                                        SHA1

                                                                                        ec1ec8bb0acb1748530c7934bb23cfc0f9400628

                                                                                        SHA256

                                                                                        89e1f9f1760f65a3ced17a88d54f7193de94272d503c1964687ad27c0f0a3fcb

                                                                                        SHA512

                                                                                        31bdfd64b594b52c120a1407811d7d635a10d75f0ae53bf4bd32caac57c3e99575f3b8405bd4da416d8339ee35aec934e4b3f4d3e2f562f7736c02e10bcc7103

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Four_Seasons\Data\filter.xml
                                                                                        Filesize

                                                                                        304B

                                                                                        MD5

                                                                                        6ac43c627cc68ebb418bc474d0471c1c

                                                                                        SHA1

                                                                                        192afb065dd08e1ca86c3ad0d601b7e29fa7642b

                                                                                        SHA256

                                                                                        671af274f4c1fdb2f2a7bc13f062b6035e7afb85ee2695885fac9699698f9ee9

                                                                                        SHA512

                                                                                        e2de5f24cd94f36db3ac01ad441e0270cfd8aae0144ca1b2a8f54271da9f1f4dbe9d2bcd2889dd6cbd636ca83f74f38303d849b666e090cfdf345f818001cf8a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Four_Seasons\Data\filter9.cl
                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        4c36077497e9a322951a553a8f80e56a

                                                                                        SHA1

                                                                                        72308486db335145cc74539d88838aa69a602929

                                                                                        SHA256

                                                                                        8bfbb01c879b306a00f9bebd89d574a8f4aee9064889460dd62051472914c3b9

                                                                                        SHA512

                                                                                        8daf800739a4d6d895faa45974f8061efc94f9e52d71b6fc4b8bac4a13995f4f9d55d08c29d2ae7045b66ed81a16e83b607c18414dd16480de4cbf76df4094b1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Four_Seasons\detail.json
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        ba4447512a9009c71001bff140540ccd

                                                                                        SHA1

                                                                                        f1c1d4c9a27da0d362b2bb01d078084a24a9c542

                                                                                        SHA256

                                                                                        d916250fc6e6fb6e6c62395271cea6a84f64a73ee75b00f13829e62e49470033

                                                                                        SHA512

                                                                                        0f7062d5d4604544e843a63d050106279b2703d9e86f592636ba1e2b765710f1b5c22215f28a4bc952ed4170307a59df0f8111f387e15c1d33ea8d61678427ca

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Four_Seasons\resinfo.json
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        dbc3c41dc00522b086aa84f9fbabd21a

                                                                                        SHA1

                                                                                        0a3fa161d32f3609546106fba40d269010f49463

                                                                                        SHA256

                                                                                        67311e4d6ec893926fed5a57c07fe918a13afa367110b3f5402d416d7583c857

                                                                                        SHA512

                                                                                        325c7a4e7752cb787c31e0aff2ed2e55a76520fe27a65bc9a97bcb123da9bdc83da5ccf818df9c8ee97f80257de66b242de6ef642e2d35533ac62a2cd54bde70

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Four_Seasons\thumbnail.png
                                                                                        Filesize

                                                                                        14KB

                                                                                        MD5

                                                                                        1c5950db5a26bf12dbd78f651d6475a1

                                                                                        SHA1

                                                                                        7cd542a215e97b82a4d6fc7175d73b84fdddcace

                                                                                        SHA256

                                                                                        0609a02ea287b37fad05e7855ddada680a84892892e486f0fd21c724206ec4c6

                                                                                        SHA512

                                                                                        c2dedf0fb8049880fbcfd3e4455ca93d6d1abe6e3767ee8606f119b7193ce19ec212e3122dd423e8b5a2199103a00e9a51d9b63cd958044547722c541b5fd92c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Glow\Data\Glow.conf
                                                                                        Filesize

                                                                                        322B

                                                                                        MD5

                                                                                        d17d1c48dd220ab32322c847f2397476

                                                                                        SHA1

                                                                                        b522d8faf77216e24dad109858c1c6b6c94938b6

                                                                                        SHA256

                                                                                        9424866d4dc3f01c70ec17b9a4fd4d715b3a81efc520ac72e8647d00deee4b72

                                                                                        SHA512

                                                                                        7820d94b5b467b6b342fb4c91c406022da7674a1c1c34e8deaa016afeac5f10cd1d98403cc226c7fadb516cc5024fb677023271cf0a5ca3524b981c0c8e11deb

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Glow\Data\data.xml
                                                                                        Filesize

                                                                                        881B

                                                                                        MD5

                                                                                        c787222397eb2d14a6071eee02bbd0a3

                                                                                        SHA1

                                                                                        ec1ec8bb0acb1748530c7934bb23cfc0f9400628

                                                                                        SHA256

                                                                                        89e1f9f1760f65a3ced17a88d54f7193de94272d503c1964687ad27c0f0a3fcb

                                                                                        SHA512

                                                                                        31bdfd64b594b52c120a1407811d7d635a10d75f0ae53bf4bd32caac57c3e99575f3b8405bd4da416d8339ee35aec934e4b3f4d3e2f562f7736c02e10bcc7103

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Glow\Data\filter.xml
                                                                                        Filesize

                                                                                        292B

                                                                                        MD5

                                                                                        22d22505d4e1a1db93be517d177c28c2

                                                                                        SHA1

                                                                                        c149488a1527ea9f4a25e4321bc35bd21cd04802

                                                                                        SHA256

                                                                                        c04bda43a6a4c2e16c728b5d5ea0a0614e87aaadb1607bb5b04f1256dea9116e

                                                                                        SHA512

                                                                                        952246c9888b476f5da8385dd111c17a3677d78b67b96de1dcee363d0c2194c02accdb155ec3324815d46a869fc3f99feecb053351559e2362bee32ae5970341

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Glow\Data\filter5.cl
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        2112f46fe7daeabf04a0f969c13d50db

                                                                                        SHA1

                                                                                        859e7d7db8f3afa2f5240fc054ccba846bab5d40

                                                                                        SHA256

                                                                                        1edd1ae3375a54ba2356e99f8a2acd0dcb3fb702f54a62df20dce5376fdc376b

                                                                                        SHA512

                                                                                        4f99fe892a43da5214c2a03231299d806f97e5b0eda941bb20f214f84531cdaf7147f38a26bb2295eb1d4afa147d5b8eb1bb66e4f4973ef3ceb804327dba84d8

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Glow\Glow.jpg
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        8ff150746d88b967005b07ac0203e22a

                                                                                        SHA1

                                                                                        02e64ee36c1b0c83a08a3b4fb66dd1b209a2a184

                                                                                        SHA256

                                                                                        30470c0c64c55ad036137747f7425acd78f6afe06ff2361b97a88f0a221959b2

                                                                                        SHA512

                                                                                        d45e5025c734f0243e16014fb7ab9213f1570c0b75cacadb929f74ee0b9b6fe09e7308699f8896b4bf5844e5f694de0c70b08810f1ac7738e77faeaa59b36aa7

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Glow\resinfo.json
                                                                                        Filesize

                                                                                        811B

                                                                                        MD5

                                                                                        ab5aa38d243315acc65fef52a0a1a0fb

                                                                                        SHA1

                                                                                        853816b305720855f4ef93ecfc21a197f6bc373a

                                                                                        SHA256

                                                                                        e981f4c1ac881023d92d837f55b48f0635f05be5481c5648d0513153090d6969

                                                                                        SHA512

                                                                                        106ef03f48a3657a76246a4533fbdbda855d83eb8cb99e4a642dca448dfd47fa7dcbb0dbb9eb74b7f065e7081ac5ec6e1dfd0034e57d9afd841395d5a93278fa

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Glow\thumbnail.png
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        8ff150746d88b967005b07ac0203e22a

                                                                                        SHA1

                                                                                        02e64ee36c1b0c83a08a3b4fb66dd1b209a2a184

                                                                                        SHA256

                                                                                        30470c0c64c55ad036137747f7425acd78f6afe06ff2361b97a88f0a221959b2

                                                                                        SHA512

                                                                                        d45e5025c734f0243e16014fb7ab9213f1570c0b75cacadb929f74ee0b9b6fe09e7308699f8896b4bf5844e5f694de0c70b08810f1ac7738e77faeaa59b36aa7

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Mosaic_f3\Data\data.xml
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        8579c3a1f8e499cce250d47eff003f47

                                                                                        SHA1

                                                                                        866207cfbaa6a1b36f03f3e141193fe74386fefe

                                                                                        SHA256

                                                                                        141c7bdaa59d9e44591cb43041ff35db973dca777a6c02f38e846e6859b69f4f

                                                                                        SHA512

                                                                                        14d202755cbf4a14b4fb3aa32b49f1d8c59d3019c4492220c1c74a05e730d4a93e92fb3cf1f4a3c815eaa0e53a30c55e6eba9b9b9c8fbfeeef1812564c6380e3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Mosaic_f3\Data\roiBlur.cl
                                                                                        Filesize

                                                                                        14KB

                                                                                        MD5

                                                                                        31a122398cb794cb74c6cfbfef845ee6

                                                                                        SHA1

                                                                                        60e97eff3ffdd80568be4cb04c03b53fd01b3e4f

                                                                                        SHA256

                                                                                        c0fedb247c3d805daea25966a43a9f01bb7d91704eb751c7fb0c137218f9767c

                                                                                        SHA512

                                                                                        6d707bc064385d86f0151abbf5f632447cef30fd5f321753d2412022ee05d27992eac92fe4db9898fb6e76eb7a43c01ff4c0c8ac501de0c3aa3a25966f65c03e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Mosaic_f3\detail.json
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        44c20ef83f7e4e32610f95f9e3103836

                                                                                        SHA1

                                                                                        d544c5e1e012602fa552f8c2d1812ca21edee631

                                                                                        SHA256

                                                                                        40fb74afc9120580c881b9ee04d4bf8bd90722d2fd70957d231f79dc23addc20

                                                                                        SHA512

                                                                                        98dcd9a8a0eac863994a654500a1de61a4b440fdabddacb207b1ad07010a8bb7b57ed324cca18146b245c62f6c4015fb3c8bcb564505d0b45c7f724e73bef599

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Mosaic_f3\resinfo.json
                                                                                        Filesize

                                                                                        909B

                                                                                        MD5

                                                                                        e4a4b02d84583c8e515b70b405915e1c

                                                                                        SHA1

                                                                                        416d1d7a1894736ba762065f764b60b88369d6c7

                                                                                        SHA256

                                                                                        c8fad0da8a3ddac99844803a98d0d4c48025d8691cb850e9652865db7cf59aae

                                                                                        SHA512

                                                                                        6412983eb9ceb75663a3934550841abf5cbe1af9edac5878a5bbcdfa227b56416bf0bdb6e691360b707e58994cec10359a947f6cdd0b95938e29b90180282965

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Documents\Wondershare\Wondershare Filmora\Download\Filmora\filter\3_Mosaic_f3\thumbnail.png
                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        f9561be0cd045aff686a30dae71769d5

                                                                                        SHA1

                                                                                        2bd9248b73daad3750053493ff6597c695e379bf

                                                                                        SHA256

                                                                                        169c59fb50533275b0d577d1314bd56f3858fe1a00d2b2608fea294afa440eee

                                                                                        SHA512

                                                                                        439565d661540b1a555fc6e2e0375f8f0b10fcfa8843a82c7067aa79afa3962d81bc4f0933d9917d937a6b48cf9102aed779252e01122d80a4ef4a6c75f75f9b

                                                                                        Download Submit

                                                                                      • C:\Users\Public\Documents\B30281EA-BA02-4586-86F8-C9BE813884C1.txt
                                                                                        Filesize

                                                                                        29B

                                                                                        MD5

                                                                                        feab0c4fdc4baf0deb7fd33695adcbed

                                                                                        SHA1

                                                                                        22f35b32c7749e14861168bfe5530e5078bbe6be

                                                                                        SHA256

                                                                                        7359b0465d62ec27a67d51fe527f9bf1adf5615a216a75b4f972b4253ba82f37

                                                                                        SHA512

                                                                                        75b4064a9c17f12757ac01efa9d9933cf046ca257bd3d37a76862276ea8544d2113a68310ef9a1dcf0d113de1c1ab82de8022ea4ef7dd6ffd634b92a7be33568

                                                                                        Download Submit

                                                                                      • \Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\WSUtilities_Setup.dll
                                                                                        Filesize

                                                                                        202KB

                                                                                        MD5

                                                                                        665603698f4a865a873082309712aae2

                                                                                        SHA1

                                                                                        b3f2c3d1d679181d9c080419b1dfe0563c518c67

                                                                                        SHA256

                                                                                        b42085777505d324d56122f2bd6195ec3a6ce47030a31f9ce6b853c5fa8cd5a8

                                                                                        SHA512

                                                                                        0444b1b63980f9b762e6e01b7cdc4efc2fd6f713887c07d8cf8b20ab2582f611e1c8434f8b59b8ee4fb6dba497c2c1f80fc6e758dc02c07d2964dd6e1f0b6ace

                                                                                        Download Submit

                                                                                      • \Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\WS_Log_Setup.dll
                                                                                        Filesize

                                                                                        104KB

                                                                                        MD5

                                                                                        943e0025c5b5c4e0cddb7a9cc7b7d123

                                                                                        SHA1

                                                                                        5dd92f9fa572eac7ebc467d8835c64af77dd37a2

                                                                                        SHA256

                                                                                        43391e665a63b5e9e1288a3c608691f73ece57478e0655363918e8195d85cf81

                                                                                        SHA512

                                                                                        cb42c329e0d5f01a224e4e5b89b4ccc54fefc658d37caea40198f4483e5387f08cbdd0e85af7b0618e6ec72c5e5874098c5946bf749c218978003ad99c5fa852

                                                                                        Download Submit

                                                                                      • \Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\innocallback.dll
                                                                                        Filesize

                                                                                        63KB

                                                                                        MD5

                                                                                        1c55ae5ef9980e3b1028447da6105c75

                                                                                        SHA1

                                                                                        f85218e10e6aa23b2f5a3ed512895b437e41b45c

                                                                                        SHA256

                                                                                        6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

                                                                                        SHA512

                                                                                        1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

                                                                                        Download Submit

                                                                                      • \Users\Admin\AppData\Local\Temp\is-6T4O1.tmp\innocallback.dll
                                                                                        Filesize

                                                                                        63KB

                                                                                        MD5

                                                                                        1c55ae5ef9980e3b1028447da6105c75

                                                                                        SHA1

                                                                                        f85218e10e6aa23b2f5a3ed512895b437e41b45c

                                                                                        SHA256

                                                                                        6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

                                                                                        SHA512

                                                                                        1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

                                                                                        Download Submit

                                                                                      • memory/164-182-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-178-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-186-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-189-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-190-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-185-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-187-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-188-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-184-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-183-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-181-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-165-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-166-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-168-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-180-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-179-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-169-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-167-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-177-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-175-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-176-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-170-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-174-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-173-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/164-171-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/376-703-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/376-727-0x000002A01CEF0000-0x000002A01E5D0000-memory.dmp

                                                                                        Filesize

                                                                                        22.9MB

                                                                                        Download

                                                                                      • memory/376-741-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/376-748-0x000002A01CEF0000-0x000002A01E5D0000-memory.dmp

                                                                                        Filesize

                                                                                        22.9MB

                                                                                        Download

                                                                                      • memory/1224-1113-0x0000021BE75D0000-0x0000021BE75E0000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/1224-1103-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/1224-1023-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/1224-1251-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/1224-1174-0x00007FF9C8D40000-0x00007FF9C9641000-memory.dmp

                                                                                        Filesize

                                                                                        9.0MB

                                                                                        Download

                                                                                      • memory/1224-1176-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/1608-627-0x0000000000400000-0x00000000004F2000-memory.dmp

                                                                                        Filesize

                                                                                        968KB

                                                                                        Download

                                                                                      • memory/1608-680-0x0000000000400000-0x00000000004F2000-memory.dmp

                                                                                        Filesize

                                                                                        968KB

                                                                                        Download

                                                                                      • memory/1688-1132-0x00000000006E0000-0x0000000000BA8000-memory.dmp

                                                                                        Filesize

                                                                                        4.8MB

                                                                                        Download

                                                                                      • memory/2116-237-0x0000026BBFFA0000-0x0000026BC0016000-memory.dmp

                                                                                        Filesize

                                                                                        472KB

                                                                                        Download

                                                                                      • memory/2116-233-0x0000026BA59B0000-0x0000026BA59D2000-memory.dmp

                                                                                        Filesize

                                                                                        136KB

                                                                                        Download

                                                                                      • memory/2264-1263-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                        Filesize

                                                                                        200KB

                                                                                        Download

                                                                                      • memory/2264-1178-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                        Filesize

                                                                                        200KB

                                                                                        Download

                                                                                      • memory/2308-1018-0x000001877DE80000-0x000001877F560000-memory.dmp

                                                                                        Filesize

                                                                                        22.9MB

                                                                                        Download

                                                                                      • memory/2308-1126-0x0000000000B40000-0x0000000001008000-memory.dmp

                                                                                        Filesize

                                                                                        4.8MB

                                                                                        Download

                                                                                      • memory/2308-999-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/2308-998-0x00007FF9BB490000-0x00007FF9BC14C000-memory.dmp

                                                                                        Filesize

                                                                                        12.7MB

                                                                                        Download

                                                                                      • memory/2308-996-0x000001877DE80000-0x000001877EB3C000-memory.dmp

                                                                                        Filesize

                                                                                        12.7MB

                                                                                        Download

                                                                                      • memory/2308-993-0x00007FF9C8D40000-0x00007FF9C9641000-memory.dmp

                                                                                        Filesize

                                                                                        9.0MB

                                                                                        Download

                                                                                      • memory/2308-959-0x00007FF9BB490000-0x00007FF9BC14C000-memory.dmp

                                                                                        Filesize

                                                                                        12.7MB

                                                                                        Download

                                                                                      • memory/2308-958-0x00007FF9C8D40000-0x00007FF9C9641000-memory.dmp

                                                                                        Filesize

                                                                                        9.0MB

                                                                                        Download

                                                                                      • memory/2308-984-0x000001877DE80000-0x000001877F560000-memory.dmp

                                                                                        Filesize

                                                                                        22.9MB

                                                                                        Download

                                                                                      • memory/2308-957-0x000001877DE80000-0x000001877EB3C000-memory.dmp

                                                                                        Filesize

                                                                                        12.7MB

                                                                                        Download

                                                                                      • memory/2308-979-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/2308-974-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/2308-964-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3372-989-0x000001FC7B636000-0x000001FC7B6E4000-memory.dmp

                                                                                        Filesize

                                                                                        696KB

                                                                                        Download

                                                                                      • memory/3372-1022-0x000001FC7C2C2000-0x000001FC7C302000-memory.dmp

                                                                                        Filesize

                                                                                        256KB

                                                                                        Download

                                                                                      • memory/3372-990-0x000001FC7C2C2000-0x000001FC7C302000-memory.dmp

                                                                                        Filesize

                                                                                        256KB

                                                                                        Download

                                                                                      • memory/3456-1267-0x0000024789560000-0x0000024789570000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/3456-1266-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3456-1265-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3456-1252-0x0000024789560000-0x0000024789570000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/3456-1240-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3456-1264-0x00007FF9C8D40000-0x00007FF9C9641000-memory.dmp

                                                                                        Filesize

                                                                                        9.0MB

                                                                                        Download

                                                                                      • memory/3456-1121-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3480-995-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3480-1011-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3480-1013-0x00007FF9C8D40000-0x00007FF9C9641000-memory.dmp

                                                                                        Filesize

                                                                                        9.0MB

                                                                                        Download

                                                                                      • memory/3480-1012-0x00000214D3370000-0x00000214D3380000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/3480-1014-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/3964-732-0x000001F2AFCCC000-0x000001F2AFD0C000-memory.dmp

                                                                                        Filesize

                                                                                        256KB

                                                                                        Download

                                                                                      • memory/4060-1360-0x00000438CF040000-0x00000438CF050000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/4060-1362-0x00007FF9C8D40000-0x00007FF9C9641000-memory.dmp

                                                                                        Filesize

                                                                                        9.0MB

                                                                                        Download

                                                                                      • memory/4060-1367-0x00000438CF040000-0x00000438CF050000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/4060-1366-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/4060-1345-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/4060-1358-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/4060-1365-0x00007FF9C8D40000-0x00007FF9C9641000-memory.dmp

                                                                                        Filesize

                                                                                        9.0MB

                                                                                        Download

                                                                                      • memory/4060-1363-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/4060-991-0x0000019712104000-0x0000019712144000-memory.dmp

                                                                                        Filesize

                                                                                        256KB

                                                                                        Download

                                                                                      • memory/4668-390-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                        Filesize

                                                                                        80KB

                                                                                        Download

                                                                                      • memory/4668-483-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                        Filesize

                                                                                        80KB

                                                                                        Download

                                                                                      • memory/4772-140-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-160-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-145-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-144-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-146-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-147-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-127-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-149-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-150-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-152-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-125-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-151-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-153-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-154-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-124-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-142-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-724-0x0000000000400000-0x0000000000471000-memory.dmp

                                                                                        Filesize

                                                                                        452KB

                                                                                        Download

                                                                                      • memory/4772-155-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-156-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-123-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-157-0x0000000000400000-0x0000000000471000-memory.dmp

                                                                                        Filesize

                                                                                        452KB

                                                                                        Download

                                                                                      • memory/4772-159-0x0000000000400000-0x0000000000471000-memory.dmp

                                                                                        Filesize

                                                                                        452KB

                                                                                        Download

                                                                                      • memory/4772-122-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-161-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-162-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-131-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4772-219-0x0000000000400000-0x0000000000471000-memory.dmp

                                                                                        Filesize

                                                                                        452KB

                                                                                        Download

                                                                                      • memory/4772-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                                                                                        Filesize

                                                                                        1.6MB

                                                                                        Download

                                                                                      • memory/4788-751-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/4788-734-0x00007FF9EC640000-0x00007FF9EC81B000-memory.dmp

                                                                                        Filesize

                                                                                        1.9MB

                                                                                        Download

                                                                                      • memory/4788-747-0x0000020AD1EE0000-0x0000020AD1EF0000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download