Analysis

  • max time kernel
    44s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 23:32

Errors

Reason
Machine shutdown

General

  • Target

    Trojan/2repair.exe

  • Size

    10.2MB

  • MD5

    795d891f34890796120931c1b74318a4

  • SHA1

    9a698435df1e850479f66b08dd8ee84e7473b0eb

  • SHA256

    327e9f126a7d897239ddafc8adbae981e6a4c00d4d3383846ceb8d2befefef04

  • SHA512

    77234732395eac75687aeff81d40fc3e7b1f1d7e14b4df9f786f0aa7cc2bee04d5614dbd6cdd04fd310ea455c2747cd2c0a598143a886807e690c2cc01b06aa0

  • SSDEEP

    196608:LgOzUNRd/74b/Mqe9NPnjRs6j+2ufWvi2DuFg3k7bwanYP9UX5hT84jWR/B:CRd83Klji52RhwPA92584jmB

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 4 IoCs
  • Delays execution with timeout.exe 3 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan\2repair.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan\2repair.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\B7.tmp\C7.tmp\C8.bat C:\Users\Admin\AppData\Local\Temp\Trojan\2repair.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3496
      • C:\Windows\system32\timeout.exe
        timeout /t 6
        3⤵
        • Delays execution with timeout.exe
        PID:4072
      • C:\Users\Admin\AppData\Local\Temp\Trojan\FreeMicrosoft.exe
        FreeMicrosoft.exe
        3⤵
        • Writes to the Master Boot Record (MBR)
        PID:2024
      • C:\Users\Admin\AppData\Local\Temp\Trojan\Melting.exe
        Melting.exe
        3⤵
        • Executes dropped EXE
        PID:60
      • C:\Users\Admin\AppData\Local\Temp\Trojan\AntivirusPlatinum.exe
        AntivirusPlatinum.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1356
        • C:\WINDOWS\302746537.exe
          "C:\WINDOWS\302746537.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1104
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2025.tmp\302746537.bat" "
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:5040
            • C:\Windows\SysWOW64\regsvr32.exe
              regsvr32 /s c:\windows\comctl32.ocx
              6⤵
              • Loads dropped DLL
              • Modifies registry class
              PID:2028
            • C:\Windows\SysWOW64\regsvr32.exe
              regsvr32 /s c:\windows\mscomctl.ocx
              6⤵
                PID:4768
              • \??\c:\windows\antivirus-platinum.exe
                c:\windows\antivirus-platinum.exe
                6⤵
                  PID:4760
                • C:\Windows\SysWOW64\attrib.exe
                  attrib +h c:\windows\antivirus-platinum.exe
                  6⤵
                  • Views/modifies file attributes
                  PID:3048
          • C:\Windows\system32\timeout.exe
            timeout /t 2
            3⤵
            • Delays execution with timeout.exe
            PID:2424
          • C:\Users\Admin\AppData\Local\Temp\Trojan\Antivirus.exe
            Antivirus.exe
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            PID:1852
            • C:\Windows\SysWOW64\net.exe
              net stop wscsvc
              4⤵
                PID:3468
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 stop wscsvc
                  5⤵
                    PID:1464
                • C:\Windows\SysWOW64\net.exe
                  net stop winmgmt /y
                  4⤵
                    PID:4784
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 stop winmgmt /y
                      5⤵
                        PID:1908
                    • C:\Windows\SysWOW64\net.exe
                      net start winmgmt
                      4⤵
                        PID:368
                        • C:\Windows\SysWOW64\net1.exe
                          C:\Windows\system32\net1 start winmgmt
                          5⤵
                            PID:3784
                        • C:\Windows\SysWOW64\net.exe
                          net start wscsvc
                          4⤵
                            PID:4804
                            • C:\Windows\SysWOW64\net1.exe
                              C:\Windows\system32\net1 start wscsvc
                              5⤵
                                PID:1192
                            • C:\Windows\SysWOW64\Wbem\mofcomp.exe
                              mofcomp C:\Users\Admin\AppData\Local\Temp\4otjesjty.mof
                              4⤵
                                PID:1100
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                              runaway.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:2360
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                              runaway.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:1468
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                              runaway.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:4412
                            • C:\Windows\system32\taskkill.exe
                              taskkill /IM lsass.exe /F
                              3⤵
                              • Kills process with taskkill
                              • Suspicious use of AdjustPrivilegeToken
                              PID:3904
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                              runaway.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:3772
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                              runaway.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:2808
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\Badgame.exe
                              Badgame.exe
                              3⤵
                              • Executes dropped EXE
                              PID:4672
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                              runaway.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:4748
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                              runaway.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:1252
                            • C:\Users\Admin\AppData\Local\Temp\Trojan\Hydra.exe
                              Hydra.exe
                              3⤵
                                PID:1428
                              • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                runaway.exe
                                3⤵
                                  PID:1940
                                • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                  runaway.exe
                                  3⤵
                                    PID:1632
                                  • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                    runaway.exe
                                    3⤵
                                      PID:2420
                                    • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                      runaway.exe
                                      3⤵
                                        PID:4984
                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                        runaway.exe
                                        3⤵
                                          PID:4408
                                        • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                          runaway.exe
                                          3⤵
                                            PID:2772
                                          • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                            runaway.exe
                                            3⤵
                                              PID:2908
                                            • C:\Users\Admin\AppData\Local\Temp\Trojan\Melting.exe
                                              Melting.exe
                                              3⤵
                                                PID:3212
                                              • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                                runaway.exe
                                                3⤵
                                                  PID:1072
                                                • C:\Users\Admin\AppData\Local\Temp\Trojan\Melting.exe
                                                  Melting.exe
                                                  3⤵
                                                    PID:2364
                                                  • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                                    runaway.exe
                                                    3⤵
                                                      PID:2688
                                                    • C:\Users\Admin\AppData\Local\Temp\Trojan\SGen.exe
                                                      SGen.exe
                                                      3⤵
                                                        PID:924
                                                        • C:\Windows\SysWOW64\wscript.exe
                                                          wscript.exe "C:\Users\Admin\AppData\Local\Temp\SFC55BC.tmp.vbs"
                                                          4⤵
                                                            PID:2428
                                                        • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                                          runaway.exe
                                                          3⤵
                                                            PID:3476
                                                          • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe
                                                            runaway.exe
                                                            3⤵
                                                              PID:3592
                                                            • C:\Windows\system32\timeout.exe
                                                              timeout /t 10
                                                              3⤵
                                                              • Delays execution with timeout.exe
                                                              PID:4904
                                                            • C:\Users\Admin\AppData\Local\Temp\Trojan\Melting.exe
                                                              Melting.exe
                                                              3⤵
                                                                PID:4876
                                                              • C:\Users\Admin\AppData\Local\Temp\Trojan\Melting.exe
                                                                Melting.exe
                                                                3⤵
                                                                  PID:4208
                                                                • C:\Users\Admin\AppData\Local\Temp\Trojan\Melting.exe
                                                                  Melting.exe
                                                                  3⤵
                                                                    PID:1444
                                                                  • C:\Users\Admin\AppData\Local\Temp\Trojan\PCOptimizerProInstaller.exe
                                                                    PCOptimizerProInstaller.exe
                                                                    3⤵
                                                                      PID:4836
                                                                    • C:\Users\Admin\AppData\Local\Temp\Trojan\VirusCan.exe
                                                                      VirusCan.exe
                                                                      3⤵
                                                                        PID:4396
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9006.tmp\VirusCan.bat""
                                                                          4⤵
                                                                            PID:4764
                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                              cmd.exe
                                                                              5⤵
                                                                                PID:1036
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                cmd.exe
                                                                                5⤵
                                                                                  PID:2064
                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                  cmd.exe
                                                                                  5⤵
                                                                                    PID:3952
                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                    cmd.exe
                                                                                    5⤵
                                                                                      PID:5048
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      cmd.exe
                                                                                      5⤵
                                                                                        PID:704
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd.exe
                                                                                        5⤵
                                                                                          PID:3432
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          cmd.exe
                                                                                          5⤵
                                                                                            PID:1204
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            cmd.exe
                                                                                            5⤵
                                                                                              PID:720
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              cmd.exe
                                                                                              5⤵
                                                                                                PID:5064
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd.exe
                                                                                                5⤵
                                                                                                  PID:1668
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  cmd.exe
                                                                                                  5⤵
                                                                                                    PID:4456
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    cmd.exe
                                                                                                    5⤵
                                                                                                      PID:5000
                                                                                                • C:\Users\Admin\AppData\Local\Temp\Trojan\matrix.exe
                                                                                                  matrix.exe
                                                                                                  3⤵
                                                                                                    PID:2156
                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\912F.tmp\9130.tmp\9131.bat C:\Users\Admin\AppData\Local\Temp\Trojan\matrix.exe"
                                                                                                      4⤵
                                                                                                        PID:4996
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Trojan\bomb.exe
                                                                                                      bomb.exe
                                                                                                      3⤵
                                                                                                        PID:2612
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\ChilledWindows.exe
                                                                                                        ChilledWindows.exe
                                                                                                        3⤵
                                                                                                          PID:4868
                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x514 0x300
                                                                                                      1⤵
                                                                                                        PID:2008

                                                                                                      Network

                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                      Replay Monitor

                                                                                                      Loading Replay Monitor...

                                                                                                      Downloads

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                                                        Filesize

                                                                                                        896KB

                                                                                                        MD5

                                                                                                        f0b946514d137c5a4a96715078d18c6f

                                                                                                        SHA1

                                                                                                        5329a5fc267b0c96edddf260b84f4c1593000c8b

                                                                                                        SHA256

                                                                                                        2d71e466959ba530aa3fa1fe675d01515d91df3cb3b94ae396f15e25ccf6cfc0

                                                                                                        SHA512

                                                                                                        6fd7d887d811c67ee0e2312629781266cda2759dcd4bd64eaaff588eae877504d6527d899cf546fbae32ad7b989e8f30316308eb33aebf34f883b56c46d96ef5

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

                                                                                                        Filesize

                                                                                                        9KB

                                                                                                        MD5

                                                                                                        7050d5ae8acfbe560fa11073fef8185d

                                                                                                        SHA1

                                                                                                        5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                        SHA256

                                                                                                        cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                        SHA512

                                                                                                        a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2025.tmp\302746537.bat

                                                                                                        Filesize

                                                                                                        348B

                                                                                                        MD5

                                                                                                        7d8beb22dfcfacbbc2609f88a41c1458

                                                                                                        SHA1

                                                                                                        52ec2b10489736b963d39a9f84b66bafbf15685f

                                                                                                        SHA256

                                                                                                        4aa9ed4b38514f117e6e4f326cb0a1be7f7b96199e21305e2bd6dce289d7baa2

                                                                                                        SHA512

                                                                                                        a26cf9168cf7450435a9fe8942445511f6fda1087db52bd73e335d6f5b544fc892999019d9291d9dcc60c3656de49688f6d63282c97706e2db286f988e44fd94

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\4otjesjty.mof

                                                                                                        Filesize

                                                                                                        443B

                                                                                                        MD5

                                                                                                        7fad92afda308dca8acfc6ff45c80c24

                                                                                                        SHA1

                                                                                                        a7fa35e7f90f772fc943c2e940737a48b654c295

                                                                                                        SHA256

                                                                                                        76e19416eb826a27bdcf626c3877cf7812bbe9b62cc2ccc5c2f65461d644246f

                                                                                                        SHA512

                                                                                                        49eed1e1197401cb856064bf7fdbd9f3bc57f3c864d47f509346d44eed3b54757d8c6cdb6254990d21291065f0762d2a1588d09e43c5728f77a420f6a8dcd6ea

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\9006.tmp\VirusCan.bat

                                                                                                        Filesize

                                                                                                        82B

                                                                                                        MD5

                                                                                                        55dcde25c122c782757989a3c275fea2

                                                                                                        SHA1

                                                                                                        a669581a58e6aa602cbdaf690e3e365fa4de570f

                                                                                                        SHA256

                                                                                                        3aad2d3f7f3c5ef2676e33cc3be636f1929cf106707e88068ed8eee1ecfcb916

                                                                                                        SHA512

                                                                                                        b9cd00ffc8e42d2cd1f37a3312655c12423c8fb145910ee2ac8abf0d06b5942b5754fdd60d6b94a125c3bf3a1e7818eded0bfe662dc3992dac10d9df3fcaa5f2

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\912F.tmp\9130.tmp\9131.bat

                                                                                                        Filesize

                                                                                                        193B

                                                                                                        MD5

                                                                                                        d03b3332e0eb70b0f9a987cabe089c17

                                                                                                        SHA1

                                                                                                        7d27ee89e5e7f02544728d9f5d227945eba76e56

                                                                                                        SHA256

                                                                                                        9f97ce1430fea18a99efb1ad2e09b838dc52ffd2ccf9e5590c173e02cc9a8f88

                                                                                                        SHA512

                                                                                                        83a7da815aca90fee495ed7ad2ee56e6c480942ffef0cbba6819ae9bc66c5a2a6c76f86a815da9cac42b721fd68cec7e10c38a07178c8a22db3546fad74e28b0

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\B7.tmp\C7.tmp\C8.bat

                                                                                                        Filesize

                                                                                                        853B

                                                                                                        MD5

                                                                                                        9eed2c0c3293d9424e3edacf3b36615d

                                                                                                        SHA1

                                                                                                        1d7743263a25661055549dd913ec5c654fa99ffd

                                                                                                        SHA256

                                                                                                        9780bbabc18e0a4cf00c87ffe12c36804fd1180c7e62ceb3f244820224dd15b2

                                                                                                        SHA512

                                                                                                        cedcd3b4ea56f4495e5f0baf20795c1296130f65d5512b4a7adabd1cfc46c2af0f94e5678a74b9fc181371d2e34239bc1d833f908e599f7389ee53cd55a8b746

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\SFC55BC.tmp.vbs

                                                                                                        Filesize

                                                                                                        748B

                                                                                                        MD5

                                                                                                        c9f89015e169c812c60401d74883575f

                                                                                                        SHA1

                                                                                                        213bb6cde1d5930dcfa5e5584e42d52c4d160108

                                                                                                        SHA256

                                                                                                        77ea383219c8c3933d138f10154a1004e89384fa372d38bd6a372f9ba14f5056

                                                                                                        SHA512

                                                                                                        c75b20a0268d226ea452ba1c956b7c996a84ecfaad372a0b21745b2d466143d0f6536485d70cc4abb10fda8f70c657f027ada2caaeb399fa780ca7c0551b714e

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\Antivirus.exe

                                                                                                        Filesize

                                                                                                        2.0MB

                                                                                                        MD5

                                                                                                        c7e9746b1b039b8bd1106bca3038c38f

                                                                                                        SHA1

                                                                                                        cb93ac887876bafe39c5f9aa64970d5e747fb191

                                                                                                        SHA256

                                                                                                        b1369bd254d96f7966047ad4be06103830136629590182d49e5cb8680529ebd4

                                                                                                        SHA512

                                                                                                        cf5d688f1aec8ec65c1cb91d367da9a96911640c695d5c2d023836ef11e374ff158c152b4b6207e8fcdb5ccf0eed79741e080f1cbc915fe0af3dacd624525724

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\AntivirusPlatinum.exe

                                                                                                        Filesize

                                                                                                        739KB

                                                                                                        MD5

                                                                                                        382430dd7eae8945921b7feab37ed36b

                                                                                                        SHA1

                                                                                                        c95ddaebe2ae8fbcb361f3bf080d95a7bb5bf128

                                                                                                        SHA256

                                                                                                        70e5e902d0ac7534838b743c899f484fe10766aefacc6df697219387a8e3d06b

                                                                                                        SHA512

                                                                                                        26abc02bde77f0b94613edc32e0843ac71a0a8f3d8ba01cb94a42c047d0be7befef52a81984e9a0fa867400082a8905e7a63aaaf85fa32a03d27f7bc6a548c3b

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\Badgame.exe

                                                                                                        Filesize

                                                                                                        61KB

                                                                                                        MD5

                                                                                                        ebfbd478a8cfc0fb645b8559973690cb

                                                                                                        SHA1

                                                                                                        88ec8dff51b53beed128582bcaf86ea81f684a0f

                                                                                                        SHA256

                                                                                                        62c99ea25fea9d3e5917114ada0406a333b1506697bd2bc28e9d676655232a59

                                                                                                        SHA512

                                                                                                        30c5dbaf97d3b43edca2e0c9f98fe3e45a2b508880021ce624145549b295c46f4468118c2f5051be402d4eeb3d9791a5eb27f1cc242b3a639b8318be49315f82

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\ChilledWindows.exe

                                                                                                        Filesize

                                                                                                        384KB

                                                                                                        MD5

                                                                                                        3af1b0b662b69350dbf6538af1c8b511

                                                                                                        SHA1

                                                                                                        85ff40507b60ee30f67c80b1125c3e59534a7581

                                                                                                        SHA256

                                                                                                        b67351f0f92fde3916f5c58d0decd40b3e09ab6ae360a1605ead29c06141bb58

                                                                                                        SHA512

                                                                                                        d624ad7ea669e5f55b033a938d6939ffe70f01008e58aeb984a34c851b0e89ea6788bc3171e68045a1547ed6addfd4c0d4c04ecc4505e3da0711b613c7d6e8f3

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\ChilledWindows.exe

                                                                                                        Filesize

                                                                                                        512KB

                                                                                                        MD5

                                                                                                        b531fc651f4a343a0b435a629db6eb8a

                                                                                                        SHA1

                                                                                                        98e9adc1dd5cee987cff1a4a13a6f77f16cf600b

                                                                                                        SHA256

                                                                                                        eeb5c8dc11d30326379ef6c929be50de3492900d09e34a70007cbab7301ac848

                                                                                                        SHA512

                                                                                                        9606c2e0b342f8b0e4f4184f4abf4c4df2de8e97c4d32c75f40919962e9c95ba70f6108834b23adc8d45400f86633a3bfde88a01d81a8cdd737d8f638458f2e5

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\Hydra.exe

                                                                                                        Filesize

                                                                                                        43KB

                                                                                                        MD5

                                                                                                        b2eca909a91e1946457a0b36eaf90930

                                                                                                        SHA1

                                                                                                        3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

                                                                                                        SHA256

                                                                                                        0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

                                                                                                        SHA512

                                                                                                        607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\Melting.exe

                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        833619a4c9e8c808f092bf477af62618

                                                                                                        SHA1

                                                                                                        b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

                                                                                                        SHA256

                                                                                                        92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

                                                                                                        SHA512

                                                                                                        4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\PCOptimizerProInstaller.exe

                                                                                                        Filesize

                                                                                                        2.7MB

                                                                                                        MD5

                                                                                                        252d1457cab5364d964d0c773acacb93

                                                                                                        SHA1

                                                                                                        7f0efc9f153803869ebb1b734651586e2f2900fb

                                                                                                        SHA256

                                                                                                        acb40687e1c65626d480a10cfb9738fe991f34016fe6b17110725cccbc744daf

                                                                                                        SHA512

                                                                                                        9584f36254810c5a217683c81e1b2a6cc7ae47e65906e04a0d7c83b0e9b8de1d96a0efa505ee4f8ba52a9a97aa0defc271fe5c0d42ec2f05881890d908175e36

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\PCOptimizerProInstaller.exe

                                                                                                        Filesize

                                                                                                        1.4MB

                                                                                                        MD5

                                                                                                        383d3cc27ee48f389a201f7e091848d1

                                                                                                        SHA1

                                                                                                        82d72ecdafd5e7c2512950f76efe2ed6f8f73373

                                                                                                        SHA256

                                                                                                        8f6d5742a2491c4ab07cf86dda417af66c3a18142d3f74550707396d5089a7e7

                                                                                                        SHA512

                                                                                                        d2a754eff29e0de496ee531a68547a6078f5344225d0a1e9b23b40b0b5e3dda5d5b88bfd4b51e50dd2192ee1d5d12570435d586bb1c351dc16b9d2a6ae5eebc9

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\SGen.exe

                                                                                                        Filesize

                                                                                                        16KB

                                                                                                        MD5

                                                                                                        3e20f1b0a3bb4c8608844e47d92d2121

                                                                                                        SHA1

                                                                                                        e2f84e46d4e63cbd091feeca686814752519596e

                                                                                                        SHA256

                                                                                                        a23284c86e2b640fce315419157db159355efa61f0ed1b70e716584aa77b6793

                                                                                                        SHA512

                                                                                                        1047304be5dcca4b71fed0c76db3bd4c42fcd2b163b6d93dc27be16fe90579d6a8c40655e76132b398ad430dadf7238267342adc2206025c9a77998c4214dd6b

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\VirusCan.exe

                                                                                                        Filesize

                                                                                                        25KB

                                                                                                        MD5

                                                                                                        8edb51ed1d3241c4f026bb0d5de20f89

                                                                                                        SHA1

                                                                                                        9453b850f98062c0b3955a58c295a662be605efb

                                                                                                        SHA256

                                                                                                        c26fc73c59765b9f8df9cf66f6bb81ce099097804a9f0bd4660f3f80e0639f47

                                                                                                        SHA512

                                                                                                        0217f034da40cbe924ee8e73b024a3c5d86de1b7b12881d1b2909da2aba39661526b712acf9b390d000940ffbf3746e65a5687b7782635c24e844b36560c59f2

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\bomb.exe

                                                                                                        Filesize

                                                                                                        96KB

                                                                                                        MD5

                                                                                                        05ad3f85b73e5ff86504f8dcc55b5d42

                                                                                                        SHA1

                                                                                                        927d4554328cc6d767a566c3c6cb54c16d58857a

                                                                                                        SHA256

                                                                                                        124cf5ca90e7aaede685fe0cda72b6a63b80583d2d5ec04d5baeb4a1851c48af

                                                                                                        SHA512

                                                                                                        6fda7808e0b96caf3a1ff35734fec63f1e78cca6ae0abaa54fd5dd7bca6299a587b8f2c455b9385d7cf9b9cd9b74edbab1e37d8f98e8777059b3c3e2964feb18

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\chilledwindows.mp4

                                                                                                        Filesize

                                                                                                        256KB

                                                                                                        MD5

                                                                                                        9428747737910337c0db28c464233343

                                                                                                        SHA1

                                                                                                        7194b2a497994e977f012d037fea32e638f4174a

                                                                                                        SHA256

                                                                                                        5d22e3a494f22cc03ccbc5d4bc5716d345708b8d943a5ff8f1ebc314e532631a

                                                                                                        SHA512

                                                                                                        97ee18c81dcaf6eff8fd4438f65977b49d6a5c16d9f8e1f64f013dc9507cf77275c7d08c1a5b161738c3b3752013263f0b54efee4f819f1a5bb4f27f32992325

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\matrix.exe

                                                                                                        Filesize

                                                                                                        121KB

                                                                                                        MD5

                                                                                                        83726a8767faba50ea1b5f31afef5938

                                                                                                        SHA1

                                                                                                        70165dcc633f3390d98ae08c731113b007069737

                                                                                                        SHA256

                                                                                                        e2636cb5e2b2ff10b27e3050e88801620494654017751d41e5a0725a5ce3b6c4

                                                                                                        SHA512

                                                                                                        e190e655c4df6ed6b79a8bff97c56a8c736753ce86f181f1fb15a4c57914bec0f1b1a3c8736e49a715191f2e6637a67be2a58354187365894c5d846518d7e301

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                        MD5

                                                                                                        979b597855746aee2f30ee74f9d7c163

                                                                                                        SHA1

                                                                                                        56dd0b4bbc5ddcc3fab99ea2e8f781d8b7c7c05f

                                                                                                        SHA256

                                                                                                        dc6ee4edbbbe1116a200b928f2b62dbc55594a9f79152bbb0076161a58546c11

                                                                                                        SHA512

                                                                                                        6b7411b23fa0be275070bb08edb0293f7c5c00fffb7746afe0b4368e0a45e4c2743d3ef86417a610021577f70253bb0ca1c5d3398ac93d22d6672d2b16e0ec4e

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Trojan\runaway.exe

                                                                                                        MD5

                                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                                        SHA1

                                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                        SHA256

                                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                        SHA512

                                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsh8A98.tmp\GetVersion.dll

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        dc9562578490df8bc464071f125bfc19

                                                                                                        SHA1

                                                                                                        56301a36ae4e3f92883f89f86b5d04da1e52770d

                                                                                                        SHA256

                                                                                                        0351fe33a6eb13417437c1baaee248442fb1ecc2c65940c9996bcda574677c3f

                                                                                                        SHA512

                                                                                                        9242f8e8ece707874ef61680cbfcba7fc810ec3a03d2cb2e803da59cc9c82badd71be0e76275574bc0c44cdfcef9b6db4e917ca8eb5391c5ae4b37e226b0c321

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsh8A98.tmp\LangDLL.dll

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        de3558ce305e32f742ff25b697407fec

                                                                                                        SHA1

                                                                                                        d55c50c546001421647f2e91780c324dbb8d6ebb

                                                                                                        SHA256

                                                                                                        98160b4ebb4870f64b13a45f5384b693614ae5ca1b5243edf461ca0b5a6d479a

                                                                                                        SHA512

                                                                                                        7081654001cba9263e6fb8d5b8570ba29a3de89621f52524aa7941ba9e6dfd963e5ef7b073f193b9df70300af04d7f72f93d0241d8c70ccdbecfd9092e166cac

                                                                                                      • C:\Windows\302746537.exe

                                                                                                        Filesize

                                                                                                        22KB

                                                                                                        MD5

                                                                                                        8703ff2e53c6fd3bc91294ef9204baca

                                                                                                        SHA1

                                                                                                        3dbb8f7f5dfe6b235486ab867a2844b1c2143733

                                                                                                        SHA256

                                                                                                        3028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035

                                                                                                        SHA512

                                                                                                        d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204

                                                                                                      • C:\Windows\COMCTL32.OCX

                                                                                                        Filesize

                                                                                                        595KB

                                                                                                        MD5

                                                                                                        821511549e2aaf29889c7b812674d59b

                                                                                                        SHA1

                                                                                                        3b2fd80f634a3d62277e0508bedca9aae0c5a0d6

                                                                                                        SHA256

                                                                                                        f59cdf89f0f522ce3662e09fa847bca9b277b006c415dcc0029b416c347db9c4

                                                                                                        SHA512

                                                                                                        8b2e805b916e5fbfcccb0f4189372aea006789b3847b51018075187135e9b5db9098f704c1932623f356db0ee327e1539a9bf3729947e92844a26db46555e8cd

                                                                                                      • C:\Windows\MSCOMCTL.OCX

                                                                                                        Filesize

                                                                                                        896KB

                                                                                                        MD5

                                                                                                        fdc0e14efd143d956d8ba0e423644c8f

                                                                                                        SHA1

                                                                                                        20c966fc327b5629af85151245853b84f178561e

                                                                                                        SHA256

                                                                                                        91646395e27b321b465797f65d9a67f2c891902cc8daf3885b94230cdf83ace3

                                                                                                        SHA512

                                                                                                        102d7e362307b7a09d149099792ac08bd9af2a32d20c839cb6891896ba10bcd0080b32eee7bbf51414d98b9ccd9e2b77d4a7aad9aa9bb635e7019d9fb4f5487d

                                                                                                      • C:\Windows\MSCOMCTL.OCX

                                                                                                        Filesize

                                                                                                        1.0MB

                                                                                                        MD5

                                                                                                        714cf24fc19a20ae0dc701b48ded2cf6

                                                                                                        SHA1

                                                                                                        d904d2fa7639c38ffb6e69f1ef779ca1001b8c18

                                                                                                        SHA256

                                                                                                        09f126e65d90026c3f659ff41b1287671b8cc1aa16240fc75dae91079a6b9712

                                                                                                        SHA512

                                                                                                        d375fd9b509e58c43355263753634368fa711f02a2235f31f7fa420d1ff77504d9a29bb70ae31c87671d50bd75d6b459379a1550907fbe5c37c60da835c60bc1

                                                                                                      • \??\c:\windows\antivirus-platinum.exe

                                                                                                        Filesize

                                                                                                        9KB

                                                                                                        MD5

                                                                                                        cd1800322ccfc425014a8394b01a4b3d

                                                                                                        SHA1

                                                                                                        171073975effde1c712dfd86309457fd457aed33

                                                                                                        SHA256

                                                                                                        8115de4ad0b7e589852f521eb4260c127f8afeaa3b0021bfc98e4928a4929ac0

                                                                                                        SHA512

                                                                                                        92c22c025fd3a61979fa718bf2e89a86e51bf7e69c421a9534fbf9c2d5b23b7a9224d0e9f3e0501992038837015214d1ef73b532a68b7d19de559c9ab9c6e5f6

                                                                                                      • \??\c:\windows\mscomctl.ocx

                                                                                                        Filesize

                                                                                                        960KB

                                                                                                        MD5

                                                                                                        c83e5b6cdfbe073bcdd83167c04d9e3b

                                                                                                        SHA1

                                                                                                        c99a2672f4e8daa62c8d5e0406bf246b8f8e1858

                                                                                                        SHA256

                                                                                                        a5c57d1640a116dfaaff15f5c0f60c78de6e5a8d91627688f9afa75cbb1f8735

                                                                                                        SHA512

                                                                                                        9bc032bc10b46629379d4aeb34976b5ca838d78008581f09cc5112afeabf03fd661be22d8a82e95ced161f2b6be7b9c3c8c79fb274faf32cada9d372ea17b16b

                                                                                                      • memory/1072-154-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1104-119-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1104-52-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1104-164-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1252-160-0x00000000027F0000-0x0000000002800000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1252-96-0x00000000027F0000-0x0000000002800000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1252-140-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1252-95-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1428-161-0x00000000050D0000-0x00000000050E0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1428-100-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1428-141-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1428-98-0x00000000052A0000-0x00000000052AA000-memory.dmp

                                                                                                        Filesize

                                                                                                        40KB

                                                                                                      • memory/1428-97-0x00000000050D0000-0x00000000050E0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1428-91-0x0000000000830000-0x0000000000840000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1468-115-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1468-82-0x0000000005760000-0x0000000005770000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1468-121-0x0000000005760000-0x0000000005770000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1468-72-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1632-104-0x0000000004A10000-0x0000000004A20000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1632-173-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1632-170-0x0000000004A10000-0x0000000004A20000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1632-102-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1940-101-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/1940-168-0x00000000051E0000-0x00000000051F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/1940-162-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2360-128-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2360-76-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2360-131-0x0000000004D60000-0x0000000004D70000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2360-85-0x0000000004D60000-0x0000000004D70000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2360-69-0x0000000000390000-0x0000000000398000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                      • memory/2420-111-0x0000000004A80000-0x0000000004A90000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2420-194-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2420-105-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2688-167-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2688-165-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2772-118-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2808-93-0x0000000004930000-0x0000000004940000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2808-120-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2808-157-0x0000000004930000-0x0000000004940000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2808-79-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2908-143-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/3476-169-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/3592-171-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/3772-78-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/3772-122-0x0000000005500000-0x0000000005510000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/3772-74-0x0000000005A40000-0x0000000005FE4000-memory.dmp

                                                                                                        Filesize

                                                                                                        5.6MB

                                                                                                      • memory/3772-116-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/3772-86-0x0000000005500000-0x0000000005510000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4396-239-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4396-247-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4396-199-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4408-117-0x0000000004B80000-0x0000000004B90000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4408-113-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/4412-129-0x0000000005800000-0x0000000005810000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4412-87-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/4412-75-0x0000000005750000-0x00000000057E2000-memory.dmp

                                                                                                        Filesize

                                                                                                        584KB

                                                                                                      • memory/4412-155-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/4412-81-0x0000000005800000-0x0000000005810000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4672-137-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                        Filesize

                                                                                                        56KB

                                                                                                      • memory/4748-92-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/4748-159-0x0000000000C40000-0x0000000000C50000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4748-139-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/4760-149-0x0000000000400000-0x000000000040D000-memory.dmp

                                                                                                        Filesize

                                                                                                        52KB

                                                                                                      • memory/4836-201-0x0000000074A00000-0x0000000074A09000-memory.dmp

                                                                                                        Filesize

                                                                                                        36KB

                                                                                                      • memory/4836-200-0x0000000074A00000-0x0000000074A09000-memory.dmp

                                                                                                        Filesize

                                                                                                        36KB

                                                                                                      • memory/4984-112-0x0000000005400000-0x0000000005410000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/4984-110-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/4984-198-0x0000000073E00000-0x00000000745B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB