plugx | 17c5b8ecfd7ff396a320bbbfea302eaff648213fcf2ec6bc1a79b6055d708f74

Resubmissions

29-05-2023 14:48

230529-r6nwzscg4w 10

29-05-2023 13:55

230529-q737maca99 7

Analysis

max time kernel
391s
max time network
442s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2023 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Size

194.9MB
MD5

86ca28bd1b44e23b240f66b3255a9066
SHA1

bc6f1d376fec8322419e17349d5dd1c17eeef2b9
SHA256

17c5b8ecfd7ff396a320bbbfea302eaff648213fcf2ec6bc1a79b6055d708f74
SHA512

3190166615f616302b8dc799330b0e060d6afae1b534a4fc4dac62264df4d366b370c85b74fa3942ea32c9640fb8a05f81c86ebd3d96cd460c087b33286a2ef4
SSDEEP

3145728:ohXbmla2GI8jx4lVSLXFJLKMuNSOZd891ZT1BFSl7MlFroahoXYns:cqXxl8/LxusZ9hal7MlFroahoXT

Score

10^/10

plugx discovery trojan

Malware Config

Signatures

Detects PlugX payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\DWSIM\Xamarin.Mac.dll	family_plugx
behavioral1/memory/4256-3198-0x0000022A6FAD0000-0x0000022A70C8C000-memory.dmp	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx
Executes dropped EXE 2 IoCs

Processes:

DWSIM.UI.Desktop.exeDWSIM.exe

pid process

4256 DWSIM.UI.Desktop.exe
3672 DWSIM.exe

pid	process
4256	DWSIM.UI.Desktop.exe
3672	DWSIM.exe

Loads dropped DLL 23 IoCs

Processes:

DWSIM_bin_v844_setup_win7win8win10win11_64bit.exeDWSIM.UI.Desktop.exeDWSIM.exe

pid	process
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4060	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
4256	DWSIM.UI.Desktop.exe
4256	DWSIM.UI.Desktop.exe
4256	DWSIM.UI.Desktop.exe
4256	DWSIM.UI.Desktop.exe
4256	DWSIM.UI.Desktop.exe
4256	DWSIM.UI.Desktop.exe
4256	DWSIM.UI.Desktop.exe
3672	DWSIM.exe
3672	DWSIM.exe
3672	DWSIM.exe
3672	DWSIM.exe
3672	DWSIM.exe
3672	DWSIM.exe
3672	DWSIM.exe
3672	DWSIM.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 49 IoCs

Processes:

DWSIM_bin_v844_setup_win7win8win10win11_64bit.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM_RSD.ico"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\shell	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\shell\open\command	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwxmz	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwcsd2\ = "DWSIM.CompoundCreatorCase"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\ = "DWSIM Compound Creator Case"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\shell\ = "open"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\shell\open\command	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM.exe\" \"%1\""	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwrsd2\ = "DWSIM.DataRegressionCase"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\shell\open	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\shell\ = "open"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\shell\open\command	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM.exe\" \"%1\""	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwrsd2	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM.exe\" \"%1\""	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\DefaultIcon	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\shell	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwxmz\ = "DWSIM.SimulationXMLZIP"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM.exe\" \"%1\""	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\shell\open	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\shell\open\ = "Open DWSIM Data Regression Case"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwxml\ = "DWSIM.SimulationXML"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\DefaultIcon	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\shell	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwcsd2	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\ = "DWSIM Data Regression Case"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\ = "DWSIM Compressed XML Simulation File"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\shell\open	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\shell\open\ = "Open DWSIM Simulation"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\DefaultIcon	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\DefaultIcon	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.DataRegressionCase\shell\ = "open"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\shell\ = "open"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM_XML.ico"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXMLZIP\shell	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\shell\open\ = "Open DWSIM Simulation"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\shell\open\command	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM_CSD.ico"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\shell\open	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.CompoundCreatorCase\shell\open\ = "Open DWSIM Compound Creator Case"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dwxml	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\ = "DWSIM XML Simulation File"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DWSIM.SimulationXML\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\DWSIM\\DWSIM_XML.ico"	DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exemsedge.exe

pid process

2552 msedge.exe
2552 msedge.exe
2880 msedge.exe
2880 msedge.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

DWSIM_bin_v844_setup_win7win8win10win11_64bit.exeDWSIM.exe

pid process

4060 DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
3672 DWSIM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

2880 msedge.exe
2880 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

DWSIM.UI.Desktop.exeDWSIM.exe

description pid process

Token: SeDebugPrivilege 4256 DWSIM.UI.Desktop.exe
Token: SeDebugPrivilege 3672 DWSIM.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

msedge.exe

pid process

2880 msedge.exe
2880 msedge.exe
2880 msedge.exe
2880 msedge.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

DWSIM.UI.Desktop.exe

pid process

4256 DWSIM.UI.Desktop.exe
4256 DWSIM.UI.Desktop.exe

pid	process
2552	msedge.exe
2552	msedge.exe
2880	msedge.exe
2880	msedge.exe

pid	process
2880	msedge.exe
2880	msedge.exe

description	pid	process
Token: SeDebugPrivilege	4256	DWSIM.UI.Desktop.exe
Token: SeDebugPrivilege	3672	DWSIM.exe

pid	process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

pid	process
4256	DWSIM.UI.Desktop.exe
4256	DWSIM.UI.Desktop.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

DWSIM.UI.Desktop.exemsedge.exe

description	pid	process	target process
PID 4256 wrote to memory of 2880	4256	DWSIM.UI.Desktop.exe	msedge.exe
PID 4256 wrote to memory of 2880	4256	DWSIM.UI.Desktop.exe	msedge.exe
PID 2880 wrote to memory of 3740	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 3740	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1936	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 2552	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 2552	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 1628	2880	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe
"C:\Users\Admin\AppData\Local\Temp\DWSIM_bin_v844_setup_win7win8win10win11_64bit.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4060

C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.exe
"C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dwsim.org/wiki/index.php?title=Downloads#DWSIM_for_Desktop_Systems
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaf08a46f8,0x7ffaf08a4708,0x7ffaf08a4718
    3⤵
    PID:3740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15136395256517951670,9412744946121449542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15136395256517951670,9412744946121449542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15136395256517951670,9412744946121449542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
    3⤵
    PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15136395256517951670,9412744946121449542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:1184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15136395256517951670,9412744946121449542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Users\Admin\AppData\Local\DWSIM\DWSIM.exe
"C:\Users\Admin\AppData\Local\DWSIM\DWSIM.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\DWSIM\Cudafy.NET.dll

Filesize
3.4MB

MD5
dcf3b806873fa652ccb17370e0ffb25a

SHA1
729e86521daf654a60569d7e83ef848a51b5474a

SHA256
70e66302a0cae967ab2c27c00674fb15ee61caa68a209c7092c5c66b332e7b0e

SHA512
3ab1ba2178605ef571725150749f91fa8d831a3803ac7a60f03bbce5b9263c06c67de62813dbe7c49003811916d506d3ca8ed7206b38cf319132c40c3f423223

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.Drawing.SkiaSharp.dll

Filesize
47.3MB

MD5
fb37ff061bdfe7594a97bb2c829f0f46

SHA1
559e6bd627ed39d0e9b3d368fd00304899cfcc7c

SHA256
162506b4d3155bdd96ffa0ff80266196b46c640475ef9c3568bb14d345c1ab0e

SHA512
ce42479593985dc03437d9bf3b5cfcd51432d94aca9f94fad04894e05b776aa77fb4a645963f7390111fc9aff9cb2db7e774216d0c3ebef100a00e5c456f3b75

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.DynamicsManager.dll

Filesize
29KB

MD5
1fb6a1c77bc351254c5116597ddc0ca5

SHA1
1aa432c110c90c3da6c937be6aa4413853713e92

SHA256
bceab9b7239f21a8ce211c5336f8372c954ba5e4d3840660f0f6dc7bbb40d1dd

SHA512
6a18a9f196d6832ba3ddc8127ecad46a407c335d4afff70731348fe65e6281a8dae8260083e73ffa5d5ecf688d872dc2f8d02a2b333abc7cced0508bfe8a9521

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.ExtensionMethods.Eto.dll

Filesize
153KB

MD5
04f9147f0930106434a46c4c16190d4e

SHA1
5d76f60cef33a4c7042d89917deb2f00b1f48cc7

SHA256
a39164e9bf3930b509319e8afad526ac3b633c308f836ea51ffc642f44e80ed1

SHA512
a5497819c5bb9a9cf6b2cfc534a1c2f3095dd1a49e28b96f454509168daa74a9829cede7ac1a7254532201a0fadae76c46fe5aaddabdaa76c30314f3a37df668

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.FlowsheetBase.dll

Filesize
316KB

MD5
5efa4cc3f452f74ff5025380f842b229

SHA1
f667ab7dc5980dc50062028d7abbe9dfcc16dca1

SHA256
1b403abe64031d3f304ebab3f5f294fc1cec3578c234263b8b6e6325c45120b8

SHA512
e4df793b73b571cf27248acffa644715b5cf9f9cfd4828c396079a656b6c1e28e4edf74f70d086017ca98bc6b1660dff9f3b27e31bcd74cd170778d4e82a3f3a

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.GlobalSettings.dll

Filesize
31KB

MD5
51166da6bb4d846d5627ed86c7a1de59

SHA1
05820b6b7e505e66fdc8025918b2a267e58f1414

SHA256
42d78fbbb780e800e5c476ad027abcc66685b9a0236778d4f46fd9580f732282

SHA512
9eb6d7ef4fdd5e63696b4f6baf988ffc5c87cf9be20780bb763eb88ef19129fbefcf1fce46ef56e55bf2e28db64dc8b076d832d26627c8460e25d3b217f93f92

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.Interfaces.dll

Filesize
119KB

MD5
a4a7839acde10d61a28497a2b44fe2d1

SHA1
b4df0767c7f8b975c96a9f2f80d2e37ebbfb8bd9

SHA256
25ff1262f1ffff2205f43d81f69c416b0bf3d1f2398605c91f3aee37a6ca429f

SHA512
5c5757c1e7b92dcb1bf737477f604df4fb9c293d298a76948c44525ede59e9a8f36e4e0137c6f2461021d09993aa321e453158d99b79e9cdcb571a05e04a08eb

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.Logging.dll

Filesize
6KB

MD5
50bf779d6ad024aa95b6492a70ce220d

SHA1
3028fed3744168b621640696ab26d4184ae5b58d

SHA256
03508418bf51f3799031421fb3edb04e0ecc719b32dfe5fc541a5cb3ae04e8d9

SHA512
1197e83b2bdda8ba07503d0b309a3110e3061faa140d0f00d22a8ace3330e0a9bbd479e596ddba6c85198a090730045b49e3a142b4e7bf5921e4ba8bf65a8f44

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.SharedClasses.dll

Filesize
351KB

MD5
f1602c71d8eab5df1bdb69ea346bcc2d

SHA1
963e28a5c715f6648bd43da20a04011173a6c659

SHA256
29d0aec90c35f3ee065b052643d36b31b5f8ef9e12538fc78dfd942c0ff3fda6

SHA512
9139ec89d79aaaf34c5554697717386deb2696e13f10db52aae3ebf6caecd9dd1438f076b6d40a6fa060606249710078858a7682753430427ae2693c9599b8ab

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.Thermodynamics.dll

Filesize
18.6MB

MD5
bd1d1f2e7483fe4f0cebbf62ae5ca342

SHA1
1ba569db008f0155429deff888b7af46048590a7

SHA256
152502f2c33da3e94eceb831e78beeeed856d98f98506d6edeb485afaa7cf69d

SHA512
5604adf5e903dd98fbacf461767155b42a467575ca58b0a47001659559dea489db2d97b72dbf9de5ba63c65c10955815c9b5be4341ac6b8ff82697bc4d60881a

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.Editors.dll

Filesize
853KB

MD5
e93d7f32525fd807f597cbec5cdf25ad

SHA1
dd75c8346502b2dc21f30b454e382e7f118adc44

SHA256
511d0197e7b9cb303fad7708ffcb9c9d5e462644362db19e898fcce6a3c6aeab

SHA512
6eb4a93e066f28afe66fe3ca28ef6665c3cd24183195d35126633759d2b79eaa88faf71fc96d270f287d430939777f31bcf0c1973310873e105fb3c7041e0140

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.GTK.dll

Filesize
31KB

MD5
485ce4fe4fab207bdbe3daa77b4c3ae6

SHA1
d0eba525a16de10850458075960205056aa524e1

SHA256
b36a667e734918c373810c95a4bf227283e11d99532eff789fc86545c07dc5b1

SHA512
6eb662d6a4d8490302b199cdd14ecc65714fddbc76aab4d1f9949a0ee93f9ca780cc6ec4064184f90eb49d18abf926149d67fa7933b55c6c0e7511da838e2ba6

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.Mac.dll

Filesize
76KB

MD5
17ad2b0e3e2ea9e6e7de34265e524f87

SHA1
da6c230b04a045b7e82feefced0134a8dbbc9c7c

SHA256
a5ac87412793cb0a9fd55e99675b60ee70e9eb2747fe1f2665e3dea12bdb4a65

SHA512
f464650ac7858887674267d5b38e2c35f7409618e2badcf2a92ecad98638456cee6889d142bf16f98e8d77d850f4dcea181ed22305ff10b05bf3f008f1928a4e

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.Shared.dll

Filesize
142KB

MD5
b569253d2403673fb1508e0bd9cc121a

SHA1
2a7a0d196699d73012c15e0de621d57e437cf10f

SHA256
421213ae1fd9094c7ecfa3a7c844a05e00752358deef0f2ff252ef1ba7de5c35

SHA512
cddab0cf982235abec3fd912496668285e012453ce7f0a583d3122b990fcae24bf0fe41efb49ab3ebad4ba0a82bef9e34bd32f84a41382dff1fa8b99b5e7d46b

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.WPF.dll

Filesize
21KB

MD5
8d6d50fd7ff158855c7cdec599460c48

SHA1
91baaf1aa022cdb669ace1724f62bedfb91ba327

SHA256
9733bc3b5092658ef646a819dee9873154ecb036c99f32be030fd383284014c4

SHA512
03de043eb4b5245d016368aeab0c58cfeeb7948b74cf24f751559772d50a45f2857fe952566ed1be9d2059d2288b72c5aa885d30693cce997bc4b29d93b260a5

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.WinForms.dll

Filesize
19KB

MD5
a3decc3ea6e8c3b3f539afd593e4d190

SHA1
47c23fe13b6ca396c413ef4a2f568327b95b866e

SHA256
2ef92bcd40f14f4a481ea53923a4feeb3b5c3ce73f951bd2a3b564679ade3e08

SHA512
edc516cced7ef7cd842befef2b899d2e1b59d4bb07c034bc7fe10c4129629c8de4200164557778817f8217ca8455b49f63a0c41fe713ee71b5ae0c83d0bf7636

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.exe

Filesize
104KB

MD5
b67668712f1140056649114946547508

SHA1
bbf897e76fb1cf0d902c6c8dea3a1809b45f07ae

SHA256
9c4569451b5564d19799a5f05205ccc697898346a0369da34c9d4cf18b1fc275

SHA512
9aad504c9208a831c9723d03fd5dd74af18742e89eee73c77dd8d89f8ab4276093c0e616c34f56d38230e41faba2804a3fc68a6141922ae6e884195e31a5a6d6

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.exe

Filesize
104KB

MD5
b67668712f1140056649114946547508

SHA1
bbf897e76fb1cf0d902c6c8dea3a1809b45f07ae

SHA256
9c4569451b5564d19799a5f05205ccc697898346a0369da34c9d4cf18b1fc275

SHA512
9aad504c9208a831c9723d03fd5dd74af18742e89eee73c77dd8d89f8ab4276093c0e616c34f56d38230e41faba2804a3fc68a6141922ae6e884195e31a5a6d6

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.exe

Filesize
104KB

MD5
b67668712f1140056649114946547508

SHA1
bbf897e76fb1cf0d902c6c8dea3a1809b45f07ae

SHA256
9c4569451b5564d19799a5f05205ccc697898346a0369da34c9d4cf18b1fc275

SHA512
9aad504c9208a831c9723d03fd5dd74af18742e89eee73c77dd8d89f8ab4276093c0e616c34f56d38230e41faba2804a3fc68a6141922ae6e884195e31a5a6d6

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Desktop.exe.config

Filesize
6KB

MD5
7fcad50ee45de439750fc8d266018512

SHA1
602a6035d6b652a7880d3bcc9c969d8f58d89542

SHA256
c6caa19b5526650b4b541a100408f5af1dda8c8188491495e9c51f2eeaf962e1

SHA512
4e12ae8816b6f46fc52450ea74771f3b1f3afe192e6f93c68cf88d809c56d96033f05130cd584c7dd4a46a6d30ef29abc53dd1d5c6667fc47c4d25b2753d76de

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.UI.Forms.dll

Filesize
3.8MB

MD5
9daf95fdb00c96c0bca09b58d35d180c

SHA1
5ba042cb81b765cc4bda6b7c87f78548f51e8910

SHA256
e8510a1bd5bc91ba998d76ce04d3bb82f7e9145838788c3481e4385845911b82

SHA512
7c08229a52b74f90431c2032fe20656d3ab711ab46ce083b128f0b99577ada017a72b30bf506e329379241c3179c9bcd5562e3579c358592056ac86ce38004e5

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.exe

Filesize
24.2MB

MD5
ddb93d12d6707422e0ea4b3023fee155

SHA1
41bb03c4cc89c2d683f0224c16a507425bf4b8c0

SHA256
89abbff8f27feb05b51c31afd0c0c2569d432fa9644408e702a195a9b9aea16c

SHA512
ed8c5fb0246857652471764ee0b5599816f1eb9e5d491a4291f1f3d9be9da524f2c31ffd55d45cbbcc4e4290fe26e1ef51f8cd3d3abf7587a2e07ea37be0056c

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.exe.WebView2\EBWebView\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\DWSIM.exe.WebView2\EBWebView\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Eto.Gtk2.dll

Filesize
388KB

MD5
f8cd22b0ed35ed16d36362cf3025d8e9

SHA1
6638539d1fc0b8538d4273985cb717d4d1283639

SHA256
99a9df1c325be98c0f5b55e6939c542ffb7c9b95c4ce3bf86f7f944539eff5a0

SHA512
1f2f4f1c4438562018658cb0625abbf96232eaa022ae4d315cb1048988cb5987beaa05435e6b2e3433044be54988f73fcf2b9052ca2f97a2aab88b515d8707d6

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Eto.OxyPlot.dll

Filesize
5KB

MD5
16194722d012dd4ead2344edae422434

SHA1
6124684ee8fdd81268e81b955181016cd0136cad

SHA256
800cab4634587e46b4afe02f2d23dd7c682e68059c8f378afb6430dd9a0421e3

SHA512
e22025657e827c957726e2260a0a2cc50e573105d1b2bb894f41102d0e143294ea25b6d0dc9f1fa2a915f054b09083805136251d07ae31707aad64b24f6a5420

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Eto.WinForms.dll

Filesize
1.1MB

MD5
d4bd58b0a7af3b404e17eb91efc7b1ef

SHA1
2d1d8d3aa77a848ebfd91491dd83fed376c5c7a2

SHA256
9cbdd8a1adba94216f975b556d90c2c1b04f18e7e8ff408f25af817df9e49f51

SHA512
806c07b357b94164c3e2e6c1ca0054c41c1d4074a358a48b2392e835eae0e2f18cf8f7df1ef27cecaf7297be5abe907b636600719562727a87b3a90f693a08ef

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Eto.Wpf.dll

Filesize
2.3MB

MD5
e08f0f131c5e1a4a4045c31002014509

SHA1
4efbca7b4dca8d4eb1213cd77c3dae3947ac5a8d

SHA256
cb4ff656f962180e6ba049d935576eb2872cb7f42cf93fe4a93be439fcfaf708

SHA512
7ae6538924f511db8adbb01a54e77827a464625fbc55be6bab703f25f049f1e445e68def5478a806f8b3e3ae797f8a33899b0ded1b027fe145c4626da941dbdf

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Eto.XamMac2.dll

Filesize
499KB

MD5
bc19083c45de5425a6d43ec7d02426d3

SHA1
30b5808cd879e6c03252b4d6b4134e13ea330f22

SHA256
710d9fe68eed9043e6ca65bd44a54d59d2e823aadd79ea7de6079e9d2f27d3b8

SHA512
02b00ef2b9908804e1f41e11f96c6c24c4680d6bf139d4f2deb2b12f274a3b099f420923ce74a5ecf7d0c5a072aaeaf1cfe40e1fce70c24fe4851453754b8064

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Eto.dll

Filesize
689KB

MD5
a47e51081690bb104b77ff10d0125d2c

SHA1
11951f401d161b69e206e3dfe39b1443eb9f57a2

SHA256
d4b5ab16874dbb268aaeeda9807850ac03cefb8ce18f0b8496d9a4a2b580f9a4

SHA512
a308b47679f06f497a79fc18eb476c58aee3a34c3e384af1fbaba9275b944298e8fae22c6fb5449e7e5459d3b22b2f72c31ed4c44739787dcf085ed2ed9b4adc

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\FileHelpers.dll

Filesize
204KB

MD5
847bc05daa3ccc4b3fc671bdf189c94a

SHA1
7ce1c0a78bb9f0f304586e3ddf3b0e1ff6ac686e

SHA256
e0961e3a44c278a85e94b11f25358ccfc91e3e28989cc515cc0fdc5941491179

SHA512
5361e578745db91a6f47ca95aaef1df22a2a78c7fe8a6c92bd8641e6a6132dca4f0803552ddcddfda1cae406a44a7bbcacf4eab16bd0f70b16b954884e248ba0

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\HtmlAgilityPack.dll

Filesize
165KB

MD5
7939c27033a7c0e80022a788c537275d

SHA1
df3260a60a4223bd0666d1d13b15fb4e4bc78af7

SHA256
37e643b9ef95d1fb21de79ad0b19825fc15aaaf43232c15e030e4c3bdba07714

SHA512
798cd9a213ad3750521cd6ec2fc4e4806c88db50e9c30a6809f067c3a063731d08b67dc9662aa3572aa40c3ba5a037aca7b590f0d9b4214d4ab256525af6d6b6

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Microsoft.WindowsAPICodePack.Shell.dll

Filesize
530KB

MD5
6d8deb7be7360761fd43ec9ddcaa0811

SHA1
b45482a37b381de2a0293b6be48c4cdef04aebff

SHA256
aa5d80cdc0da52970031309b457e3e3fd505bb1ac13fb79801d15bfbb4a700b2

SHA512
c400812dcdec40e4bce3ebfd1a3d472dbe27fb5bccd22e198f870f418c003d121135fa82e6699c581167f48393cacfc4876eb2e50f51104bcd9d322a5641f75c

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Microsoft.WindowsAPICodePack.dll

Filesize
103KB

MD5
56e013e924822c9d02329b15b03ede73

SHA1
085dacfcd1ffa398b795d096833d16367b0d2886

SHA256
7b88388b8367f0d873d0e3b66f533869c24e346fb6f0b2c6c783f931cc9a1631

SHA512
ea0020ee32e0c7e7323f5858a462bf762f65013509012147430f0d8f665eb86f534d2491ca9f737c15bf6f995a8d3e0172537129a0dc8628cf7bf0d0f48457d1

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\NLog.dll

Filesize
830KB

MD5
5a0f27e3c1547ae8baea0b58ccc0b172

SHA1
55b6a7cc95800ecbbd812a437f66e1a70f74b556

SHA256
ee781c3ec1ae1ede19b54afea92155f580d562f8c2c33f1e12ec633517e1af58

SHA512
c21f4100cfc6fa29baa0a1ca8d82e9bcc67c84de17c846c5a84df752c6aa214f9733187992efcf8b078f87996d204895aa48497e0872b869e78005ff192cc288

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Nini.dll

Filesize
68KB

MD5
b56f954a761998c5c79176fe34830b9d

SHA1
39a51b7c3b7bdaeed9b2d28894f731d88c091b44

SHA256
5eef009e571beba76f270cfde8c664a138f6c937d997692fac42851ba0868c20

SHA512
c380ec96d881d36a9f1767ff403fe3b497673118960c31f0d727510c0e1dd165bfbac7a236462b4c68df87e7c2e1e0b044096ca6a8931d023affd634ff2f7902

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\OpenTK.dll

Filesize
5.5MB

MD5
78bae31b76a226cd5668af8015543561

SHA1
c3e93234c22d921cdf895afdd3548cd557c18da0

SHA256
cc028843e1bada8c1ef321d91924ec29899c535e93ce538c8e1c548e856e24a4

SHA512
de1d5b80615d8922af272d691c620bc3f288d234902a78b39ddd3e807d633c1a56c4c3d72007443efda2f2f9fd3c8d01743264a17098a4ccc1b33baa37dbb909

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Scintilla.Eto.Shared.dll

Filesize
56KB

MD5
ad89384f760b94c5a1ce94a4cfa391ae

SHA1
1c6c5441884f8bf415650f8f695098b4d3bfa576

SHA256
16fcfb70a4b57fc32ba2c21d66925d265719dc88eb445f050547eabcd5560cab

SHA512
1f85986e065e1ce4353e4f9ecf636aa0c1e4f223d18c6ed6406eac4507abf5b154d59cce380f536bf4c003d2f424802da4d990c73aed8934b156ba7701916363

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\SkiaSharp.dll

Filesize
336KB

MD5
4ac25bbf8eea219bfd4d8ac036ece89d

SHA1
1b6d4455edc87dadc08bad2e1ab312d6a0805665

SHA256
17f9a087c10abd7dbc267f73a87f07d63ba7f8bbfd7dfcf8fddccf69c510f91a

SHA512
a39837baf155e2123834cae5a048cdc1182cbb832304063a3d357b7f89f08638582fe3ea996e71e82151254f002af22f9e5350f7a1ac1f2a3d90c0a85143ce9a

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\WeifenLuo.WinFormsUI.Docking.dll

Filesize
284KB

MD5
11cccc9c18e704756de2e56270f5a3f1

SHA1
273a726253f0f46122ed039789dbb63161be0947

SHA256
b5ecf504a54bdfc7aaeda83228f4dd6f2ea57a36d2cf1010a1b4c462bcd60128

SHA512
8c9afdf226c89694098b8e5111fa2c5066cfb7f0ffa5bbfb1b0fe2947c8d508fa2cf07f4ce5d8a4d72d9cdf263b48998bb76937b970ca79547ad1b7019dfe16e

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Xamarin.Mac.dll

Filesize
17.7MB

MD5
efc6614d8824acd5cb6469c670b7c930

SHA1
62514937a5169959d5a857b02cf4e24b7d4936a5

SHA256
6554fbab7d37c9d58a21f5dc5137cf7acc258777a6dee1ce769af3844038c9d2

SHA512
7b3db826c4687dcf2df2cfe5af1a753553b5a9e9dc3d1f63d8d96e2304950cf33ea3219152d51c4a657824e5c1127ddd2f0c9913c510e12a3fa876b547d73180

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\Xceed.Wpf.Toolkit.dll

Filesize
1.1MB

MD5
c3d181ab31e5bec15d266f50c8bfa4d8

SHA1
e46b04fe9e1620945881404fcdc73588e84f2dd9

SHA256
d78d3c61c4665c703976f5f697187669a5ef888ab1c00ebaabc0bcf409e833ae

SHA512
11b0dd0ba7292b5aceceb8f55a388571663f2820c55582e39f7e2727ff4e7ea0e3b51e24ae37c858326f3d1b3ce2ff272703c904dafc11b766ecfbdaaca59572

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\libEGL.dll

Filesize
85KB

MD5
fdd190c7dc4accb917d8091b541c0c85

SHA1
ca3e0efea678f8b8d694075ba66d02c538687f30

SHA256
8bdf0991c3dbb87ae28f0ad35e3512ff20888a94c7c867630fe781cd983e6053

SHA512
cbd87aa17bd8e7337cd38ef3bca6ce80cdc9c7fa5ca16cdb277608b5cda15aa093efe517d0d9a87db78662b7884b607fc41136deb4dda4ccd6cd499b3512cb04

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\libEGL.dll

Filesize
85KB

MD5
fdd190c7dc4accb917d8091b541c0c85

SHA1
ca3e0efea678f8b8d694075ba66d02c538687f30

SHA256
8bdf0991c3dbb87ae28f0ad35e3512ff20888a94c7c867630fe781cd983e6053

SHA512
cbd87aa17bd8e7337cd38ef3bca6ce80cdc9c7fa5ca16cdb277608b5cda15aa093efe517d0d9a87db78662b7884b607fc41136deb4dda4ccd6cd499b3512cb04

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\libGLESv2.dll

Filesize
2.0MB

MD5
72187fddfea51fbd9e91a941c787b1a4

SHA1
361af4019d14d57cd54642b9cb300f6024096b12

SHA256
fcddf6ff2e61c05468e950fb9e6b02b62cd30b2b10a215b0360f5e2e5f5dfba2

SHA512
cd64e18cf19bf80a41ea0c350482f13681cf9f1357968b500f78d5ddcd92612aef3b8ff09e92cf6abb6924baf5cfd81b09399a552ae059a6328069ec9285ba4f

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\libGLESv2.dll

Filesize
2.0MB

MD5
72187fddfea51fbd9e91a941c787b1a4

SHA1
361af4019d14d57cd54642b9cb300f6024096b12

SHA256
fcddf6ff2e61c05468e950fb9e6b02b62cd30b2b10a215b0360f5e2e5f5dfba2

SHA512
cd64e18cf19bf80a41ea0c350482f13681cf9f1357968b500f78d5ddcd92612aef3b8ff09e92cf6abb6924baf5cfd81b09399a552ae059a6328069ec9285ba4f

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\plugins\DWSIM.CapitalCostEstimator.Trial.dll

Filesize
15.1MB

MD5
5669d5e70b7d814e49ae4a1bbb10d22a

SHA1
d9575ebf75f0464fc243e9e809de54690bcc1bc6

SHA256
7e4243ad0c063ef6ea25227e4b13f6f53fd6391dd1dd6593b644c8dab8486ffa

SHA512
0689595d4fd4736ffcfa99215d27666a94304e50a25715ca306a349941ad33a3a7da0052b21a05a2b6c78ebea5195a664cd036c6c2cc9e75db16f4695f85bcfc

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\plugins\DWSIM.Plugins.HeatOfCombustion.dll

Filesize
22KB

MD5
2d1a3d3186b93eb4423b760af212821a

SHA1
5307e9e24a299080789d667bd12067c14a90195a

SHA256
b4c4c6de3e65cac563ab7309ed2db0f6539d9baccb1d372a36bf73e8c410d8f1

SHA512
3e2cc8692ddf2b365201e4e8a7ac40d29a3bd9854449c6e0a4f6f6e4b4280f4f8787d9f2bfadb91d16d00b7d072433f8fddfa543544e4ee4d116771e1fd4cfff

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\plugins\DWSIMOPCClient.dll

Filesize
89KB

MD5
c7aecc6383b050ff38599bd86a1f2e37

SHA1
809c17f7242d60549ca7f69d2204605a04ebc5cd

SHA256
1fa147617b8f5a5ab9e53c8706c3e643e7c8fe65a1951876098903a2b03b2361

SHA512
dc07ad516ac28361f0e8e2c920d73f7e3ce7a4e8eae3d60f3462dee1cf9f64dbb0a747326d844e529a4315428351be48675212a49ed614f367aab97121a0f1f7

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\plugins\FileHelpers.dll

Filesize
204KB

MD5
847bc05daa3ccc4b3fc671bdf189c94a

SHA1
7ce1c0a78bb9f0f304586e3ddf3b0e1ff6ac686e

SHA256
e0961e3a44c278a85e94b11f25358ccfc91e3e28989cc515cc0fdc5941491179

SHA512
5361e578745db91a6f47ca95aaef1df22a2a78c7fe8a6c92bd8641e6a6132dca4f0803552ddcddfda1cae406a44a7bbcacf4eab16bd0f70b16b954884e248ba0

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\plugins\NaturalGas.dll

Filesize
69KB

MD5
256996b9ee012e1e7f9d04d41dcc94ef

SHA1
d4975290c0df93bcfad5135e4847a2da4a55d889

SHA256
188dca93cda9f4ddc90a2844376d3da2e82e533d401810516d05eb68a1417abb

SHA512
5481098e3a291db521a89b1a90b68260a5e27a5d58f46c7ececc24daaa5069b4d00ed9af5a93492893f5551066dd43645fa3b631ce4bde088309b872e157ba36

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\plugins\NaturalGas.dll

Filesize
69KB

MD5
256996b9ee012e1e7f9d04d41dcc94ef

SHA1
d4975290c0df93bcfad5135e4847a2da4a55d889

SHA256
188dca93cda9f4ddc90a2844376d3da2e82e533d401810516d05eb68a1417abb

SHA512
5481098e3a291db521a89b1a90b68260a5e27a5d58f46c7ececc24daaa5069b4d00ed9af5a93492893f5551066dd43645fa3b631ce4bde088309b872e157ba36

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\plugins\NaturalGas.dll

Filesize
69KB

MD5
256996b9ee012e1e7f9d04d41dcc94ef

SHA1
d4975290c0df93bcfad5135e4847a2da4a55d889

SHA256
188dca93cda9f4ddc90a2844376d3da2e82e533d401810516d05eb68a1417abb

SHA512
5481098e3a291db521a89b1a90b68260a5e27a5d58f46c7ececc24daaa5069b4d00ed9af5a93492893f5551066dd43645fa3b631ce4bde088309b872e157ba36

Download Submit
C:\Users\Admin\AppData\Local\DWSIM\whatsnew.txt

Filesize
783B

MD5
f4fd14e6e87b41b9927ee923e7a83f14

SHA1
c446679ad3cbee72a0437a64dda7150df0bed340

SHA256
32b28614f247aa5e5c1278118369e914aea63c1d7fdd97562a299256bfac8ca7

SHA512
c239f92d41236ccbc85010244ced135bb055f8f0ef6c0cfc505f06febfac4c4cda7e7d4834433450bf4865a02b6ff4f3afa2e39d924b5b22b63d1a2ff822ef81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
2aeb1a44c1866891dcf83a72bf6367b6

SHA1
f6856679ad9c1abd28dc2ab89f10afbb64eb5a96

SHA256
ce823ee3874a30706619332d77446df0a674c96d72eb091ee7250c778ac8deb3

SHA512
94595cb7abc495f2a082c23d80c36761dc9d6a3302376c855cff7a1e42d6aaaa8b7ec0ad1163ee7ac42acdbba703047d3cb06f8389b9d0632fb383e6768e7df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
177B

MD5
203e8c7711c3596be09b8739a99b6374

SHA1
aeb9a9d04bd2525ceea9aa9c1758bf7b4f6b98c2

SHA256
1c1a62b58cb5a9d265af8a9805c14eeaa7f41d5b0a51d493b0de8e7e62117ae1

SHA512
371060e6154eccf6e248d8b071368891200fce1b074b7922e76a8771bdb78cf3b8e4a6d59bdf59d8df4e085567542e540a3cf1efa94b155a3993d9096f21e8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
433018a1a112687fa98f0cc3d8a25a05

SHA1
c6df9adb7d7bc95ec17c7ff8c3c6dfcde37ad65a

SHA256
f74299379343c57e18911f05dbee587d5aaebede1c6c3155add9cb92c4dfc1dc

SHA512
ebc52147f18fa30f67e564f2eb100aa78a565b629d3cea9e21fad1f9b4031b86286d24eef0c5d42a69a5061aa83ccde7e434182599a67e80fbabc812cba4e08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49813d1cc0fda054e4f0fbbd5d04f644

SHA1
3bcead924a75e1e044d078ca0f041caf2991e7d2

SHA256
58967d5a639a77d8062e19b9a95d990a7ea8a471de58cea1966baf9450b1eff2

SHA512
53418950513cb371bcd3914a448d03e377548bab9384a61110223f33d14825505a064cf1e916ec46c1b12212de9bb241daee805144bb21b82188e59c31848af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cd0288ea52cebdf7d9caf232e707ee50

SHA1
b5105555785fa4ff970fa43c64a28af0877128e1

SHA256
561e4405db15621e752ff9cf338ccb88d643e95561a61094d7d0349b7f3375c0

SHA512
c29a043d19a6190cfe02f8151605cf34e6f945975df947596ed84bcd92fb4cd8ebe464916bd65914f89ff386756b6d61f1f85cf3608dd97083033a7b32bb63df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
d5f110e2ce5dd27d79c3b04a05b109f6

SHA1
be2ff14cdbbf70d0e49e58c62a1a2d37c8743fc7

SHA256
576cd36b7c6caf0b8ea97986c7ee237025579a56aa07fd6f9fcc377fe7591f95

SHA512
c671f569708dad460c121232a40edac01c5e5a96f683029a497968fc0e36462fe634a123d3455eb4ef463515fedbd07abf6d133131022424d66af0f58ac06f93

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\AlternativeStartMenuApplication.ini

Filesize
1KB

MD5
ea1e282beba913e8149f970113c2be89

SHA1
2a90a7a8ff657632eaa5bba90572ca8867c47c3f

SHA256
e5c263494f8c250e616f02750eb11b441c0dbf99f5b43a2a116d58cc52e899ad

SHA512
f4ee45d2c2e1db4211b5dd6879ce336293f7c4a8931c9e3907231d1ded0579cbd44cf65a346c613a19d1c0dcd6288ddcd3883c94e8b164f8016269ffdfe7ae3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\AlternativeStartMenuApplication.ini

Filesize
1KB

MD5
77a6478663ead078f611b0e9569ceb1f

SHA1
ab115522088f014a7b05bd678f1687ecaec0e798

SHA256
f5e67b4d679ed15434c41cee3f8355dc17b1ed7db3811e62949c14d7ca219fb0

SHA512
a08c8d085c7d93de28c4b27f6789747bbb58f943aa01eaf49a3fbe8f32e9558e8224432abd929251d6b84643c9acafb9d267bc00ab3c9c3e4a8e82972ae88363

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\AlternativeStartMenuApplication.ini

Filesize
1KB

MD5
64afd1bf1ed1a0e3233262445cf1317b

SHA1
7ae8382cbddf5f3ad0f5e505939afb295ac7e3fe

SHA256
5a24873a4f16ed320e22ad4a281f6e23d096eb367279ad0798b065c366d2805f

SHA512
0ab12a7754a36c6556e24bf070f08ae92072d05d38fc047bedfddbb8cf6d603abec7330ddedb241f6ef4a719061a042b1ac5bb4a31e975725e1e54c779df85c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\AlternativeStartMenuApplication.ini

Filesize
1KB

MD5
f4836e1a38b0fea84ef54be046afeab2

SHA1
2df14a021496a33ab1ebd7f1faa2ccad6a443232

SHA256
9afacaa7062b7beaca2eefecf64893896e003a64378cf2f7dc2a3c3ab8b1dcd6

SHA512
709c7f6a8f1900946a320ab7f143bef22c287c2f818e907a423e4e624001efa122bc91eaafe10644ac676a5c432b438e97a45ea52ff99705cd5b1b5fb557426c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\DumpLog.dll

Filesize
3KB

MD5
d444d73c66298580938e2f92b1790386

SHA1
639d06d607879daef717aa059b17a8886ff9a220

SHA256
cda786ccedeff0a982f78fe6a225251dd4c35062069b0a9bd1a2ff6406f787a4

SHA512
8c65fd4f4b2c1230276e763b7da65ded80bb2f90664f8aebccf74922e19ebadf9c92a6f3fa8f9df4f2bf445208fe160814fa99bef60b667a5aba24d19ebd650f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\DumpLog.dll

Filesize
3KB

MD5
d444d73c66298580938e2f92b1790386

SHA1
639d06d607879daef717aa059b17a8886ff9a220

SHA256
cda786ccedeff0a982f78fe6a225251dd4c35062069b0a9bd1a2ff6406f787a4

SHA512
8c65fd4f4b2c1230276e763b7da65ded80bb2f90664f8aebccf74922e19ebadf9c92a6f3fa8f9df4f2bf445208fe160814fa99bef60b667a5aba24d19ebd650f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\DumpLog.dll

Filesize
3KB

MD5
d444d73c66298580938e2f92b1790386

SHA1
639d06d607879daef717aa059b17a8886ff9a220

SHA256
cda786ccedeff0a982f78fe6a225251dd4c35062069b0a9bd1a2ff6406f787a4

SHA512
8c65fd4f4b2c1230276e763b7da65ded80bb2f90664f8aebccf74922e19ebadf9c92a6f3fa8f9df4f2bf445208fe160814fa99bef60b667a5aba24d19ebd650f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\Header.bmp

Filesize
2KB

MD5
2f9528b7172999a0ae4a56324bf7a7b6

SHA1
455de822d8318ee8f1e278411ee778d5798bc210

SHA256
1fa4ddb7c3b135a9ff2698fb2df2af2cc3d8795a409553687b4eb583d139d0a0

SHA512
eba619fd4faaac27bd67123005338d4155bdbcff09e0c5ef1d71c0d6a642aec10e0abcda947098007c6b249a9b2beb04ce1a7c3279b17075586c30646041e570

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\InstallOptions.dll

Filesize
15KB

MD5
09d8971beefefffd710030dd167a99e0

SHA1
a0117786ad77213f3eb48cfdc3819786cb796b7d

SHA256
caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95

SHA512
3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\InstallOptions.dll

Filesize
15KB

MD5
09d8971beefefffd710030dd167a99e0

SHA1
a0117786ad77213f3eb48cfdc3819786cb796b7d

SHA256
caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95

SHA512
3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\InstallOptions.dll

Filesize
15KB

MD5
09d8971beefefffd710030dd167a99e0

SHA1
a0117786ad77213f3eb48cfdc3819786cb796b7d

SHA256
caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95

SHA512
3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\LangDLL.dll

Filesize
5KB

MD5
109b201717ab5ef9b5628a9f3efef36f

SHA1
98db1f0cc5f110438a02015b722778af84d50ea7

SHA256
20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319

SHA512
174e241863294c12d0705c9d2de92f177eb8f3d91125b183d8d4899c89b9a202a4c7a81e0a541029a4e52513eee98029196a4c3b8663b479e69116347e5de5b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\Registry.ini

Filesize
161B

MD5
6d7a343b9ebe454cb1c7ef613b3029f3

SHA1
59686daff56b5fb4c912cec569d08ccd417ebb02

SHA256
9439f5ee5d25331e652caa696938f40e8b046b6f3e3092212489b14a3e36663f

SHA512
d063d0690bf18d17b4b1c567a719f797c32e83bbb9198f500425f74c0f5a414940064afcc7b215c29365d82f0a718faeb57ad7f876338c71a55448757168c3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\SkinnedControls.dll

Filesize
78KB

MD5
e99ccb5d7c703f4f2c646dc5ab7729b9

SHA1
3822691b5db44138a8a77d913bc5bee9d6fe1e08

SHA256
6b12c941a9154f3cede11e7ea9e2395e36df27549551cf0f4597cfce26057340

SHA512
1e1ab42193d35524917c4c658e63e6eb1d36a10c88c13fc683e1c85205d2d2005e71ecb41666bb7ed2f4d04815afc56c9ecafa2a3328b4635d8390668498f0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\SkinnedControls.dll

Filesize
78KB

MD5
e99ccb5d7c703f4f2c646dc5ab7729b9

SHA1
3822691b5db44138a8a77d913bc5bee9d6fe1e08

SHA256
6b12c941a9154f3cede11e7ea9e2395e36df27549551cf0f4597cfce26057340

SHA512
1e1ab42193d35524917c4c658e63e6eb1d36a10c88c13fc683e1c85205d2d2005e71ecb41666bb7ed2f4d04815afc56c9ecafa2a3328b4635d8390668498f0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\ioSpecial.ini

Filesize
1KB

MD5
54ebaba89a07a20c914ab7f495f68537

SHA1
3db9c061a2793aaffbf21ebf3fddac4296065c91

SHA256
8e0330bafc30b205872af1e5626bc9176fffd7fd24b2c8b564589dd867659f22

SHA512
6b4184f5a62a45b8868ac96691c95f6f06d92dc1bf888afe0d0093d5a693a2f400e521741256c9061a515fcbefe35f69f2e802fc9c0d87aea2772f512cb502ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\ioSpecial.ini

Filesize
1KB

MD5
416ebbec019c9145593e0df0cf7f64e3

SHA1
16fe47bdf2c6c1cad242639701ae577285a6140a

SHA256
767a4586e5f0cf1a2ef33d6126cd11474af4133881f72489e7d567167fe7a787

SHA512
3361d0186ddb01f921a0d462c240122972a35a7a7117c61c4c877a309e931926f2bcd41ea2c34ab0b1f11daa00b99a7c519d89ce74c06799550ef57989bceee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\ioSpecial.ini

Filesize
1KB

MD5
2e3989ccdf7aef9179f14755786dbf59

SHA1
c0eacf026c6736dc8fd8aeed8d7c02e0ba690b1f

SHA256
2441eb0f9b69ad60c9cc40d8a558f853a0848da4fc595e362f89c8b894aa5877

SHA512
e48b84fabc5b93282f9ab64d2f826c66a7f1ea36fe78107bb221864ddee5c2c894baf4b606d05afb2751110a9f74da75118e043f72929e3ebf32cd01933f5969

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\ioSpecial.ini

Filesize
1KB

MD5
3adc731ce8a2f6bb190e993c217b5f80

SHA1
505c42ab821d8c3885101a60cdac8f0f4702ff9b

SHA256
cfdd13d176dcad4dfda392b10e9c9ad85b0223c551c4c1a0efa92b872fc3c761

SHA512
116f96c8ff87704733bad87b302d6199cb4099baef30ee595e7206228376ede691db9acb21eb03aee8a0afabd71e52e809957540cadb3b7f144e3ebfa74c9d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9938.tmp\nsArray.dll

Filesize
12KB

MD5
da4bc09439ed21faf7620a53433aac92

SHA1
94e3347aebe16cb88b9f29f00134d9e0fb67e508

SHA256
216d68d3f0b37bb2203b3a438a84a089e8c388608f46377ad7e7d6a2709cf9b0

SHA512
920294456e8fee0c4137e4b4ba1389f09ade297d6ed49d78a9593d129dbb5eb048da2cbff7ac29687999991d5f38657cb31af73e2ccf6b8b9ce29480d4d81ec6

Download Submit
\??\pipe\LOCAL\crashpad_2880_MIMUSUWQXXWATJUN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4256-3231-0x0000022A6BF70000-0x0000022A6BF9C000-memory.dmp

Filesize
176KB

Download
memory/4256-3206-0x0000022A6CEB0000-0x0000022A6D3D8000-memory.dmp

Filesize
5.2MB

Download
memory/4256-3223-0x0000022A6B390000-0x0000022A6B398000-memory.dmp

Filesize
32KB

Download
memory/4256-3224-0x0000022A6BF00000-0x0000022A6BF40000-memory.dmp

Filesize
256KB

Download
memory/4256-3225-0x0000022A6B950000-0x0000022A6B958000-memory.dmp

Filesize
32KB

Download
memory/4256-3221-0x0000022A6B980000-0x0000022A6B9A4000-memory.dmp

Filesize
144KB

Download
memory/4256-3227-0x0000022A6BFA0000-0x0000022A6BFFE000-memory.dmp

Filesize
376KB

Download
memory/4256-3229-0x0000022A6C8D0000-0x0000022A6C926000-memory.dmp

Filesize
344KB

Download
memory/4256-3219-0x0000022A6B370000-0x0000022A6B378000-memory.dmp

Filesize
32KB

Download
memory/4256-3180-0x0000022A6B220000-0x0000022A6B288000-memory.dmp

Filesize
416KB

Download
memory/4256-3218-0x0000022A6C7B0000-0x0000022A6C8C4000-memory.dmp

Filesize
1.1MB

Download
memory/4256-3232-0x0000022A6B960000-0x0000022A6B968000-memory.dmp

Filesize
32KB

Download
memory/4256-3233-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3216-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3235-0x0000022A6BF40000-0x0000022A6BF70000-memory.dmp

Filesize
192KB

Download
memory/4256-3236-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3237-0x0000022A6BEF0000-0x0000022A6BEF8000-memory.dmp

Filesize
32KB

Download
memory/4256-3238-0x0000022A6FA70000-0x0000022A6FAA8000-memory.dmp

Filesize
224KB

Download
memory/4256-3239-0x0000022A6C000000-0x0000022A6C00E000-memory.dmp

Filesize
56KB

Download
memory/4256-3215-0x0000022A6AF90000-0x0000022A6AF98000-memory.dmp

Filesize
32KB

Download
memory/4256-3241-0x0000022A73140000-0x0000022A74058000-memory.dmp

Filesize
15.1MB

Download
memory/4256-3243-0x0000022A6D630000-0x0000022A6D63C000-memory.dmp

Filesize
48KB

Download
memory/4256-3214-0x0000022A6AF80000-0x0000022A6AF88000-memory.dmp

Filesize
32KB

Download
memory/4256-3213-0x0000022A6AF70000-0x0000022A6AF78000-memory.dmp

Filesize
32KB

Download
memory/4256-3252-0x0000022A70DA0000-0x0000022A70DB6000-memory.dmp

Filesize
88KB

Download
memory/4256-3212-0x0000022A6B340000-0x0000022A6B360000-memory.dmp

Filesize
128KB

Download
memory/4256-3210-0x0000022A6B9E0000-0x0000022A6BA6A000-memory.dmp

Filesize
552KB

Download
memory/4256-3208-0x0000022A6A660000-0x0000022A6A668000-memory.dmp

Filesize
32KB

Download
memory/4256-3247-0x0000022A70DE0000-0x0000022A70E1A000-memory.dmp

Filesize
232KB

Download
memory/4256-3207-0x0000022A6A650000-0x0000022A6A658000-memory.dmp

Filesize
32KB

Download
memory/4256-3245-0x0000022A6FAB0000-0x0000022A6FACC000-memory.dmp

Filesize
112KB

Download
memory/4256-3222-0x0000022A6B380000-0x0000022A6B388000-memory.dmp

Filesize
32KB

Download
memory/4256-3205-0x0000022A6A6A0000-0x0000022A6A6B4000-memory.dmp

Filesize
80KB

Download
memory/4256-3254-0x0000022A714B0000-0x0000022A714FE000-memory.dmp

Filesize
312KB

Download
memory/4256-3255-0x0000022A70DC0000-0x0000022A70DC8000-memory.dmp

Filesize
32KB

Download
memory/4256-3158-0x0000022A68A30000-0x0000022A68A4E000-memory.dmp

Filesize
120KB

Download
memory/4256-3257-0x0000022A76930000-0x0000022A76A04000-memory.dmp

Filesize
848KB

Download
memory/4256-3258-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3160-0x0000022A6AEB0000-0x0000022A6AF62000-memory.dmp

Filesize
712KB

Download
memory/4256-3260-0x0000022A7A560000-0x0000022A7A612000-memory.dmp

Filesize
712KB

Download
memory/4256-3199-0x0000022A6B0E0000-0x0000022A6B0E8000-memory.dmp

Filesize
32KB

Download
memory/4256-3262-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3263-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3264-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3265-0x0000022A6A5F0000-0x0000022A6A600000-memory.dmp

Filesize
64KB

Download
memory/4256-3198-0x0000022A6FAD0000-0x0000022A70C8C000-memory.dmp

Filesize
17.7MB

Download
memory/4256-3161-0x0000022A6A550000-0x0000022A6A55A000-memory.dmp

Filesize
40KB

Download
memory/4256-3196-0x0000022A6C930000-0x0000022A6CEB0000-memory.dmp

Filesize
5.5MB

Download
memory/4256-3163-0x0000022A6A560000-0x0000022A6A56E000-memory.dmp

Filesize
56KB

Download
memory/4256-3194-0x0000022A6D660000-0x0000022A6E908000-memory.dmp

Filesize
18.7MB

Download
memory/4256-3164-0x0000022A6A580000-0x0000022A6A588000-memory.dmp

Filesize
32KB

Download
memory/4256-3192-0x0000022A6C040000-0x0000022A6C3A4000-memory.dmp

Filesize
3.4MB

Download
memory/4256-3166-0x0000022A6B3A0000-0x0000022A6B77A000-memory.dmp

Filesize
3.9MB

Download
memory/4256-3168-0x0000022A6A590000-0x0000022A6A59C000-memory.dmp

Filesize
48KB

Download
memory/4256-3190-0x0000022A6A6C0000-0x0000022A6A6C8000-memory.dmp

Filesize
32KB

Download
memory/4256-3188-0x0000022A6BA70000-0x0000022A6BCC4000-memory.dmp

Filesize
2.3MB

Download
memory/4256-3172-0x0000022A6A620000-0x0000022A6A64A000-memory.dmp

Filesize
168KB

Download
memory/4256-3186-0x0000022A6A690000-0x0000022A6A69C000-memory.dmp

Filesize
48KB

Download
memory/4256-3170-0x0000022A6B0F0000-0x0000022A6B21A000-memory.dmp

Filesize
1.2MB

Download
memory/4256-3184-0x0000022A6B780000-0x0000022A6B804000-memory.dmp

Filesize
528KB

Download
memory/4256-3174-0x0000022A6A5A0000-0x0000022A6A5A8000-memory.dmp

Filesize
32KB

Download
memory/4256-3182-0x0000022A6A670000-0x0000022A6A68A000-memory.dmp

Filesize
104KB

Download
memory/4256-3176-0x0000022A6A5D0000-0x0000022A6A5E4000-memory.dmp

Filesize
80KB

Download
memory/4256-3178-0x0000022A6A5B0000-0x0000022A6A5BE000-memory.dmp

Filesize
56KB

Download