73bf12bc7899244509130edfd84c146d3b0f77a69550ef4ff34d6f51966f79d3

Resubmissions

26/04/2023, 21:52

230426-1q5n8sdh2t 8

26/04/2023, 21:16

26/04/2023, 20:50

26/04/2023, 20:46

26/04/2023, 04:32

26/04/2023, 04:29

Analysis

max time kernel
126s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2023, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dezz.rtf
Size

365B
MD5

21579951a326c9dc08a51fe364344914
SHA1

7981c5d563ef63956259016174fb5f023e0d8604
SHA256

73bf12bc7899244509130edfd84c146d3b0f77a69550ef4ff34d6f51966f79d3
SHA512

db2bb92685631ed125a7ace9795e346b52c72bec778716d8dbaa4f1f39011f79eebe9497393fde7b2eb7a5321534bde7a88164dc6ca6de3ecf889c3367f74fee

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1940	WINWORD.EXE
1940	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1940	WINWORD.EXE
1940	WINWORD.EXE
1940	WINWORD.EXE
1940	WINWORD.EXE
1940	WINWORD.EXE
1940	WINWORD.EXE
1940	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 4548	1292	chrome.exe	99
PID 1292 wrote to memory of 4548	1292	chrome.exe	99
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 1520	1292	chrome.exe	100
PID 1292 wrote to memory of 2656	1292	chrome.exe	101
PID 1292 wrote to memory of 2656	1292	chrome.exe	101
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102
PID 1292 wrote to memory of 5096	1292	chrome.exe	102

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dezz.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff993a79758,0x7ff993a79768,0x7ff993a79778
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1804,i,2641003945962595304,6247881027171089899,131072 /prefetch:8
  2⤵
  PID:4980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fbb5cfeaa74a9d1130d6dea20e353eca

SHA1
080bdfd3bda720cd9e52018388538c843e582607

SHA256
60dcd1d8b0b3294cdf6b3d173cec4a73ab01791ee802c205b9070532567984fe

SHA512
862884d5a806800a25a2b81ccd92c6bb3451220f28d4fd12020e7ada538492e5a9ba9fd6eccd3f9b981962fbccc0f96eaa57a149125fd0b5398fe6418ed616f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
879feb20723fa21d142dc0c0dcd4e67f

SHA1
c2f04ba12a9e7f6e854b4d4b8ee71e9df0cf64c8

SHA256
db031708d65fa34e1cdeae4b1248a29d4b9935958ada72cc24cc2fc334787204

SHA512
2e871a4904e0b04393f8a1f5ea1b759811e2a8a395b60948a5115574b2e32ee7a7bc5b50db7133e7ccaeabb67bb505db91ca0ecff7e9b4743aedfbf1f244ef55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f6ceff6da1c0a943bab47d6b0cee0e6

SHA1
3d0a108ca4fe4e5b5d9b90ceb13f6e8bd0c98c08

SHA256
4d9a1f2f51410d8f73377a7b5f2bc386d53b247457309ede9bb308b763fa5094

SHA512
1dca06421b033e4aea444faf6c1ea2b03f5eeab21a9292946daf7367c14d3aea811ce3903ad7a10f20da96313963f44936bbde3662fb6e3bca74fee2f0453b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
59b1af0b3ed2ce251ebb3cc877bfb4d7

SHA1
4fa82ee0e6a2fbb9a908ab8cbc0c8b8e4d2f8bc8

SHA256
82572b75999edc7e35b80cb4d111c7a3392a788546a1cd1f802fb67689e2d02c

SHA512
d54094e25579775eaaa424044f7e8a309ebe9297d526d2a1f308e0c117d6cee0614b2cb6c7f3d3f14c7c1f63cdfd5e5fb677577a15fb06e1aa830a8338c7a95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
4145e19c4ea46ca62dc27b5c56987431

SHA1
58d8f0a00498dc7c21e9098ea2cae39af9e23217

SHA256
0aa420eb0d4aad80b8ec463ffcc8f86065963c82b1924b3ab321337a26ed8ce8

SHA512
1655754c5f7dc143a4a1f2f3d1a47184d81f93ce92e80b49fef34a400ca472ef1f086b26253c747d0d4b696e70c2368b079d95b8b7d12159f21070a39bdabc2e

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
379KB

MD5
7eb3a04bec1aa847a92b9fd87b8f11ef

SHA1
b62f1e0e29789da4737509623281d72c3431a134

SHA256
363a09535f4fa0c0d827ebc33c4b5ee0bcb4297b61a78689cca8190558b11838

SHA512
c7e6f9d93565f6b2830e16c6bc7047dee93f868f1c8b6c80f34cdd535b3b386381a905f6a660f17e8cd84399e8dcab21021cd6cff527221bf28f60fe7a601542

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
539de97514b9405de1aaf9b35ce0d779

SHA1
9e22c67d098c3151bbc097d0a0032d35db680d94

SHA256
df26159180b84208c1bafcef8dfb257cd92ec6bed4412103514071c52bc697c7

SHA512
86b019fa63c8d25ce344ce5b9e33b2454a0c752c16f12f9b341e5e904ab8ebb3426fbce198280df4e0d37b79c212b73e122a0bacff8c228b7e81e6684cd586e1

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
396KB

MD5
bfe1da3dd2afe2f52e88efa199703731

SHA1
367813443f0767b3b35b23db946943314c714b7a

SHA256
9335c3fedd2a81ee8195e9454de0878e6d666defe82742db58ffc7645f66080a

SHA512
30b6aaefc4cb12f5e83c48d4fcdaa21e301d10a319e85eabed0d796ef20e82872399c53376718ff623e6d20fed16ca1e31b59b9c55ed6a49d0f019fe57730d13

Download Submit
C:\vcredist2010_x86.log.html

Filesize
82KB

MD5
e0497b7a956d377c5908e7ce7f351caf

SHA1
1d9bd5384ed4f4d10c5ff94964ba4ca336cbee14

SHA256
160c371899f1abccbcff9cadf93507408086c821fb2b1258fab316be1e43d5a7

SHA512
a63574889ed37c88f4a9f8b1764ab035b0d11521085e850a12442f0507192fa3d2b6bdf85757b40a5a517d42bedda6914884bdbf5a02848630868a15eaedc476

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
168KB

MD5
d9b8f261848d5a2ca9bfd1d29c48dc4c

SHA1
79b72b63d2b18c8239687631d82ad8471b9f1e1d

SHA256
142ed861f1ec5ef8a490c399f4d7bab38ccb543ced9da1ad55c3d0820c5a508b

SHA512
a1f3429941af33a5e6626f7087beb0462630679798fa3eebe03c48237d971e4a7b08caf6a1fd9d253901dd4cd8149733dd8383c8d02d1ec7f02638e55a7eddd0

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
c92f516deadff685ccf586f559c00ec2

SHA1
e8c387426d41b601d70504b1fd5d22ddcb0ae421

SHA256
9a30b1db3cf430acbdc91e95f86969fa528e078c15b0cb092f7b77b78496b92e

SHA512
67eab157225144362019da7bde4dc8d521774adf9602393c3f0b429629d7b6ffae05adbed5198143aa1e8a6b881fe59003e9f183378285dd784c211b9c35f255

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
cb9e1c1b0eb2ec5189afb22b9d19fd34

SHA1
2ce78dd6ce320ffed6bbbc20f7c753837c045081

SHA256
7359a2c46d70ebb600622d3d1f5634fc2b5835683f4731b8c2c3909cd6de4cb2

SHA512
f4d87b7a010bd150410854d505da7c0a8b0a9518290c2ce07760904b0c5d6abbd0e900770c8cdaa08bfaf32c177ee55885d6ce617eeaff68c0e72ec98f69908f

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
80c224b4e29eb9c764b5da16912b139e

SHA1
bbfcbc122e5a943cd421d7439a9df9cc3ef4101f

SHA256
b9ee0cc61c6213a9a331d22f2babb968e3ead585a6c99b1c541e778dc4077ca4

SHA512
22b55912e20f89680d2b530058275df12603438594b751ee5dda6b451ed172cb81e488e6a9da18661eb6487421491b5b57bd6fc9e622100ccf8bf74f7cd58c6b

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
5a778347d383342120f57b810bd0bf30

SHA1
07268a4a2843a901271820a235b7905975db631d

SHA256
14abdc678b3e8abce94d7209f07a1bb3b31fefe153e355e5eee9c29c5578112b

SHA512
80cc7ed164647169fbbce1a246a00b00a1cbedb82bafa7b3af7c6b8fd2e7e23337993e39ed95d99f80917f36d50b3c8c0eeeea14d34bf98bfba248d5b825de9c

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
191KB

MD5
a780e5ff81fbd5818d31e495c0b04cc8

SHA1
8abcdc6ee13a1c6aa5d80a38ceb22cd72c9a5f2d

SHA256
bdd84da330ebcc79e4ead4f1359113741e0719c209f05213220aeea241c9f330

SHA512
99375e34c3d3c07236932e7f670c994f88f7c6fdfc04d54622846941d44e689d1283bb4da90326dbb6ca847025091c782dc08e3d71a58bb3cbf351188b231080

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
0623f1b017d340d8315081ea48db8084

SHA1
5df5280af6a34f98b24ac499b7832be1c529140a

SHA256
41d8c921708d194e5ee43429bdd57591f37a5141127626c748543b1d6442d2aa

SHA512
1c4661582b15d83c0e9281acdc6a8f9b90e32b8f19b058c2a6e4a6928c405fa2c55410be5bff184fc2c5e975d5cb24c63d09d794eb4c4eb62e67b413a8d275d2

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
264aca3f784fd7a648a36e61efbd46fe

SHA1
ebbda17fafba9314dc22f31d9c751d22d4b908db

SHA256
8d6ed6c7ceca9a089a4c6af634e7594b7f26a6f3fbbbf0221c742b346a44f9fe

SHA512
5cce1cfe5a85b8462cd613a9bf5d1a1f21788307aa910414b4cc74fcba17eb2123a57510db76cf76233d01155fb1c0485ec6781cab828cce686f2a2a6ff36b3a

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
ac0aa57266715762d65d39f92ca95ccb

SHA1
aa3a901d5c9da29848022d6dec23e60db12f1f68

SHA256
f4890fa393fe78b2afda52806a287d594f6de6af3652d1c57500d50b934e04ae

SHA512
d5333f498206b63bd3a50438152475132473af5e7a5a9f0cf1bd482fbd71776ddb8c6b2ad5862d249d256bfdd5188159ef18b33ef7cae82353d8a8453ed8f3ed

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
b15037fccf72ae1d2d31d2174fb36520

SHA1
ef4f8f76fedd4813053ebb1390ad009ea701f83d

SHA256
41c4de16513ce741d42ce55ec72a86ee552e66e18970677e3271ff8885e08e01

SHA512
813253a0b3c0449abd45f0780abf649c84b09f9790922919ae247f988c479989454c19d373cd9c7e050fe3c55d3ed7018b465fd9ed8a08482d74fec508b02d35

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
63b52f311b0fce2082ed5eb9e6dd6d00

SHA1
0af77c203df2cdf5b3af8060b5f244a0c2e3871c

SHA256
7ed167bf904eccf8be90d099808bf78cb6a71708efe29a125edd1e99b8f41958

SHA512
95463f3c016a6b1bd7937b5f7d82a88952525a58ef443cc8fc8ad0a46bfa4bba881c4a8902b9f439ef847b2da77efd149717e6c819bb1cf96cb2551a35e2f796

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

Filesize
135KB

MD5
ca2290d6c7ccf0f849a68e48ece6e56e

SHA1
4c8d3397aca9dc8cdbb14ddb953a3f7197e6240a

SHA256
839ff4b1510fbc4d6fa307484a4561906dc3aaa6235ea0d05d33a10384447f1b

SHA512
0c3db42a08e0df2e7e4aa60ee624c607dbcddee6224dbefd77ee083dc8d53dd0ee6ec40dc95d56866588a7060bf10664d1760de8d9c152cbbd83096165f5f7b2

Download Submit
memory/1940-136-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-133-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-163-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-134-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-137-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-138-0x00007FF970490000-0x00007FF9704A0000-memory.dmp

Filesize
64KB

Download
memory/1940-139-0x00007FF970490000-0x00007FF9704A0000-memory.dmp

Filesize
64KB

Download
memory/1940-162-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-164-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-135-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download
memory/1940-165-0x00007FF972A90000-0x00007FF972AA0000-memory.dmp

Filesize
64KB

Download