b3f418600558b1c6e233f4e42f9d2971288e123d95f2988aa8206e99e40c5109

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-02-2023 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CurseForge - Installer.exe
Size

2.1MB
MD5

8b0b7668be7257429669371e4e5e973a
SHA1

9913219c702a0ea7c00bd44b53efea56990c47bf
SHA256

b3f418600558b1c6e233f4e42f9d2971288e123d95f2988aa8206e99e40c5109
SHA512

0c029343786258967bce0b4fbc3f6e58e5002bfe0112eaa1f272f50ae53a46411b2c02d8bde5a7ff164c18b1b5bdec026ed2d55ea739f559a6a59b8a1665e843
SSDEEP

49152:8z7kSxE87vxpsrFpIvvFqfcXkhIgs3HwCylhs+YpjNRUcs:8z7kUPN+TIvYfJIv3H/ylhCnC

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1036	ndp48-web.exe
1600	Setup.exe
1660	SetupUtility.exe
2016	OWinstaller.exe

Loads dropped DLL 19 IoCs

pid	Process
1920	CurseForge - Installer.exe
1920	CurseForge - Installer.exe
1920	CurseForge - Installer.exe
1920	CurseForge - Installer.exe
1920	CurseForge - Installer.exe
1920	CurseForge - Installer.exe
1920	CurseForge - Installer.exe
1036	ndp48-web.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1920	CurseForge - Installer.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
1256	Process not Found

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WindowsUpdate.log	Setup.exe
File opened for modification	C:\Windows\WindowsUpdate.log	SetupUtility.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	dxdiag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	OWinstaller.exe

Modifies registry class 34 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	CurseForge - Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	CurseForge - Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	OWinstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	OWinstaller.exe

Suspicious behavior: EnumeratesProcesses 45 IoCs

pid	Process
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
1164	dxdiag.exe
1164	dxdiag.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2088	chrome.exe
304	chrome.exe
304	chrome.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: 33	976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	976	AUDIODG.EXE
Token: 33	976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	976	AUDIODG.EXE
Token: SeDebugPrivilege	1600	Setup.exe
Token: SeDebugPrivilege	2016	OWinstaller.exe
Token: SeRestorePrivilege	1164	dxdiag.exe
Token: SeRestorePrivilege	1164	dxdiag.exe
Token: SeRestorePrivilege	1164	dxdiag.exe
Token: SeRestorePrivilege	1164	dxdiag.exe
Token: SeRestorePrivilege	1164	dxdiag.exe
Token: SeRestorePrivilege	1164	dxdiag.exe
Token: SeRestorePrivilege	1164	dxdiag.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1600	Setup.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
2016	OWinstaller.exe
1164	dxdiag.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1036	1920	CurseForge - Installer.exe	30
PID 1920 wrote to memory of 1036	1920	CurseForge - Installer.exe	30
PID 1920 wrote to memory of 1036	1920	CurseForge - Installer.exe	30
PID 1920 wrote to memory of 1036	1920	CurseForge - Installer.exe	30
PID 1920 wrote to memory of 1036	1920	CurseForge - Installer.exe	30
PID 1920 wrote to memory of 1036	1920	CurseForge - Installer.exe	30
PID 1920 wrote to memory of 1036	1920	CurseForge - Installer.exe	30
PID 1036 wrote to memory of 1600	1036	ndp48-web.exe	32
PID 1036 wrote to memory of 1600	1036	ndp48-web.exe	32
PID 1036 wrote to memory of 1600	1036	ndp48-web.exe	32
PID 1036 wrote to memory of 1600	1036	ndp48-web.exe	32
PID 1036 wrote to memory of 1600	1036	ndp48-web.exe	32
PID 1036 wrote to memory of 1600	1036	ndp48-web.exe	32
PID 1036 wrote to memory of 1600	1036	ndp48-web.exe	32
PID 1600 wrote to memory of 1660	1600	Setup.exe	35
PID 1600 wrote to memory of 1660	1600	Setup.exe	35
PID 1600 wrote to memory of 1660	1600	Setup.exe	35
PID 1600 wrote to memory of 1660	1600	Setup.exe	35
PID 1600 wrote to memory of 1660	1600	Setup.exe	35
PID 1600 wrote to memory of 1660	1600	Setup.exe	35
PID 1600 wrote to memory of 1660	1600	Setup.exe	35
PID 1920 wrote to memory of 2016	1920	CurseForge - Installer.exe	36
PID 1920 wrote to memory of 2016	1920	CurseForge - Installer.exe	36
PID 1920 wrote to memory of 2016	1920	CurseForge - Installer.exe	36
PID 1920 wrote to memory of 2016	1920	CurseForge - Installer.exe	36
PID 2016 wrote to memory of 1780	2016	OWinstaller.exe	38
PID 2016 wrote to memory of 1780	2016	OWinstaller.exe	38
PID 2016 wrote to memory of 1780	2016	OWinstaller.exe	38
PID 1780 wrote to memory of 1164	1780	DxDiag.exe	39
PID 1780 wrote to memory of 1164	1780	DxDiag.exe	39
PID 1780 wrote to memory of 1164	1780	DxDiag.exe	39
PID 1780 wrote to memory of 1164	1780	DxDiag.exe	39
PID 304 wrote to memory of 584	304	chrome.exe	41
PID 304 wrote to memory of 584	304	chrome.exe	41
PID 304 wrote to memory of 584	304	chrome.exe	41
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43
PID 304 wrote to memory of 2076	304	chrome.exe	43

C:\Users\Admin\AppData\Local\Temp\CurseForge - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\CurseForge - Installer.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\ndp48-web.exe
  "C:\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\ndp48-web.exe" /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1036
- - C:\4a648519ffd36d9a92c755\Setup.exe
    C:\4a648519ffd36d9a92c755\\Setup.exe /norestart /x86 /x64 /web
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\4a648519ffd36d9a92c755\SetupUtility.exe
      SetupUtility.exe /aupause
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1660
- C:\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\OWinstaller.exe" Sel=1&Partner=4047&Extension=cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj&Name=CurseForge&Thanks=https%3A%2F%2Fgo.overwolf.com%2Fcurseforge-thank-you%2F&Referer=download.curseforge.com&Browser=chrome -partnerCustomizationLevel 0 -customPromoPages --app-name="CurseForge" -exepath C:\Users\Admin\AppData\Local\Temp\CurseForge - Installer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Windows\System32\DxDiag.exe
    "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1780
  - - C:\Windows\SysWOW64\dxdiag.exe
      "C:\Windows\SysWOW64\dxdiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
      4⤵
      Drops file in Windows directory
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1164

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x194
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1c54f50,0x7fef1c54f60,0x7fef1c54f70
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,15322289767222518396,17150366235730357710,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1100 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1084,15322289767222518396,17150366235730357710,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1084,15322289767222518396,17150366235730357710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15322289767222518396,17150366235730357710,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15322289767222518396,17150366235730357710,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,15322289767222518396,17150366235730357710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,15322289767222518396,17150366235730357710,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3284 /prefetch:2
  2⤵
  PID:2552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\4a648519ffd36d9a92c755\1025\LocalizedData.xml

Filesize
80KB

MD5
d8165beb3b8433921d0d5611b85bfa35

SHA1
bef57e3511e18170ebbc9ae3aefd73ce3f50f8f4

SHA256
b092668e0825f7f498acdc1bf10e1d2cb6ca99497389142cf9af815f25a4b712

SHA512
9fa221f549b4e660c4f40c7ab0e483e3d9a9204248da51675058f32f4f56667c782667295decbb441a581f582a099fe34c6cc569d0c4ec13e85c680abf5870b0

Download Submit
C:\4a648519ffd36d9a92c755\1028\LocalizedData.xml

Filesize
69KB

MD5
f3a4fd6968658a18882cf300553f2f89

SHA1
b75ccaeff41bf9c8586bca612550cb9dca6b09ea

SHA256
53742293b25149b19d8677b15f6424fc71e308014b1bcf883e6949d1dab3961c

SHA512
9692c8577034c0e628a42d581f634ed174b4af684ee87c947556888027215bbf4c92286a3ad1cb1792fc6f7392190719ebef85b60fce48e20239abcb58d04d97

Download Submit
C:\4a648519ffd36d9a92c755\1029\LocalizedData.xml

Filesize
85KB

MD5
d6801174849373cde3f1d214d80fe834

SHA1
50caf47aa60b999ca7b43d3ceb75d0dbffd2278a

SHA256
cbb0da2d1efa7de6736e67c978848d53acf8b502bf3daf43ce40b05076145a7c

SHA512
a4cf812dc4fac888dad4ca986fcb07b93f45633fe5931f24afff4558d9a29734a0ac5d647f3bc631c377fba816c19bd44178398bb6166f6f84e5f05acb8e0a18

Download Submit
C:\4a648519ffd36d9a92c755\1030\LocalizedData.xml

Filesize
83KB

MD5
03b1e582ec5454b2fa3599e788569dfa

SHA1
75845acdd04fb17011218b06fd7c28830641f021

SHA256
59884541554376a26143b105fa924b9f9961254d22db8dedf7de7f3495d7a1dd

SHA512
23d1b1c2e2c78692a48b959bdb70c3c321a76792885b19805cafd543c0ef25856f8f115af766ea46f20eb2c440eaf31e656726710b12ae5f362779bea28035bc

Download Submit
C:\4a648519ffd36d9a92c755\1031\LocalizedData.xml

Filesize
88KB

MD5
afb4b1d7103ddca43ea723acbcdd31fd

SHA1
c4d95dfd4869df636091e979c8b3bd7684004a48

SHA256
961efe11e9e3e553269cb14dc1b942e9ac68b86740d59aa35e4ff6e5913532dd

SHA512
bde563d158e38f7a46abe564e365bbc9cfa235f4735f668a532919f0575bead27bdd6fa11ac50802c989f2f69371c2e9179c9affbc85954a9b4050f9122e26a5

Download Submit
C:\4a648519ffd36d9a92c755\1032\LocalizedData.xml

Filesize
90KB

MD5
71bdb323a746a4adab9ce42498e937bc

SHA1
8e58d4ba5623a50610bd99e82df135708a9f130e

SHA256
6c5a6e11a85c9e172e7748a9a9f19f8598870a63a103a7ac18cbbd0cdf026475

SHA512
b7d66fa4f1a1b7130cdd801447fe0c4965cba1618c01d4ff64b9707e3e132fb13858aa498ea26fb1e54b56daf83e5e7958c6a4fcc1a4ad6dd6c2ffa966e58b76

Download Submit
C:\4a648519ffd36d9a92c755\1033\EULA.rtf

Filesize
4KB

MD5
47c47a12e6830b793150494d35d51637

SHA1
87a11fece572f2a57982270533d6906daf7da218

SHA256
4399b24e28becfb3bb2820daa09965860001492145fd7e2466da7b740c31855d

SHA512
1b85ff8f11afafaa7368e744d281d964313eb342d294cbbe0e1c5fab3c5e817ca2b58bbcd7fc87a556f7575fd8e9d7404eb0a4f8e045e4c446ba83398eab3127

Download Submit
C:\4a648519ffd36d9a92c755\1033\LocalizedData.xml

Filesize
83KB

MD5
47703bed025228689a1032edae56b4c4

SHA1
a2aba33c7e8915025251574c81fe2e5ac6bc0893

SHA256
05fc9352b918a710d51f68873fc522528265455b77014e8b0cd66c5e7aa71dc3

SHA512
9d6eda9fc3be6116371d1b86b54b8b65ccd58c182105e0954870f75e2a6f4d7e8fc84462bfd3584175c0f849066e47d82cd18ae3bf1671e60cc237347b7cc00d

Download Submit
C:\4a648519ffd36d9a92c755\1033\SetupResources.dll

Filesize
23KB

MD5
3f975e8bb4cd4adb9b5d21b2da436ab6

SHA1
e017dd66cbd964228b3b9b84b14c892709fe3915

SHA256
ab1d462944fdcb4ad2e6a4d37257f2fe2063744bb4e3de55b4126dfb65d383fc

SHA512
f99359f9118409fe7cbdc4390a48f2f661d7e1622b08af75080e036400e1a3dae118d92848e54a24168eb8b27e69d51a920bb26511c466868afb42257b3ea048

Download Submit
C:\4a648519ffd36d9a92c755\1035\LocalizedData.xml

Filesize
84KB

MD5
ad67691b3b5474154f65400e53ddfef2

SHA1
dc8dc683bf9fee12a5ab7297789a5c087e98facc

SHA256
1e828840ae8728ac809624845597406d4025d6da7797b38f02946a30a48bfe7c

SHA512
64ee113f0c3e173fee6047cc41ff3e84181aba2eb2b02ca5cc717caaf1392e5e2f0eed7e7c469d821d86878443bc8ec64c66e2afb1d850fb4c7e9823c3a5ea73

Download Submit
C:\4a648519ffd36d9a92c755\1036\LocalizedData.xml

Filesize
87KB

MD5
2c77cbaaf9c3ed0c4410c4b8c3c29c30

SHA1
110775ca1c6e252b4e8c8bf39b593dfb4d66206c

SHA256
ab3d5571b57b7bb705bffe13f37bd73894b0d12d09cc1fb1b438493a863c324c

SHA512
c1438b9b95bd16503f5a14d743e9c6c40cb46cd24a4bb48adf6f9162c61e8979c370e7e1eff8989db05ff5a496415a68b58cc16912a7c8215fecb72d252c5285

Download Submit
C:\4a648519ffd36d9a92c755\1037\LocalizedData.xml

Filesize
78KB

MD5
631011d665ad08220fe248d9f8a103ba

SHA1
652c56998d0e8bf0c43f136fd90c69728bb0e111

SHA256
e9877973bef23498b586a9cf03230fc45a9ea8a3f75decfa062b03bd31974b06

SHA512
cf479c0c5167e011721bd6b0f5829a62c0c269b1e1be13e5bb750516b8441a1d8ca20fafd0d539066f84d669f6f5e9401c223b82e200501716c719d268c3c1a0

Download Submit
C:\4a648519ffd36d9a92c755\1038\LocalizedData.xml

Filesize
86KB

MD5
28e8a2833f3d5302a1f5c2a84fa8990a

SHA1
08977251eb62c6df447c6754b2ec27a73d9071f1

SHA256
e4261c9b8c779d58883820a531a19594d238f0ca9ecac399505c569b0cccdbc7

SHA512
4a62afe84d4eb03bf2c65826b5765f270b3c9a3403b972bb00db66cb40b70d1809334fc3a8edf012c1ea31e4e3b8c6fed6423e9da14dd62ad76a12d525e515b9

Download Submit
C:\4a648519ffd36d9a92c755\1040\LocalizedData.xml

Filesize
85KB

MD5
e74a35a00e0228de37ee911f93411ed2

SHA1
c1c0901eb552c21ce2817b7edb94af611b571a49

SHA256
2ec36fb871853f60085bc972e08156483384f8c1d6e000f5db1cc8cccad05f8c

SHA512
8876e39093448d1ae5a1f53499272323747789fbaefdf9bd852fee161fa9c18ce0721164473a5a2279643b34a2727d870e0b802635288f2e32b15c40660ad06f

Download Submit
C:\4a648519ffd36d9a92c755\1041\LocalizedData.xml

Filesize
75KB

MD5
32e4d6f895a69bb2c373ff4c688d6b27

SHA1
57738235363c5f1a1c5651c65832396e3aef4414

SHA256
ae28910c1ef16ce70a5e97c5d02390ad8d64f80966e2be3c4a56db0c4038442d

SHA512
5052e8a218cf71b0e08de33665a58f9219282e00f2e4f6c19897a07863556a2408dc273ad3cc9257d98d6a57765321e0f1b051bed051f188947deda9d32dbdbe

Download Submit
C:\4a648519ffd36d9a92c755\1042\LocalizedData.xml

Filesize
73KB

MD5
47f8082069c52d2f7db1fc6aac2886df

SHA1
4b5c371e9006c10685f2c59ca9a7ebfb4a597a0a

SHA256
e86656ef2092c0e6caf5b8b0bca2d6ce5def273609c22187ae91236605d2e273

SHA512
7bdaf721e561c46609054f6786624149fd824abb1e3126b2a6b6385b56c6fe11414af216fca3ee2b1fe6a4b42ca8a19f46186ab1d4e70fb81b6f9af013c40018

Download Submit
C:\4a648519ffd36d9a92c755\1043\LocalizedData.xml

Filesize
85KB

MD5
e939717e7eaf1b7f53c4b752e62a22e7

SHA1
ca5a66c452ec6ca8bc04de95eac1616cf3980992

SHA256
8afdf3d2c0fd2370889e3fd96bc2742831cdc6041af0a407123c27f8d76d68a6

SHA512
ebfa725b8efc4448d669beea6f56eab9a317793ff1e21cbc51e015a1a31dfb8b1408e9df15023b878aca220465dbede09254f9a524ef7f6060877844994e17aa

Download Submit
C:\4a648519ffd36d9a92c755\1044\LocalizedData.xml

Filesize
84KB

MD5
b0d9e4dac3935bb596bb83b7d8474f8f

SHA1
29ce971b1a3ccf6f09eced6bff8e778df13f3d35

SHA256
3c309a5509d42e6485e9123bc6af5ec43cf2faa8afead5062676e85ab7f96add

SHA512
af4e4032a3b4a1696a3f252c03c8f5364089320e4181ebccd39d569d7577b11b70b4ae694d4a74e09bb61505664a01733dccb2d80aed64cb7142225dddd997e2

Download Submit
C:\4a648519ffd36d9a92c755\1045\LocalizedData.xml

Filesize
87KB

MD5
c3a238ffbf2dbb9f758e5c5b33948971

SHA1
56ceb241f3780dc4a9814332f44369188ded3e77

SHA256
2f0beba8a56cccaddfe6e0ecc3130d0efafb7f84cc0fa4e8db9d85c840e24241

SHA512
2def165951b958195a339f8b4a38aba310c428fbf89f0d7e708d44255f3cf59953550f8e4772626aa125e4a2cb3328601b5ca097f5e355423f4d5094cb8155ea

Download Submit
C:\4a648519ffd36d9a92c755\1046\LocalizedData.xml

Filesize
84KB

MD5
4a892aa3fedbfe5991b6ff46c00af55c

SHA1
421fe8f80432c56d022ff2911c4a5708093184c3

SHA256
aadbd1df74fc82a43f86f1f40d5065a802b2db71652525a78d258fda3197a743

SHA512
9391096ad6c721b50a300f3c8285291086c0f302f77a7edee7283ec8eb7432171edde5998d5c76587c6431eb3c7e5cba176d0c31f6963acd8d954ea9c6a6e619

Download Submit
C:\4a648519ffd36d9a92c755\1049\LocalizedData.xml

Filesize
86KB

MD5
d46f34e95e94fbfa4cb4a8dcc7ba3211

SHA1
3e2150c9dd44c4b3416051534ccf84968f2737cd

SHA256
a787b2f493c3248991877f61e210bb0231d357d06aa2671917d2ad4e528c9f67

SHA512
c740f7eba5187699b39265ba2238121a20d935d1320c0e344b767d537618cc2954bb7a6bacae12e7121cd1b4bca1ceb84e11bb80a347e7c2c79e87eb899adb7a

Download Submit
C:\4a648519ffd36d9a92c755\1053\LocalizedData.xml

Filesize
83KB

MD5
cb2e2edf7d7fefde9b3894923407f8c0

SHA1
541ec570f26bb30f4be35f1a87d4ccf6bc660f67

SHA256
874e5d7e45603ad70ca353e8dc6bf42944594f911d17c79be8966dc01d27eb73

SHA512
045fadda432280ec961da53b914adc9d9a31d02140282b3b37e89f01723d64b5659e3c1a61e9344f4440813efb8b932cf45f859b97cfbdc158c0802d70c5ecda

Download Submit
C:\4a648519ffd36d9a92c755\1055\LocalizedData.xml

Filesize
83KB

MD5
f020b0e38f1295924f1833e77859fc9a

SHA1
17467f2ebb8cbca89119d30b3ba7ae30691921e1

SHA256
8ce790eca06bae1b01f40f732580adea86d4c22b28d1e701e033c6c9983500c2

SHA512
bf01aea04827a46cb60cacf97993b319643e90aca82e1abc2c6750f01de0d638fc1b73931fe80e5441128eba70f364c1000b4ccd053b2e241c0a3916b75d670a

Download Submit
C:\4a648519ffd36d9a92c755\2052\LocalizedData.xml

Filesize
69KB

MD5
6cc370b95c9f3e3d28315759b496e977

SHA1
09e4aad0a389f0f876d21e132123dbbd83dc1314

SHA256
93e519e8cc173a3f1aa8dd8113ad4a1be0b5b8d40e1d0a1563dba2054b50433a

SHA512
3b2f19f97cb07f5c845d85cee1a0932c19ddd0efc0433e4b6f092e0e7782e9454c6ff43eb54a943e1e85764ca2ce8ff36a239ac319b09fd8042669d24af27f91

Download Submit
C:\4a648519ffd36d9a92c755\2070\LocalizedData.xml

Filesize
86KB

MD5
5b73409a0f1cbb707cd62a7956bc2f92

SHA1
1ce52fd3746c5bee7a3c3ef5aa8958e44b8761e3

SHA256
193090f4472f1a1c5ed10ab97fa4bf77bd4ff3f172f380ef4a53fef39989159a

SHA512
ecc775f665b7f0a192d04bd372542e3fadf89b47e4cc5373d2597b9df321b386e89f6fa695c0871fd56691be126e16443af91a7da34de018ceb47f90aa30e3f7

Download Submit
C:\4a648519ffd36d9a92c755\3082\LocalizedData.xml

Filesize
85KB

MD5
e2fc9d2a4fc56b64e3981dd7e0b076d5

SHA1
1660468ac360a0a52f1a84887a9bb9c6ca3c9d8d

SHA256
9e224a5f7a5c83df1ab31743520a05252c3cdcc9e97526264da716166d2b29f9

SHA512
ca9098a09a7450d02bda76f1d64480f27679610441e3df0858b231de4599f53ddf245b69d181d3fdd37ee846eb085dda0ec85cf1825ec2c7f0eaeea8423fefd3

Download Submit
C:\4a648519ffd36d9a92c755\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\4a648519ffd36d9a92c755\ParameterInfo.xml

Filesize
2.7MB

MD5
8e8c25b11ffe1d7bc70e2a31600eda7a

SHA1
1452b55ef634e4e5b002ce302702d0c50487ff6c

SHA256
a2bec4e2afd573422045c8c2f461166508535e67abd32942d4d6fbed77b9faf8

SHA512
4a622a5d3748ce412bf529b11d305a5a06dd381a9b972fa08d0528dc738d50a979307ce6dfb14c9b481952672ca9c3a1be43669796e5e178b23436b84bd0542a

Download Submit
C:\4a648519ffd36d9a92c755\Setup.exe

Filesize
119KB

MD5
057ce4fb9c8e829af369afbc5c4dfd41

SHA1
094f9d5f107939250f03253cf6bb3a93ae5b2a10

SHA256
60dd7d10b3f88f1b17e39464bb2d7ca77c9267b846d90cf5728a518a117bd21b

SHA512
cae4df73a5b28863c14a5207fbbe4e0630e71215aa1271fe61117523cc32b8b82cd1ba63f698907fbfeb36d4007bb0f463828025957505cfcbb200f4ed5d3a52

Download Submit
C:\4a648519ffd36d9a92c755\SetupEngine.dll

Filesize
893KB

MD5
f9618535477ddfef9fe8b531a44be1a3

SHA1
c137a4c7994032a6410ef0a7e6f0f3c5acb68e03

SHA256
236bf2b5cf6014b8ee22484afe172ace512cc99dba85080b082d47e9e189ea5c

SHA512
b85ae1a9cc334e9352c51aa94b2c74c6c067957e0e6021f7309a1c194fc64c0c50bb5efeaef7030e8689d75a22798f74cf719366a2fdcce26e23692510bfe064

Download Submit
C:\4a648519ffd36d9a92c755\SetupUi.dll

Filesize
336KB

MD5
6f51e9b469f95edb9156c74b4b0f4e1b

SHA1
5224c3de0fa4895297898f76ed5647ef40d924f8

SHA256
9fd4639955338928731a8ab6e131175949a179931b8c9d4fcadd2367d749b826

SHA512
920f6525852a3a3636722fa8a36112d5402b22b7d93469443eba2b782ef27d25532a8b6a922dad2a60709c24e74527f639e2744bfd30635dda80ab364376a32e

Download Submit
C:\4a648519ffd36d9a92c755\SetupUi.xsd

Filesize
31KB

MD5
a9f6a028e93f3f6822eb900ec3fda7ad

SHA1
8ff2e8f36d690a687233dbd2e72d98e16e7ef249

SHA256
aaf8cb1a9af89d250cbc0893a172e2c406043b1f81a211cb93604f165b051848

SHA512
1c51392c334aea17a25b20390cd4e7e99aa6373e2c2b97e7304cf7ec1a16679051a41e124c7bc890b02b890d4044b576b666ef50d06671f7636e4701970e8ddc

Download Submit
C:\4a648519ffd36d9a92c755\SplashScreen.bmp

Filesize
117KB

MD5
bc32088bfaa1c76ba4b56639a2dec592

SHA1
84b47aa37bda0f4cd196bd5f4bd6926a594c5f82

SHA256
b05141dbc71669a7872a8e735e5e43a7f9713d4363b7a97543e1e05dcd7470a7

SHA512
4708015aa57f1225d928bfac08ed835d31fd7bdf2c0420979fd7d0311779d78c392412e8353a401c1aa1885568174f6b9a1e02b863095fa491b81780d99d0830

Download Submit
C:\4a648519ffd36d9a92c755\Strings.xml

Filesize
13KB

MD5
8a28b474f4849bee7354ba4c74087cea

SHA1
c17514dfc33dd14f57ff8660eb7b75af9b2b37b0

SHA256
2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b

SHA512
a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

Download Submit
C:\4a648519ffd36d9a92c755\UiInfo.xml

Filesize
63KB

MD5
c99059acb88a8b651d7ab25e4047a52d

SHA1
45114125699fa472d54bc4c45c881667c117e5d4

SHA256
b879f9bc5b79349fa7b0bdbe63167be399c5278454c96773885bd70fbfe7c81d

SHA512
b23a7051f94d72d5a1a0914107e5c2be46c0ddee7ca510167065b55e2d1cb25f81927467370700b1cc7449348d152e9562566de501f3ea5673a2072248572e3b

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate1.ico

Filesize
140KB

MD5
9b70c7fa81dca6d3b992037d0c251d92

SHA1
83a11f4b7a5020616257fef143a7c32164d3927c

SHA256
18226b9d56d2b1c070a2c606428892773cb00b5b4b95397e79d01de26685ccd4

SHA512
a771725b16e23086b1ee37336f904a047445e8c6a6ca505b9aff5a20948f8dfa53fe07cb07a13cb9cb7a5bbc7484009a40a91ed9eb8b7f5726307efc6a991a17

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate2.ico

Filesize
140KB

MD5
f824905e5501603e6720b784add71bdd

SHA1
d71b15e1168306c1e698250edc5f99f624c73e6f

SHA256
d15a6f1eefefe4f9cd51b7b22e9c7b07c7acad72fd53e5f277e6d4e0976036c3

SHA512
3914b1fadcf6b90d106ab536687e5badb1b09b60450e0b75f403f7dca32c2dc63d68c0918d10359da4f4113406dcc4e02fa0c02941d8b1badba021c60aface9a

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate3.ico

Filesize
140KB

MD5
0ade6be0df29400e5534aa71abfa03f6

SHA1
6dde6e571b2fa45ab2cacf565e488ecace01db56

SHA256
c2f6faa18b16f728ae5536d5992cc76a4b83530a1ea74b9d11bebdf871cf3b4e

SHA512
57ce956375097b8aeed4605b7816e8eeba139a4151d2516b46e7f0e2e917276264040039319cc9012796eed5405e005ac4de20caffdb99ee59db06c868901a83

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate4.ico

Filesize
140KB

MD5
267b198fef022d3b1d44cca7fe589373

SHA1
f48215df0f855328509a47c441a14e3578a20195

SHA256
303989b692a57fe34b47bb2f926b91ac605f288ae6c9479b33eaf15a14eb33ac

SHA512
a492bcab782ae385fbca6e0081926e41578778a7f196405372bb0f177ae0e47322859314068fb16167310ac50183f9dd507832b187382e494c3889cd6c64c129

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate5.ico

Filesize
140KB

MD5
25f0d572761cb610bdad6dd980c46cc7

SHA1
6270ee0684700c5a4d01cd964dc05b82719b0370

SHA256
ce2afc0aa52b3d459d6d8d7c551f7b8fbf323e2260326908c37a13f21fee423e

SHA512
db061086d1db6379593cc066860c31667dc20fe4cd60d73e2e16fe1dca9990060ece5396fafc5c023a9bed19dd251bda7537a6018b58420ce838276f7430f79d

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate6.ico

Filesize
140KB

MD5
5ac2b8e1a766c204f996d9ce33fb3db4

SHA1
09cbabdd17a5a0215ad5d5af509ea9ec315373b6

SHA256
ee387d9642df93e4240361077af6051c1b7e643c3cf110f43da42e0efe29a375

SHA512
802b84dedc195c21de32e3abbed02b8646affdfa75525e8b1984869b207a7fa02ee91938c0d2cb511d7911fc00ef612d03b6f2ea3615b01548bd408302b08f44

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate7.ico

Filesize
140KB

MD5
b4947d242ab4a902031fcd1ffd3a56cd

SHA1
4014a05642118a306c742f56878db1ea61e78b6b

SHA256
995c9f4ea0d98c0c4e5037ede43fc44a680d85cb1e37c782adab775915e975b8

SHA512
a9c468b6c444b528898fe6fa26f42b57e7890c1992ba03e670ca849e9badbbad74c2d923eabef5ab88631ae7abde4477286c43d755ab566d1a70ec8e84a4ff93

Download Submit
C:\4a648519ffd36d9a92c755\graphics\Rotate8.ico

Filesize
140KB

MD5
e7a252c763ce259f800183fd9dd1f512

SHA1
4601c87f90e1c0061a7137370358ae11a4d83a23

SHA256
fde052efe70c27d8023065f0859627fc88bf86e166016e9cb00185c21de52742

SHA512
b140883eb89872306c7dbc4dfe75b204d927295649d3de9230748465628bdda4d2e6c8806ff2e5da9647ee45838200a1cba44cb7222f9173202f369465c4da05

Download Submit
C:\4a648519ffd36d9a92c755\graphics\SysReqMet.ico

Filesize
133KB

MD5
889472312e724195d7b946eecaea20c1

SHA1
d099c44b794f7d0414cda5ba9a6df432347ff513

SHA256
c9ca53f83a5cc10f726248d47ff82981b584b3ff62ee591229a8237c11340991

SHA512
511b4bae756fd61ab4e7f8f7173a6b0bda6ab2aefb7c4c77e78ecae3b7de080cec575db6af110c195f58bc7b2abcab0f1477271a31ce6d2af10634b632e0bf39

Download Submit
C:\4a648519ffd36d9a92c755\graphics\SysReqNotMet.ico

Filesize
140KB

MD5
eca24331ce0850d188bd2eb5c22de684

SHA1
53e910c03aa6bc423717c5b175670517f26f00a4

SHA256
deba0a7a6e2ca99d3380d35ae33f8d266806fdbcbf75fb06b5718be5873258f6

SHA512
a3de7deb9a0eb2f40b56f1dc435a01578d6f0ee299f7159560029e965e7785f0197f3e98ff2ec9c2c39c8078c125454c19e81d5f6291a90010d7704f57312db9

Download Submit
C:\4a648519ffd36d9a92c755\graphics\print.ico

Filesize
123KB

MD5
d39bad9dda7b91613cb29b6bd55f0901

SHA1
6d079df41e31fbc836922c19c5be1a7fc38ac54e

SHA256
d80ffeb020927f047c11fc4d9f34f985e0c7e5dfea9fb23f2bc134874070e4e6

SHA512
fad8cb2b9007a7240421fbc5d621c3092d742417c60e8bb248e2baa698dcade7ca54b24452936c99232436d92876e9184eaf79d748c96aa1fe8b29b0e384eb82

Download Submit
C:\4a648519ffd36d9a92c755\graphics\save.ico

Filesize
123KB

MD5
c66bbe8f84496ef85f7af6bed5212cec

SHA1
1e4eab9cc728916a8b1c508f5ac8ae38bb4e7bf1

SHA256
1372c7f132595ddad210c617e44fedff7a990a9e8974cc534ca80d897dd15abd

SHA512
5dabf65ec026d8884e1d80dcdacb848c1043ef62c9ebd919136794b23be0deb3f7f1acdff5a4b25a53424772b32bd6f91ba1bd8c5cf686c41477dd65cb478187

Download Submit
C:\4a648519ffd36d9a92c755\graphics\setup.ico

Filesize
123KB

MD5
6125f32aa97772afdff2649bd403419b

SHA1
d84da82373b599aed496e0d18901e3affb6cfaca

SHA256
a0c7b4b17a69775e1d94123dfceec824744901d55b463ba9dca9301088f12ea5

SHA512
c4bdcd72fa4f2571c505fdb0adc69f7911012b6bdeb422dca64f79f7cc1286142e51b8d03b410735cd2bd7bc7c044c231a3a31775c8e971270beb4763247850f

Download Submit
C:\4a648519ffd36d9a92c755\header.bmp

Filesize
9KB

MD5
41c22efa84ca74f0ce7076eb9a482e38

SHA1
8e4a371fd51a61244d11c4fc97d738905ce00fbb

SHA256
255025a0d79ef2dac04bd610363f966ef58328400bf31e1f8915e676478cd750

SHA512
8c83edeecbd7d5fb64aa7f841be3992ba8303b158a5360d9c7eafb085cbc9b7258af40f50570e0ca051cb6d235ea7e3eacf5cb8c7e39750601061f0b57338395

Download Submit
C:\4a648519ffd36d9a92c755\sqmapi.dll

Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\ndp48-web.exe

Filesize
1.4MB

MD5
34a5c76979563918b953e66e0d39c7ef

SHA1
4181398aa1fd5190155ac3a388434e5f7ea0b667

SHA256
0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa

SHA512
642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\ndp48-web.exe

Filesize
1.4MB

MD5
34a5c76979563918b953e66e0d39c7ef

SHA1
4181398aa1fd5190155ac3a388434e5f7ea0b667

SHA256
0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa

SHA512
642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

Download Submit
\4a648519ffd36d9a92c755\1033\SetupResources.dll

Filesize
23KB

MD5
3f975e8bb4cd4adb9b5d21b2da436ab6

SHA1
e017dd66cbd964228b3b9b84b14c892709fe3915

SHA256
ab1d462944fdcb4ad2e6a4d37257f2fe2063744bb4e3de55b4126dfb65d383fc

SHA512
f99359f9118409fe7cbdc4390a48f2f661d7e1622b08af75080e036400e1a3dae118d92848e54a24168eb8b27e69d51a920bb26511c466868afb42257b3ea048

Download Submit
\4a648519ffd36d9a92c755\Setup.exe

Filesize
119KB

MD5
057ce4fb9c8e829af369afbc5c4dfd41

SHA1
094f9d5f107939250f03253cf6bb3a93ae5b2a10

SHA256
60dd7d10b3f88f1b17e39464bb2d7ca77c9267b846d90cf5728a518a117bd21b

SHA512
cae4df73a5b28863c14a5207fbbe4e0630e71215aa1271fe61117523cc32b8b82cd1ba63f698907fbfeb36d4007bb0f463828025957505cfcbb200f4ed5d3a52

Download Submit
\4a648519ffd36d9a92c755\SetupEngine.dll

Filesize
893KB

MD5
f9618535477ddfef9fe8b531a44be1a3

SHA1
c137a4c7994032a6410ef0a7e6f0f3c5acb68e03

SHA256
236bf2b5cf6014b8ee22484afe172ace512cc99dba85080b082d47e9e189ea5c

SHA512
b85ae1a9cc334e9352c51aa94b2c74c6c067957e0e6021f7309a1c194fc64c0c50bb5efeaef7030e8689d75a22798f74cf719366a2fdcce26e23692510bfe064

Download Submit
\4a648519ffd36d9a92c755\SetupUi.dll

Filesize
336KB

MD5
6f51e9b469f95edb9156c74b4b0f4e1b

SHA1
5224c3de0fa4895297898f76ed5647ef40d924f8

SHA256
9fd4639955338928731a8ab6e131175949a179931b8c9d4fcadd2367d749b826

SHA512
920f6525852a3a3636722fa8a36112d5402b22b7d93469443eba2b782ef27d25532a8b6a922dad2a60709c24e74527f639e2744bfd30635dda80ab364376a32e

Download Submit
\4a648519ffd36d9a92c755\sqmapi.dll

Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\System.dll

Filesize
11KB

MD5
7399323923e3946fe9140132ac388132

SHA1
728257d06c452449b1241769b459f091aabcffc5

SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\UserInfo.dll

Filesize
4KB

MD5
9301577ff4d229347fe33259b43ef3b2

SHA1
5e39eb4f99920005a4b2303c8089d77f589c133d

SHA256
090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

SHA512
77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\ndp48-web.exe

Filesize
1.4MB

MD5
34a5c76979563918b953e66e0d39c7ef

SHA1
4181398aa1fd5190155ac3a388434e5f7ea0b667

SHA256
0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa

SHA512
642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\uac.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFFE3.tmp\utils.dll

Filesize
55KB

MD5
aad3f2ecc74ddf65e84dcb62cf6a77cd

SHA1
1e153e0f4d7258cae75847dba32d0321864cf089

SHA256
1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8

SHA512
8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

Download Submit
memory/960-66-0x000007FEFC1F1000-0x000007FEFC1F3000-memory.dmp

Filesize
8KB

Download
memory/1036-62-0x0000000000000000-mapping.dmp

Download
memory/1164-139-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/1164-144-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/1164-145-0x0000000000560000-0x000000000056A000-memory.dmp

Filesize
40KB

Download
memory/1164-141-0x00000000023F0000-0x000000000244C000-memory.dmp

Filesize
368KB

Download
memory/1164-140-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/1164-135-0x0000000000000000-mapping.dmp

Download
memory/1600-68-0x0000000000000000-mapping.dmp

Download
memory/1660-124-0x0000000000000000-mapping.dmp

Download
memory/1780-133-0x0000000000000000-mapping.dmp

Download
memory/1920-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/2016-131-0x00000000024D0000-0x00000000024E8000-memory.dmp

Filesize
96KB

Download
memory/2016-137-0x000000001BD50000-0x000000001BE00000-memory.dmp

Filesize
704KB

Download
memory/2016-138-0x000000001BA66000-0x000000001BA85000-memory.dmp

Filesize
124KB

Download
memory/2016-130-0x00000000005A0000-0x00000000005E6000-memory.dmp

Filesize
280KB

Download
memory/2016-129-0x0000000000540000-0x0000000000554000-memory.dmp

Filesize
80KB

Download
memory/2016-128-0x0000000000800000-0x0000000000892000-memory.dmp

Filesize
584KB

Download
memory/2016-142-0x0000000025EC0000-0x0000000026666000-memory.dmp

Filesize
7.6MB

Download
memory/2016-143-0x000000001BA66000-0x000000001BA85000-memory.dmp

Filesize
124KB

Download
memory/2016-127-0x000000013FE50000-0x000000013FEA2000-memory.dmp

Filesize
328KB

Download
memory/2016-126-0x0000000000000000-mapping.dmp

Download