42cdb16f6dd64c4fec30c7a71960fe4d0015862c37e7b02c8dba5c0d68384c74

Analysis

max time kernel
143s
max time network
143s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
04-02-2024 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rufus-4.4.exe
Size

1.4MB
MD5

7a4662bb7f331d2252f3d949657d821d
SHA1

ad53fddfbcead7b3e6c322c0aad8c4a826bd4967
SHA256

42cdb16f6dd64c4fec30c7a71960fe4d0015862c37e7b02c8dba5c0d68384c74
SHA512

a1d111fc91cd470d36bd4640884b3550c6a4035e8c5bc5176dc9f67aa2ef8be6fc12956d0b351c272d8bb89646546dac868b32d1d1985dee86ffb6e971b14f3f
SSDEEP

24576:wOyBSB04yZT5Z6iqUbVEMs6MrhXlPrBnr/TwcEgzXIdVWLpuL94q:XgZT5ZSU1fUhXhrBnbTbaAIt

Score

7^/10

evasion pyinstaller trojan upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/628-0-0x00007FF68C6F0000-0x00007FF68CACF000-memory.dmp	upx
behavioral1/memory/628-20-0x00007FF68C6F0000-0x00007FF68CACF000-memory.dmp	upx
behavioral1/files/0x000600000001ac1d-241.dat	upx
behavioral1/memory/3972-245-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp	upx
behavioral1/files/0x000600000001abf5-247.dat	upx
behavioral1/files/0x000600000001ac17-252.dat	upx
behavioral1/files/0x000600000001abf8-257.dat	upx
behavioral1/files/0x000600000001ac00-277.dat	upx
behavioral1/memory/3972-281-0x00007FFFC4680000-0x00007FFFC46AD000-memory.dmp	upx
behavioral1/memory/3972-284-0x00007FFFB2450000-0x00007FFFB2485000-memory.dmp	upx
behavioral1/files/0x000600000001abfb-286.dat	upx
behavioral1/memory/3972-287-0x00007FFFC4C40000-0x00007FFFC4C59000-memory.dmp	upx
behavioral1/memory/3972-288-0x00007FFFC4BF0000-0x00007FFFC4BFD000-memory.dmp	upx
behavioral1/memory/3972-285-0x00007FFFC4BE0000-0x00007FFFC4BED000-memory.dmp	upx
behavioral1/files/0x000600000001ac20-283.dat	upx
behavioral1/files/0x000600000001abfc-282.dat	upx
behavioral1/files/0x000600000001ac1b-280.dat	upx
behavioral1/files/0x000600000001abfe-275.dat	upx
behavioral1/memory/3972-290-0x00007FFFC4850000-0x00007FFFC485D000-memory.dmp	upx
behavioral1/memory/3972-289-0x00007FFFC3610000-0x00007FFFC3629000-memory.dmp	upx
behavioral1/memory/3972-293-0x00007FFFB1A60000-0x00007FFFB1A93000-memory.dmp	upx
behavioral1/memory/3972-295-0x00007FFFB1990000-0x00007FFFB1A5D000-memory.dmp	upx
behavioral1/files/0x000600000001ac16-294.dat	upx
behavioral1/memory/3972-296-0x00007FFFB1460000-0x00007FFFB1982000-memory.dmp	upx
behavioral1/files/0x000600000001ac18-292.dat	upx
behavioral1/memory/3972-298-0x00007FFFBE6D0000-0x00007FFFBE6E6000-memory.dmp	upx
behavioral1/memory/3972-299-0x00007FFFBDE90000-0x00007FFFBDEB4000-memory.dmp	upx
behavioral1/files/0x000600000001abfd-274.dat	upx
behavioral1/memory/3972-300-0x00007FFFBDFE0000-0x00007FFFBDFF2000-memory.dmp	upx
behavioral1/memory/3972-303-0x00007FFFB12E0000-0x00007FFFB1456000-memory.dmp	upx
behavioral1/files/0x000600000001abfa-271.dat	upx
behavioral1/memory/3972-305-0x00007FFFB1260000-0x00007FFFB1287000-memory.dmp	upx
behavioral1/memory/3972-304-0x00007FFFB2430000-0x00007FFFB2444000-memory.dmp	upx
behavioral1/files/0x000600000001abf9-270.dat	upx
behavioral1/memory/3972-308-0x00007FFFB4820000-0x00007FFFB4838000-memory.dmp	upx
behavioral1/memory/3972-309-0x00007FFFC2AA0000-0x00007FFFC2AAB000-memory.dmp	upx
behavioral1/memory/3972-307-0x00007FFFBEF40000-0x00007FFFBEF4B000-memory.dmp	upx
behavioral1/memory/3972-311-0x00007FFFBE5F0000-0x00007FFFBE5FC000-memory.dmp	upx
behavioral1/memory/3972-310-0x00007FFFC0D80000-0x00007FFFC0D8B000-memory.dmp	upx
behavioral1/memory/3972-312-0x00007FFFBDFD0000-0x00007FFFBDFDB000-memory.dmp	upx
behavioral1/memory/3972-314-0x00007FFFBC540000-0x00007FFFBC54B000-memory.dmp	upx
behavioral1/memory/3972-313-0x00007FFFBDE50000-0x00007FFFBDE5C000-memory.dmp	upx
behavioral1/memory/3972-315-0x00007FFFB1130000-0x00007FFFB113D000-memory.dmp	upx
behavioral1/memory/3972-306-0x00007FFFB1140000-0x00007FFFB125B000-memory.dmp	upx
behavioral1/files/0x000600000001abf7-269.dat	upx
behavioral1/files/0x000600000001abf6-268.dat	upx
behavioral1/memory/3972-316-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp	upx
behavioral1/memory/3972-317-0x00007FFFB1110000-0x00007FFFB111C000-memory.dmp	upx
behavioral1/files/0x000600000001abf4-267.dat	upx
behavioral1/files/0x000600000001abf2-266.dat	upx
behavioral1/memory/3972-320-0x00007FFFB10F0000-0x00007FFFB10FB000-memory.dmp	upx
behavioral1/memory/3972-319-0x00007FFFB1100000-0x00007FFFB110C000-memory.dmp	upx
behavioral1/memory/3972-321-0x00007FFFB10C0000-0x00007FFFB10CC000-memory.dmp	upx
behavioral1/files/0x000600000001ac22-264.dat	upx
behavioral1/files/0x000600000001ac21-263.dat	upx
behavioral1/memory/3972-331-0x00007FFFB1080000-0x00007FFFB108C000-memory.dmp	upx
behavioral1/memory/3972-330-0x00007FFFB1090000-0x00007FFFB10A2000-memory.dmp	upx
behavioral1/memory/3972-332-0x00007FFFB0DB0000-0x00007FFFB0DD9000-memory.dmp	upx
behavioral1/memory/3972-329-0x00007FFFB10B0000-0x00007FFFB10BD000-memory.dmp	upx
behavioral1/memory/3972-328-0x00007FFFB10D0000-0x00007FFFB10DC000-memory.dmp	upx
behavioral1/memory/3972-327-0x00007FFFB10E0000-0x00007FFFB10EB000-memory.dmp	upx
behavioral1/memory/3972-326-0x00007FFFB1120000-0x00007FFFB112E000-memory.dmp	upx
behavioral1/memory/3972-325-0x00007FFFC46D0000-0x00007FFFC46F5000-memory.dmp	upx
behavioral1/memory/3972-324-0x00007FFFB2420000-0x00007FFFB242C000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rufus-4.4.exe

Downloads MZ/PE file

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
53	api.ipify.org
54	api.ipify.org

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\GroupPolicy	rufus-4.4.exe
File opened for modification	C:\Windows\System32\GroupPolicy\gpt.ini	rufus-4.4.exe
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	rufus-4.4.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	rufus-4.4.exe
File opened for modification	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	rufus-4.4.exe

Executes dropped EXE 4 IoCs

pid	Process
660	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
2868	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe

Loads dropped DLL 64 IoCs

pid	Process
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe
424	Ultimate-Optimizer.exe

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000700000001abb8-113.dat	pyinstaller
behavioral1/files/0x000700000001abb8-146.dat	pyinstaller
behavioral1/files/0x000700000001abb8-149.dat	pyinstaller
behavioral1/files/0x000700000001abb8-238.dat	pyinstaller

Checks SCSI registry key(s) 3 TTPs 15 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters	rufus-4.4.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	rufus-4.4.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	rufus-4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	rufus-4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	rufus-4.4.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	rufus-4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	rufus-4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	rufus-4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	rufus-4.4.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters	rufus-4.4.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	rufus-4.4.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133515462664303991"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3972	Ultimate-Optimizer.exe
3596	chrome.exe
3596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeLoadDriverPrivilege	628	rufus-4.4.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
628	rufus-4.4.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 4404	4660	chrome.exe	80
PID 4660 wrote to memory of 4404	4660	chrome.exe	80
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 4540	4660	chrome.exe	83
PID 4660 wrote to memory of 2132	4660	chrome.exe	82
PID 4660 wrote to memory of 2132	4660	chrome.exe	82
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84
PID 4660 wrote to memory of 4216	4660	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\rufus-4.4.exe
"C:\Users\Admin\AppData\Local\Temp\rufus-4.4.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:628

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:2276

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
1⤵
PID:4076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffc3039758,0x7fffc3039768,0x7fffc3039778
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6016 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2376 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2428 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5596 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=948 --field-trial-handle=1872,i,3148396705695023041,14783553317116672057,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1720

C:\Users\Admin\Downloads\Ultimate-Optimizer.exe
"C:\Users\Admin\Downloads\Ultimate-Optimizer.exe"
1⤵
- Executes dropped EXE
PID:660
- C:\Users\Admin\Downloads\Ultimate-Optimizer.exe
  "C:\Users\Admin\Downloads\Ultimate-Optimizer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
    3⤵
    PID:756
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
      4⤵
      PID:2160

C:\Users\Admin\Downloads\Ultimate-Optimizer.exe
"C:\Users\Admin\Downloads\Ultimate-Optimizer.exe"
1⤵
- Executes dropped EXE
PID:2868
- C:\Users\Admin\Downloads\Ultimate-Optimizer.exe
  "C:\Users\Admin\Downloads\Ultimate-Optimizer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8d6bdba9-d2ca-4d69-870f-647c1e49152d.tmp

Filesize
105KB

MD5
cfa557945dc5f7802abac84c28389802

SHA1
406775e58c6775053d2392ba2d6343dc05251804

SHA256
cb1108db40d479ea8b8e142be8e459ab2f79252a4bc938c66ecbcf7087b5d049

SHA512
93489dc7386603aff227b981d608d5fec22013c334be74ef6240741bee4d39111be64cb1960df4b5df4ad6decc4b3c241601a91a695ebef7674c3c6e40ee846f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8fcfe022b740efbe70ea61ca4a5550d8

SHA1
7bdbc07f9b45b3b3a9f8ff38e30d8747a6aae677

SHA256
71268a60753a16e42ad172576d516183c304ad8101757e01246dde15b21f717f

SHA512
e9d7e20aff510ada51302184983593c01fa77ec2a3905d8cc4d5dc02127b52b230f01f4f51868a8d45362900bb1310d73b323daf14fdccbaa4062e2ec8453227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
07edb9d38233b64de115a269a0bce8b1

SHA1
7f3b18a8f46fd0e8a2973f6e8b606e9f69106c66

SHA256
eed8c443ca318b75e51128d628e253d7314893f2e5d17c19f44b0400f78fed00

SHA512
f67407de747ddf2813e4d292ffa24a7ad81bce4a083726b2eefc48feb8f2bd0ab9eaad3374d65278da5837903ed71b4a36bd328e25ddd8ee2ee4a7582abcca86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b975c30284e939f08d8cfde73aa16a32

SHA1
925780bfe24c9c9183656b4bb0fdacabe464f16c

SHA256
cfacd5cdf73415256a19f84bf603293113d1bbf76d9b105ed91f82a794bc97f3

SHA512
e68388151df0a0acc1adb99259b1fc5dfe806a48cf9810f2d467b1786049f8d2793b587f2f7d1fcf259c1ff7f845b958a0c58c2226225ebec0f68e614b3c7225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
09d992eea45d346b977c43ee481859ab

SHA1
e23e599a693ea645e5cb501cfd9ae6788cdada5c

SHA256
a515077e31dc5f273186957d02ebc9e1aa636c3fce571106a0674f8b8058d438

SHA512
4b7c3bddfcde219519d6fd7e3158e1d7904ad792242a5d7727546d60f0ab2703caa1fc7c2ff11843843b71727c9336c8a336676a193ff09f7caf9936ee19bd15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7845b0d62eba17b7e7a4387a19bcadd9

SHA1
fa2e1a5145530aa3b59d3a869a9de63957d703c7

SHA256
eb14e4f36f27a94a497e2d8479d6aeff8df2f5cf57166d4708057b235164fb86

SHA512
7540bc295485f9435d6213f4aa1754ad3a6ef64fc05c2b32088e6d55f3674432f5ce8597162fdb26b065948e9aa168636e40574d48dc8cda8c56e295c465d06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9c4f09c9edfece7c6794705281502c6e

SHA1
22cba2acbe386881dcbdb5b798749830b35e99b3

SHA256
1751a1ccd4ba59e1febe4fa5d2aad0c2de8aac1b2d9906c3c9de47932b545093

SHA512
172397b1f8ad63a4fffdd66e7aab2953b68b3fbc581de2c891e2aea69490fe43898f214007607d4af969963655f23f5d1e767b7b22d924821af89afaf358717a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
f5604334bb8662ffa81a55448f60937e

SHA1
95a211df71a1674f7e88e19ce69533faaf16513e

SHA256
abaee755e914b8a3ab72569e26025733bab80cf39bc9ed44c98af3a4de58446b

SHA512
bd3eafd11cccb4652d9ec4847e6853237d4d7d6be2e98d4f1d01f87b5dc73653c6a8ac75e87f12d62f42fe76f8a789934aafdae3bf57639f91420c8584159197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
0bba196498aabbb1dbf99ef355c67bc6

SHA1
7432fa87c164475021aacd04c1947b07976e56a6

SHA256
bbee72e77d434702550928c714051b46b5bc26259bf06abc41d0aee1e3d76d55

SHA512
021180233d709a56ac808840856a3d88fc3b005d38a2934881dcd60d8e394760d6e7fa92e3731afa75866eecee2655494c90cf460a5fb6c43c0feb58cc408b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592dcd.TMP

Filesize
92KB

MD5
b94a63fcc308111734195bc5b783b16b

SHA1
3da2a58459a44f98bc2c6a01c7429e28904bb725

SHA256
940e693335f35c3aac94021c19d6d1c0fe0c61ee98893dcd0105bb01444ac003

SHA512
c51b729a580106e7ebb22a17ebc07451c0dd47ea7cbb2727c35bb97b9db65afe32b66bcc0defdee555e353bedc21a938b63400c81e2ff72fe9e8906f12e6c533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_asyncio.pyd

Filesize
37KB

MD5
ed6769a4df30841082d6aece644c209e

SHA1
c96fe773d67ecf37794b7178ae61c603e439051a

SHA256
a6c963fcb97d5acf3a5b39d64f9039041b3dd1fa8e39bf668ec10756adfd1ff6

SHA512
f03c006bbe2376679b340eb0000820de9d8b912171fd9405c41ae53c23ef34aa4ac3982ec29209e4ec7fee362987735a6832f27fdffec028e0d56655c7cd740b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_cffi_backend.cp312-win_amd64.pyd

Filesize
71KB

MD5
886da52cb1d06bd17acbd5c29355a3f5

SHA1
45dee87aefb1300ec51f612c3b2a204874be6f28

SHA256
770d04ebe9f4d8271659ba9bf186b8ae422fdd76f7293dbc84be78d9d6dd92cc

SHA512
d6c7a90b8fa017f72f499943d73e4015f2eec0e46188c27848892a99be35e0ecbda1f692630863b89109b04636e813ddad2051f323a24b4d373192a6b67cf978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_ctypes.pyd

Filesize
59KB

MD5
1fad10f5dc9bd65753031b0942d5497d

SHA1
e9d480def6f3bd99d41f40516133bd8bb61803aa

SHA256
dc4659a5662e8bc0b832154f1a6511b864b1f2c96bba3379147a0d044f3c9962

SHA512
048cacdbe6eaea5df6393e1753f183e52853ae97d2e1a60c3f8cb897072ce13214a6c556a5ce75a0818c0b85fc74c9d0f6631e8521140b5573e768bf627672ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_decimal.pyd

Filesize
105KB

MD5
dc7e41920f048bdae9b710a937dcec92

SHA1
4c34f1c1e94b095a99e68d14f690fa4c0ac3c98f

SHA256
a8f9909a105099f3b963aa7842057e302e82116ff54cb8f585ede2a713ee0bcb

SHA512
c9a04cb74fd9c4b8c028136737cfbb4902ca09f5c94fd7a057be8600db2d982b83c7882adfef273b46990db8251acbd4e5d352099ff6f146516d56b4eda2e6f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_hashlib.pyd

Filesize
35KB

MD5
77c7f56d1e33777b53b4ff87f99acff7

SHA1
6cab06635ab1ced0040f60d07a7d6316118f902f

SHA256
424a0bde3b25cee6e7ee1fedbcb29885d5d1d9f2115e18081c391e2b16d173c7

SHA512
b23f1c55a3b44e199973231c449b1b064317db1068fb0f3c688250666529cb5c11c1812c292d44f01c7bf5006336996a533fb792079ce4968ac16dc6f6de1619

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_lzma.pyd

Filesize
86KB

MD5
6df48be376eb5fd94b2e2713a8b0125c

SHA1
8382f1cdeb9f5fd9bbed0a053d6131a283e9b3b7

SHA256
33961f5170937bedf1e01cfc26760110e2c41bd484c16de5d02e060677bf8ad4

SHA512
eabc225c507ac6185e976d914e749bbf98a630ca67f3b64b65007805fc0701839c87653e61ffe2ca5dad2d5777ffb308f744ed62a99b7484d608ed157cca818a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_multiprocessing.pyd

Filesize
27KB

MD5
e8629692676d9e2583c6dbdc52c6e96e

SHA1
9ef1d81a444e8e774bf6de35b304c9f8e9a78f3c

SHA256
e9292e11b9bac88795b6426182b49f059ac6dc58e8f6f401a72fbb91ce3e9bbe

SHA512
765acddfb26e236bd7609835e3a8fb3cd7acf3ea9edd54f794a86618bdefa7e7955351f7f3c3b4dff6382f1c6fba1cad8579ed8eb8e6a1af54dbf4be8b237763

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_overlapped.pyd

Filesize
33KB

MD5
d30cecf3b67d5bdd5f7bf27754309821

SHA1
3cdd7dd092fce6987f8702cc6439f33d5a8c06ea

SHA256
540995fc40202552b3b774b1d5033eac953e142ff12808c019d74d7b1ae95fb9

SHA512
70275a8493c3025e109554fe83920603b90ac06bc55580a6340fa0912be658a9cb9266b98c4026bdbbd5309b85a499c9dfb2989882afdde6d28acd0ba9d2ffdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_sqlite3.pyd

Filesize
57KB

MD5
fbf309bd368f223f4c2a6d8d5315a2fd

SHA1
b40959cd717993ae6109ce59505443ce50eec344

SHA256
5f1c82c2826f6affb1f9f8fc0ad296cbfd3e7ef608718500784c43562e271b59

SHA512
b12040c141ae06fafa5f42b6f2fdf88bcc492d274c02c9ac518db65302d106a633e35eca7bc663abcbc224025a7f46f819dd12bd43427bd458256f336a2077d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_ssl.pyd

Filesize
65KB

MD5
f039b697f13a96dc6408b03f21ec85e5

SHA1
5db227f61a558bc6e60248af88e0df495fc89a08

SHA256
54b4ab6d2f1d7bb49334ea109b88c5f49abc4df398af37ee6b83e680fef760c1

SHA512
37c127893ee410ee8ad8c2a47b4f9a1440009b4b1800e3638e5df813c3edcf7a4c93cac0aaf31e2edcd3b9af01b1ea4f7902d754261a9a4a458d4adad480c0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_uuid.pyd

Filesize
24KB

MD5
b9e2ab3d934221a25f2ad0a8c2247f94

SHA1
af792b19b81c1d90d570bdfedbd5789bdf8b9e0c

SHA256
d462f34aca50d1f37b9ea03036c881ee4452e1fd37e1b303cd6daaecc53e260e

SHA512
9a278bfe339f3cfbd02a1bb177c3bc7a7ce36eb5b4fadaaee590834ad4d29cbe91c8c4c843263d91296500c5536df6ac98c96f59f31676cecdccf93237942a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\_wmi.pyd

Filesize
28KB

MD5
b495c3ede38a7d26b66e1614dac26fa6

SHA1
c82ed0b8b80d93c902d0be11dfaa3c0722f6f206

SHA256
1f2ad100bb0b949ea7ab9f298835ef2d1688314d7a490489ae80e2a9eb8e02b0

SHA512
1e333722289d94a7517c97521f7d849a3bbf97064ddd0a7475b6a03872ef945c432f6d92d466b7b8a438792827c73e8d06d3a4a6f34bd1b9f60ce95efa10725a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\base_library.zip

Filesize
1.3MB

MD5
ccee0ea5ba04aa4fcb1d5a19e976b54f

SHA1
f7a31b2223f1579da1418f8bfe679ad5cb8a58f5

SHA256
eeb7f0b3e56b03454868411d5f62f23c1832c27270cee551b9ca7d9d10106b29

SHA512
4f29ac5df211fef941bd953c2d34cb0c769fb78475494746cb584790d9497c02be35322b0c8f5c14fe88d4dd722733eda12496db7a1200224a014043f7d59166

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\libffi-8.dll

Filesize
29KB

MD5
bb1feaa818eba7757ada3d06f5c57557

SHA1
f2de5f06dc6884166de165d34ef2b029bb0acf8b

SHA256
a7ac89b42d203ad40bad636ad610cf9f6da02128e5a20b8b4420530a35a4fb29

SHA512
95dd1f0c482b0b0190e561bc08fe58db39fd8bb879a2dec0cabd40d78773161eb76441a9b1230399e3add602685d0617c092fff8bf0ab6903b537a9382782a97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\python312.dll

Filesize
1.8MB

MD5
667e7967137e42e693059a6b9ffbb65c

SHA1
3d8a134f4ef422f922b4fdc7bc126bba5eb9b12e

SHA256
4091f7c2d23be37bea7250a369611140644a7f5a71d095cc0d6b2f0bfe37530f

SHA512
7fa1161dee9f59f11e30d711ab40eb9f743ef243ef7b718863cb5d099bb5a8d523dcee67bbf3125cc893a9bfe21811335ee09bbc0a5cb1a13d979a6936cac3ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\sqlite3.dll

Filesize
630KB

MD5
f453ee42d1a4dcc15f977ab976f459f4

SHA1
2e71bef920daaa1fd46b0d121fdce4ef4e765795

SHA256
712ea5906fa60b60defe0d6be1cabee673c10fe545eb27b5ff87498788c92c41

SHA512
467957abec90d68dacc07a77f4e2a8b196b2d08d1f577cca9744ee07606454309aadda7145291a531c95dfd71f3321e408c10032bdc366975f033b8051981b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6602\unicodedata.pyd

Filesize
295KB

MD5
9449204a107e132caf60fe4a14c3026e

SHA1
c9701b8e0c086035a59287961b26589930b3bfc3

SHA256
15ce14be8970b3ddfed932720221d67a66ebacc74682564033b4b60db57651a3

SHA512
8cfddc8a5a02e1405e8c89add9f3a81d6db0c402f18e39d9104f715455ee7af02924378aae9e93a399340385407f97048345fed92856b545a157b274a3a3529a

Download Submit
C:\Users\Admin\Downloads\Ultimate-Optimizer.exe

Filesize
5.2MB

MD5
0f049ab285854d72838be4ea0ebc75f1

SHA1
345d83a0e74ec7aec398e6b4427c5bf2d2f127ce

SHA256
0d8267af91314eccd26468edad3653acb21af1d703dc0c8f6f952e4db2d83d23

SHA512
4fb288f952aabf3ac49fcf95554171377bf2975b456271033b0afa0cf1141147b745f4497987982bcc743e27802b37575d42f9124f98adeb53abfeb2609622c0

Download Submit
C:\Users\Admin\Downloads\Ultimate-Optimizer.exe

Filesize
6.1MB

MD5
669afc70a66737ee9b3a72a25f117420

SHA1
3c737adb22bba81a946f877675ee307fac42c939

SHA256
52a6cb817281f5e78fbef104200bab4f0b80fb928b88121e802724fe4d6bded3

SHA512
08d40d517fd07d457060e0993580671b47d08553b1a7aa3a75d9a7dedea8bd1ead6ee04bea6d81eb8121c52f85cd899c134528e3f2ecc77acba8f3d6bccdc007

Download Submit
C:\Users\Admin\Downloads\Ultimate-Optimizer.exe

Filesize
3.9MB

MD5
5382688c19610ed09350526c73bd9a65

SHA1
ae006fe8297c8e5514e7fd5db3920a0df1f5ae04

SHA256
c280b70b7e7916586d6c25efd40dd7367da057663fe43bd23738ffd67bf00840

SHA512
0f6e4dd5c120787bd2ebfc5cd6cca293f19d83fb64c7a4e466428f40630a0940e6eac4ad7221c0c77298690d7bc011f15031e434baf08f1cb8a3ed0c26287c2f

Download Submit
C:\Users\Admin\Downloads\Ultimate-Optimizer.exe.crdownload

Filesize
3.8MB

MD5
03415496a127b88499b1259d0c389e06

SHA1
bb3341b80302037a3f3dc9ae70db4c24569fd9a8

SHA256
4d31e46a8bbd29a0e0cade030971ee4181674c16f70a8c3917486f7971397e7f

SHA512
90f2bea16adbbd70142950a21282c5145c1b65d4767a87f2fb49bf453ed905355c57f730f151d9af6b0b9f4ba7fdb0d53aab3d1fb005075a9da9fbafbb6d976e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\_bz2.pyd

Filesize
48KB

MD5
6eb9b3d0ee6cf49541519d8e624e7f33

SHA1
4172fd1b3bdf2e306603195edffb0c3268328cab

SHA256
6efca677827a739a2f7d76f3176656cd197c85ca509a30c25a112b7c5cf71239

SHA512
1f0a066df4943dd0306293a95baaff4d476ccf56babc42f5a23844aaf6a328dc94776a8e2bf90d703e2c09f6c73b469867d15b8d60ba61cd48b5006698d7a57c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\_queue.pyd

Filesize
26KB

MD5
3353cbb44ecee097062ecbdaa56af118

SHA1
0dcc9bc123dd31d209dd93f34c52f18aefaecfbd

SHA256
a162bb0be5d979bd9c7b426892a9219dd79f876a2946304ccdacb3aa1120472e

SHA512
1d7260b2226fbb90a354689054625241863c7cfd605237f7f61ac2e13f0e75d5cad7abb702ffb4cfa32ce3820c07339cf113df4d7406c1133f455dce504661d6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\_socket.pyd

Filesize
44KB

MD5
f9ee6bd75f3b51aee3d3b125eb348ea3

SHA1
b0768266b6cf9e6ff27edadd5f809542aef22174

SHA256
562c7379da9c5963c9bfcb027450b9143e7fb5644a06607a8cbfb07898bf161a

SHA512
c631d245dfec8eeb087a2803f0f1f422b522c6bda809cda3277ccd8fdd1cbba0010bdd3c2af4bb7d9ec8eebc183bb2c031a7c8241ca4243e91e2b6254f256b7a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\libcrypto-3.dll

Filesize
1.6MB

MD5
33f448cbb24a96e2a13cf3cf4c280904

SHA1
95fa1c731c18d8094d861c5958018c4d74fbef18

SHA256
b1a3a3d090fcc0263bdc508efe7b818cecd34ea43c38e90e42cd9f40e36b7243

SHA512
a7c84464e1a26df4fe2c88f006b1d0523d894c04831347cc4005778cade15521d13bd40a5b269698b5b76d5514f5d21dbefad954c69f055a1940aaf4d1f29035

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\libssl-3.dll

Filesize
223KB

MD5
be89dde1ed204a5e32cd9f0b2cd8cb0f

SHA1
053fd1853482b2f7c7c62bd947852992e84bb899

SHA256
8f559bd71d0d422a2d44ffb9f489bd0a9764b31b6c8e265809d9f483fe75399d

SHA512
7dbdc1417661845b85582f0b63c6f0d84e66e5d29aad404b9c87270f6552f7babc9736340effebdee7573816e735b306c430f2ea122c06ed806de1669d2b3b30

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\pyexpat.pyd

Filesize
87KB

MD5
5f69b9b6b0fd3841894a15b15607c6ed

SHA1
67956a5b991f54bd5db2e23d62cb108ac4f42886

SHA256
ba2bf2d291d3d7d348cd888193e1366440ef332d16b205dfe328d99acd01f53f

SHA512
a0bc06be62cb056c5cf7c55e2110a74809e73b9266e7986efca29be487d5d1ececc52e44696e76944370fe6cecc7f0582702be3803a28d1772aecf0b7052fbd3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\python3.dll

Filesize
66KB

MD5
4038af0427bce296ca8f3e98591e0723

SHA1
b2975225721959d87996454d049e6d878994cbf2

SHA256
a5bb3eb6fdfd23e0d8b2e4bccd6016290c013389e06daae6cb83964fa69e2a4f

SHA512
db762442c6355512625b36f112eca6923875d10aaf6476d79dc6f6ffc9114e8c7757ac91dbcd1fb00014122bc7f656115160cf5d62fa7fa1ba70bc71346c1ad3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI6602\select.pyd

Filesize
25KB

MD5
210c99a3298e6bbeb91f59028fe725c5

SHA1
a371165ce7da0573e60872e083f35f5c5f3d5bf4

SHA256
0343b0d11146020603e33b392d3752b8e1d2dacb6e9121fe9e9ab872998b0de7

SHA512
e6fe38f40b705f865aae10ffd354fe5606ab9b614805de4d1e2036967077e2c20aded6d9f782ce7734576575b926b2d8ce7a0dd1ffc0d65a049e31dd22463349

Download Submit
memory/424-525-0x00007FFFB2450000-0x00007FFFB2483000-memory.dmp

Filesize
204KB

Download
memory/424-516-0x00007FFFC46D0000-0x00007FFFC46F5000-memory.dmp

Filesize
148KB

Download
memory/424-573-0x00007FFFB2450000-0x00007FFFB2483000-memory.dmp

Filesize
204KB

Download
memory/424-569-0x00007FFFC4660000-0x00007FFFC4695000-memory.dmp

Filesize
212KB

Download
memory/424-565-0x00007FFFC46A0000-0x00007FFFC46CD000-memory.dmp

Filesize
180KB

Download
memory/424-574-0x00007FFFB19D0000-0x00007FFFB1A9D000-memory.dmp

Filesize
820KB

Download
memory/424-563-0x00007FFFC4C40000-0x00007FFFC4C59000-memory.dmp

Filesize
100KB

Download
memory/424-562-0x00007FFFC4EB0000-0x00007FFFC4EBF000-memory.dmp

Filesize
60KB

Download
memory/424-575-0x00007FFFB14A0000-0x00007FFFB19C2000-memory.dmp

Filesize
5.1MB

Download
memory/424-561-0x00007FFFC46D0000-0x00007FFFC46F5000-memory.dmp

Filesize
148KB

Download
memory/424-558-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp

Filesize
6.8MB

Download
memory/424-531-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp

Filesize
6.8MB

Download
memory/424-530-0x00007FFFBE6D0000-0x00007FFFBE6E6000-memory.dmp

Filesize
88KB

Download
memory/424-571-0x00007FFFC4BE0000-0x00007FFFC4BED000-memory.dmp

Filesize
52KB

Download
memory/424-529-0x00007FFFBDFE0000-0x00007FFFBDFF2000-memory.dmp

Filesize
72KB

Download
memory/424-527-0x000001BA4A780000-0x000001BA4ACA2000-memory.dmp

Filesize
5.1MB

Download
memory/424-526-0x00007FFFB19D0000-0x00007FFFB1A9D000-memory.dmp

Filesize
820KB

Download
memory/424-572-0x00007FFFC4850000-0x00007FFFC485D000-memory.dmp

Filesize
52KB

Download
memory/424-524-0x00007FFFC4850000-0x00007FFFC485D000-memory.dmp

Filesize
52KB

Download
memory/424-567-0x00007FFFC4BF0000-0x00007FFFC4BFD000-memory.dmp

Filesize
52KB

Download
memory/424-528-0x00007FFFB14A0000-0x00007FFFB19C2000-memory.dmp

Filesize
5.1MB

Download
memory/424-523-0x00007FFFC4BE0000-0x00007FFFC4BED000-memory.dmp

Filesize
52KB

Download
memory/424-521-0x00007FFFC4660000-0x00007FFFC4695000-memory.dmp

Filesize
212KB

Download
memory/424-570-0x00007FFFC3610000-0x00007FFFC3629000-memory.dmp

Filesize
100KB

Download
memory/424-579-0x00007FFFB1320000-0x00007FFFB1496000-memory.dmp

Filesize
1.5MB

Download
memory/424-522-0x00007FFFC3610000-0x00007FFFC3629000-memory.dmp

Filesize
100KB

Download
memory/424-581-0x00007FFFB2430000-0x00007FFFB2444000-memory.dmp

Filesize
80KB

Download
memory/424-519-0x00007FFFC46A0000-0x00007FFFC46CD000-memory.dmp

Filesize
180KB

Download
memory/424-520-0x00007FFFC4BF0000-0x00007FFFC4BFD000-memory.dmp

Filesize
52KB

Download
memory/424-582-0x00007FFFC2AA0000-0x00007FFFC2AAB000-memory.dmp

Filesize
44KB

Download
memory/424-580-0x00007FFFB4820000-0x00007FFFB4838000-memory.dmp

Filesize
96KB

Download
memory/424-518-0x00007FFFC4C40000-0x00007FFFC4C59000-memory.dmp

Filesize
100KB

Download
memory/424-517-0x00007FFFC4EB0000-0x00007FFFC4EBF000-memory.dmp

Filesize
60KB

Download
memory/424-576-0x00007FFFBE6D0000-0x00007FFFBE6E6000-memory.dmp

Filesize
88KB

Download
memory/424-515-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp

Filesize
6.8MB

Download
memory/424-578-0x00007FFFBDE90000-0x00007FFFBDEB4000-memory.dmp

Filesize
144KB

Download
memory/424-577-0x00007FFFBDFE0000-0x00007FFFBDFF2000-memory.dmp

Filesize
72KB

Download
memory/628-0-0x00007FF68C6F0000-0x00007FF68CACF000-memory.dmp

Filesize
3.9MB

Download
memory/628-20-0x00007FF68C6F0000-0x00007FF68CACF000-memory.dmp

Filesize
3.9MB

Download
memory/3972-323-0x00007FFFB0D80000-0x00007FFFB0DAE000-memory.dmp

Filesize
184KB

Download
memory/3972-341-0x00007FFFC4BE0000-0x00007FFFC4BED000-memory.dmp

Filesize
52KB

Download
memory/3972-322-0x00007FFFB0DF0000-0x00007FFFB1073000-memory.dmp

Filesize
2.5MB

Download
memory/3972-325-0x00007FFFC46D0000-0x00007FFFC46F5000-memory.dmp

Filesize
148KB

Download
memory/3972-278-0x00007FFFC4EB0000-0x00007FFFC4EBF000-memory.dmp

Filesize
60KB

Download
memory/3972-255-0x00007FFFC46D0000-0x00007FFFC46F5000-memory.dmp

Filesize
148KB

Download
memory/3972-326-0x00007FFFB1120000-0x00007FFFB112E000-memory.dmp

Filesize
56KB

Download
memory/3972-327-0x00007FFFB10E0000-0x00007FFFB10EB000-memory.dmp

Filesize
44KB

Download
memory/3972-333-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp

Filesize
6.8MB

Download
memory/3972-334-0x00007FFFC46D0000-0x00007FFFC46F5000-memory.dmp

Filesize
148KB

Download
memory/3972-335-0x00007FFFC4EB0000-0x00007FFFC4EBF000-memory.dmp

Filesize
60KB

Download
memory/3972-345-0x00007FFFB1460000-0x00007FFFB1982000-memory.dmp

Filesize
5.1MB

Download
memory/3972-344-0x00007FFFB1990000-0x00007FFFB1A5D000-memory.dmp

Filesize
820KB

Download
memory/3972-348-0x00007FFFBDE90000-0x00007FFFBDEB4000-memory.dmp

Filesize
144KB

Download
memory/3972-346-0x00007FFFBE6D0000-0x00007FFFBE6E6000-memory.dmp

Filesize
88KB

Download
memory/3972-349-0x00007FFFB12E0000-0x00007FFFB1456000-memory.dmp

Filesize
1.5MB

Download
memory/3972-347-0x00007FFFBDFE0000-0x00007FFFBDFF2000-memory.dmp

Filesize
72KB

Download
memory/3972-343-0x00007FFFB1A60000-0x00007FFFB1A93000-memory.dmp

Filesize
204KB

Download
memory/3972-352-0x00007FFFC2AA0000-0x00007FFFC2AAB000-memory.dmp

Filesize
44KB

Download
memory/3972-350-0x00007FFFB4820000-0x00007FFFB4838000-memory.dmp

Filesize
96KB

Download
memory/3972-364-0x00007FFFB1110000-0x00007FFFB111C000-memory.dmp

Filesize
48KB

Download
memory/3972-363-0x00007FFFB1120000-0x00007FFFB112E000-memory.dmp

Filesize
56KB

Download
memory/3972-366-0x00007FFFB10F0000-0x00007FFFB10FB000-memory.dmp

Filesize
44KB

Download
memory/3972-365-0x00007FFFB1100000-0x00007FFFB110C000-memory.dmp

Filesize
48KB

Download
memory/3972-373-0x00007FFFB0DF0000-0x00007FFFB1073000-memory.dmp

Filesize
2.5MB

Download
memory/3972-372-0x00007FFFB1080000-0x00007FFFB108C000-memory.dmp

Filesize
48KB

Download
memory/3972-375-0x00007FFFB0D80000-0x00007FFFB0DAE000-memory.dmp

Filesize
184KB

Download
memory/3972-374-0x00007FFFB0DB0000-0x00007FFFB0DD9000-memory.dmp

Filesize
164KB

Download
memory/3972-371-0x00007FFFB1090000-0x00007FFFB10A2000-memory.dmp

Filesize
72KB

Download
memory/3972-370-0x00007FFFB10B0000-0x00007FFFB10BD000-memory.dmp

Filesize
52KB

Download
memory/3972-369-0x00007FFFB10C0000-0x00007FFFB10CC000-memory.dmp

Filesize
48KB

Download
memory/3972-368-0x00007FFFB10D0000-0x00007FFFB10DC000-memory.dmp

Filesize
48KB

Download
memory/3972-367-0x00007FFFB10E0000-0x00007FFFB10EB000-memory.dmp

Filesize
44KB

Download
memory/3972-362-0x00007FFFB1130000-0x00007FFFB113D000-memory.dmp

Filesize
52KB

Download
memory/3972-361-0x00007FFFB2420000-0x00007FFFB242C000-memory.dmp

Filesize
48KB

Download
memory/3972-360-0x00007FFFBC540000-0x00007FFFBC54B000-memory.dmp

Filesize
44KB

Download
memory/3972-359-0x00007FFFBDE50000-0x00007FFFBDE5C000-memory.dmp

Filesize
48KB

Download
memory/3972-358-0x00007FFFBDFD0000-0x00007FFFBDFDB000-memory.dmp

Filesize
44KB

Download
memory/3972-357-0x00007FFFBE5F0000-0x00007FFFBE5FC000-memory.dmp

Filesize
48KB

Download
memory/3972-356-0x00007FFFBEF40000-0x00007FFFBEF4B000-memory.dmp

Filesize
44KB

Download
memory/3972-355-0x00007FFFC0D80000-0x00007FFFC0D8B000-memory.dmp

Filesize
44KB

Download
memory/3972-354-0x00007FFFB1140000-0x00007FFFB125B000-memory.dmp

Filesize
1.1MB

Download
memory/3972-353-0x00007FFFB1260000-0x00007FFFB1287000-memory.dmp

Filesize
156KB

Download
memory/3972-351-0x00007FFFB2430000-0x00007FFFB2444000-memory.dmp

Filesize
80KB

Download
memory/3972-342-0x00007FFFC4850000-0x00007FFFC485D000-memory.dmp

Filesize
52KB

Download
memory/3972-324-0x00007FFFB2420000-0x00007FFFB242C000-memory.dmp

Filesize
48KB

Download
memory/3972-340-0x00007FFFC3610000-0x00007FFFC3629000-memory.dmp

Filesize
100KB

Download
memory/3972-339-0x00007FFFB2450000-0x00007FFFB2485000-memory.dmp

Filesize
212KB

Download
memory/3972-338-0x00007FFFC4BF0000-0x00007FFFC4BFD000-memory.dmp

Filesize
52KB

Download
memory/3972-337-0x00007FFFC4680000-0x00007FFFC46AD000-memory.dmp

Filesize
180KB

Download
memory/3972-336-0x00007FFFC4C40000-0x00007FFFC4C59000-memory.dmp

Filesize
100KB

Download
memory/3972-328-0x00007FFFB10D0000-0x00007FFFB10DC000-memory.dmp

Filesize
48KB

Download
memory/3972-329-0x00007FFFB10B0000-0x00007FFFB10BD000-memory.dmp

Filesize
52KB

Download
memory/3972-332-0x00007FFFB0DB0000-0x00007FFFB0DD9000-memory.dmp

Filesize
164KB

Download
memory/3972-330-0x00007FFFB1090000-0x00007FFFB10A2000-memory.dmp

Filesize
72KB

Download
memory/3972-331-0x00007FFFB1080000-0x00007FFFB108C000-memory.dmp

Filesize
48KB

Download
memory/3972-321-0x00007FFFB10C0000-0x00007FFFB10CC000-memory.dmp

Filesize
48KB

Download
memory/3972-319-0x00007FFFB1100000-0x00007FFFB110C000-memory.dmp

Filesize
48KB

Download
memory/3972-320-0x00007FFFB10F0000-0x00007FFFB10FB000-memory.dmp

Filesize
44KB

Download
memory/3972-317-0x00007FFFB1110000-0x00007FFFB111C000-memory.dmp

Filesize
48KB

Download
memory/3972-316-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp

Filesize
6.8MB

Download
memory/3972-306-0x00007FFFB1140000-0x00007FFFB125B000-memory.dmp

Filesize
1.1MB

Download
memory/3972-315-0x00007FFFB1130000-0x00007FFFB113D000-memory.dmp

Filesize
52KB

Download
memory/3972-313-0x00007FFFBDE50000-0x00007FFFBDE5C000-memory.dmp

Filesize
48KB

Download
memory/3972-314-0x00007FFFBC540000-0x00007FFFBC54B000-memory.dmp

Filesize
44KB

Download
memory/3972-312-0x00007FFFBDFD0000-0x00007FFFBDFDB000-memory.dmp

Filesize
44KB

Download
memory/3972-310-0x00007FFFC0D80000-0x00007FFFC0D8B000-memory.dmp

Filesize
44KB

Download
memory/3972-311-0x00007FFFBE5F0000-0x00007FFFBE5FC000-memory.dmp

Filesize
48KB

Download
memory/3972-307-0x00007FFFBEF40000-0x00007FFFBEF4B000-memory.dmp

Filesize
44KB

Download
memory/3972-309-0x00007FFFC2AA0000-0x00007FFFC2AAB000-memory.dmp

Filesize
44KB

Download
memory/3972-308-0x00007FFFB4820000-0x00007FFFB4838000-memory.dmp

Filesize
96KB

Download
memory/3972-304-0x00007FFFB2430000-0x00007FFFB2444000-memory.dmp

Filesize
80KB

Download
memory/3972-305-0x00007FFFB1260000-0x00007FFFB1287000-memory.dmp

Filesize
156KB

Download
memory/3972-303-0x00007FFFB12E0000-0x00007FFFB1456000-memory.dmp

Filesize
1.5MB

Download
memory/3972-300-0x00007FFFBDFE0000-0x00007FFFBDFF2000-memory.dmp

Filesize
72KB

Download
memory/3972-299-0x00007FFFBDE90000-0x00007FFFBDEB4000-memory.dmp

Filesize
144KB

Download
memory/3972-298-0x00007FFFBE6D0000-0x00007FFFBE6E6000-memory.dmp

Filesize
88KB

Download
memory/3972-297-0x00000206F6B90000-0x00000206F70B2000-memory.dmp

Filesize
5.1MB

Download
memory/3972-296-0x00007FFFB1460000-0x00007FFFB1982000-memory.dmp

Filesize
5.1MB

Download
memory/3972-295-0x00007FFFB1990000-0x00007FFFB1A5D000-memory.dmp

Filesize
820KB

Download
memory/3972-293-0x00007FFFB1A60000-0x00007FFFB1A93000-memory.dmp

Filesize
204KB

Download
memory/3972-289-0x00007FFFC3610000-0x00007FFFC3629000-memory.dmp

Filesize
100KB

Download
memory/3972-290-0x00007FFFC4850000-0x00007FFFC485D000-memory.dmp

Filesize
52KB

Download
memory/3972-285-0x00007FFFC4BE0000-0x00007FFFC4BED000-memory.dmp

Filesize
52KB

Download
memory/3972-288-0x00007FFFC4BF0000-0x00007FFFC4BFD000-memory.dmp

Filesize
52KB

Download
memory/3972-287-0x00007FFFC4C40000-0x00007FFFC4C59000-memory.dmp

Filesize
100KB

Download
memory/3972-284-0x00007FFFB2450000-0x00007FFFB2485000-memory.dmp

Filesize
212KB

Download
memory/3972-281-0x00007FFFC4680000-0x00007FFFC46AD000-memory.dmp

Filesize
180KB

Download
memory/3972-245-0x00007FFFB1CD0000-0x00007FFFB23A8000-memory.dmp

Filesize
6.8MB

Download