Analysis

  • max time kernel
    347s
  • max time network
    423s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-03-2024 00:02

General

  • Target

    cut-the-ropeSetup.exe

  • Size

    110KB

  • MD5

    e042e46f80881694c723ccdaa75a7157

  • SHA1

    cfd87abf784e9ff1f56cdd323e248da16de54e74

  • SHA256

    11930296db161845cdde2abb9417b0f74c4972130c4bf4ab0da444daadc94e51

  • SHA512

    b6efbd9d919c30ad3e32990fcfb7ac3665ee70e218814afaa1247bc2682e03729d1eb4f216e6bcb00642c8c5b03638b72a2cf862d9ff3151cdf44f853c956747

  • SSDEEP

    1536:TLXB65939tY6HBg4sXJ1UviBhkohVKJjFhaLeT99+eLnVPUviBhkohVKJjFhvOcC:TLk395hYXJ1UvUWXsP2nxUvUWX8bnmi

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Executes dropped EXE 17 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 51 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000006 -config.uri=https://www.iwin.com/ -config.channelName=IWinStreaming -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"
      2⤵
      • Executes dropped EXE
      PID:408
      • C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000006 -config.uri="https://www.iwin.com/" -config.channelName="iWin" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="iWin Games" -autoupdate=1 -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"
        3⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:668
        • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe
          "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe" /S --no-desktop-shortcut
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4024
        • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
          "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" -config.uri=https://www.iwin.com/ -config.channel="20000006" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Modifies system certificate store
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:4580
          • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
            "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=9AD41E2F5823829E6B25458541096087 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=9AD41E2F5823829E6B25458541096087 --renderer-client-id=2 --mojo-platform-channel-handle=2904 /prefetch:1
            5⤵
            • Executes dropped EXE
            PID:1300
          • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
            "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=E665B2756EEC633431596A8B867B28A4 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=E665B2756EEC633431596A8B867B28A4 --renderer-client-id=3 --mojo-platform-channel-handle=3300 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:4812
          • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
            "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=7424973D9770AF66239CCF2A1AD185E0 --mojo-platform-channel-handle=4256 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            PID:3080
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 808
              6⤵
              • Program crash
              PID:1496
          • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
            "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=4A7943E000443DAFAE3A07E497F62355 --mojo-platform-channel-handle=4052 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            PID:2976
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 808
              6⤵
              • Program crash
              PID:4640
          • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
            "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=3E5EAA1785E2630B281E56CD4CCC252D --mojo-platform-channel-handle=4292 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            PID:444
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 808
              6⤵
              • Program crash
              PID:5012
          • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
            "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=F7C1EDAF8F5783A9A90BCBBD2CA79DCF --mojo-platform-channel-handle=4128 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            PID:4732
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 808
              6⤵
              • Program crash
              PID:4856
          • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe
            "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe" -cmdfile="C:\Users\Admin\AppData\Local\Temp\iwn2003.tmp"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2872
            • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe
              "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe" /q /norestart
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:3780
              • F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe
                F:\8e8ff0f4be4fc1002cb541df63e63b\\Setup.exe /q /norestart /x86 /x64
                7⤵
                • Executes dropped EXE
                • Checks processor information in registry
                • Suspicious behavior: EnumeratesProcesses
                PID:4548
          • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
            C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            PID:3272
          • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
            C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            PID:456
          • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
            C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            PID:3244
          • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
            C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            PID:5080
            • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRope.exe
              "CutTheRope.exe"
              6⤵
                PID:4292
            • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
              C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
              5⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              PID:4656
            • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
              C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
              5⤵
                PID:2188
              • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
                C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
                5⤵
                  PID:1944
                • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
                  C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
                  5⤵
                    PID:5052
                    • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRope.exe
                      "CutTheRope.exe"
                      6⤵
                        PID:2924
                    • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
                      C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
                      5⤵
                        PID:4664
                      • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
                        C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
                        5⤵
                          PID:5060
                        • C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
                          C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
                          5⤵
                            PID:2100
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5028 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
                    1⤵
                      PID:4272
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3080 -ip 3080
                      1⤵
                        PID:2248
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2976 -ip 2976
                        1⤵
                          PID:4808
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 444 -ip 444
                          1⤵
                            PID:1744
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4732 -ip 4732
                            1⤵
                              PID:4264
                            • C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              1⤵
                                PID:3792

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000005

                                Filesize

                                29KB

                                MD5

                                0a1cc39cc3f6049e8d97ebe2de642c32

                                SHA1

                                93d4f34e2d9212930a53cba847d2d86b3ace96d6

                                SHA256

                                92a177028e4c6d62950420ace948e04fd294a749ee5d1e998d05d053eb87853c

                                SHA512

                                00cb2f6187d1c4d511a0996db494f9716878962e884d271905f51c5fb6429fbad1a44ffcb87f0e5875756edb25e3530be4f4bc0a2a8744f3d100cffc5446a5b5

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000008

                                Filesize

                                76KB

                                MD5

                                9e43cf8291b8329e37a6bfdf93bc14b0

                                SHA1

                                324327736b057352c103532c93fe83bf2346fd7e

                                SHA256

                                b8918346990777fbe69a8313b69be49ca0ac147e21cdf5b6eeb44bd57beb0d15

                                SHA512

                                2352b8613813998e72f19adbe1df258dfe7530e51963de518afc0d23edef94511dd789a902b220801bf3c13370ddd3a1a0ea1233c77d6698bbf831a6c9192c88

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000a

                                Filesize

                                156KB

                                MD5

                                2c503b3f15f8cda76d58ad951bdbb987

                                SHA1

                                2479089f7d16d8e9518864f0242808f20abd7456

                                SHA256

                                febec47f17bade250d781ffcb762442915a8ec9fc1267a1a8d93459db5e3634d

                                SHA512

                                bfb599587efa3943b392546f5e6eda213cc310e7db3171c57787c16a45a663795281c70c9e245027f08c742ddf5f574d184bdfaa24dcb13876393770ec24680e

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000b

                                Filesize

                                69KB

                                MD5

                                5b5634f43da9ae707c5f389e45b6a8e6

                                SHA1

                                51dd4c5ae1924e6c63a05d701a9b78b3f2c40fbc

                                SHA256

                                4d59e1d4a4d0cfb922728b7160ee7b44e0cdde897cfe496211a997182178eed0

                                SHA512

                                5a3104fb1b67750a154b5eb42c868592fdba2d8732ab8da2747eeadf010fd82bc7a95384a4b64bf79c8f91954b201d73bcb1c0c08d5108395e319760808f0be4

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000c

                                Filesize

                                76KB

                                MD5

                                9aeba382f415068da5b68616b9d280a9

                                SHA1

                                165d18dfbd9b559ba57d9bdac728f988fddd95eb

                                SHA256

                                b4baa680bdb72e187bab3bf0cf9484efa19fc44edbaf25f01415d11fe4ba374c

                                SHA512

                                a5606b14a71934fe30a27566824abc129ced0951dc9d5d768cf61709e2d21b7ad240e4990db9d297fb259690b15e30893e41ba071ddd035f5e55cee405147055

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000f

                                Filesize

                                89KB

                                MD5

                                5a698b0d3ed3cdbfaab2fc2e70e5e660

                                SHA1

                                5173008a7472cdfa139e35edd5a40670af0511d1

                                SHA256

                                87dbb27ba187d83dc579e8258183f12dfd8402304ff642aa1f272b054f797264

                                SHA512

                                0c288c0d4f2c4db3d22fee43fe8e63b5c110840b53fcf4b71fd986af3f933a5c23371aba1cc32243284eb7f55e007b7c2e7dfd4d99b927ff7c42f40bbb3ac2de

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000014

                                Filesize

                                84KB

                                MD5

                                bdb09064d42e0e918c118b2fc5dfa11a

                                SHA1

                                88fca47b9a85b35ad6b51ad13dab2e0522140906

                                SHA256

                                5a076610a095b0bfc6fc5b3a77d232218b73410e064e7c1d8bdaee3c5003199c

                                SHA512

                                4f92738fc2521bf18bdde6aab64818d8d3d6e4f43b3617b4eeb3299763b6cf7da537567fc0b6ccfbf9d74d34cd094199599b58a8cf20dded51d0e8fcf5da3919

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000031

                                Filesize

                                93KB

                                MD5

                                e34464a2d220f462fd80e97940efc33a

                                SHA1

                                06b55be34ab621b27f93d327e0c0999e7bfc3824

                                SHA256

                                f62f6df8590faec594a11293fd0f0470bacc00908bc0518397a58e3ea05fa9a6

                                SHA512

                                07add3ee5e7bb3d568468ec51b89ef169851934141a896fecec2b1317afc1cab125a4ea9ba064521ab04aebdbebf0f65ae0b5af64d845a52469496c371b89d30

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000037

                                Filesize

                                20KB

                                MD5

                                87e8230a9ca3f0c5ccfa56f70276e2f2

                                SHA1

                                eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                SHA256

                                e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                SHA512

                                37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000043

                                Filesize

                                18KB

                                MD5

                                504d726b06b93a100f6ce2c4d393b4b5

                                SHA1

                                90815d0970e78bb1285e41500304bb27075dec4a

                                SHA256

                                b475291eb9bc1b3df2384135fb4ae15c33fceaefeb66fcba75e7ca8f0953b7ee

                                SHA512

                                b681b5180f5985148d80438f2f8afc10c273665aaf5de82ecac85dc4e312bb4e99a4584175303f4a1a4d652cb9713458e9a4d638e4be477e9fd13c55a16f9b8e

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000044

                                Filesize

                                30KB

                                MD5

                                696fc0502ddfe806d7ad0b7c63c523cb

                                SHA1

                                13af1b62118eddd27dc80496e656d08515a4c2a0

                                SHA256

                                1d4b520f7efa751759344f0aff0cb3748f9ebcbe6d1b2946c06ad132171647ee

                                SHA512

                                f40cf410126158f1c0694443cddf5fb7881c086276466cf9eea518ecade186af537f0a1bd8e8d09437c751b9793a7b711c31cef3caf61f68a742f33b58708008

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000046

                                Filesize

                                32KB

                                MD5

                                103708790db3586027df27ded660f8ef

                                SHA1

                                d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70

                                SHA256

                                fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe

                                SHA512

                                bb9fe97db1f3d0050f5d36e202a83cfa04903d09cd3e5996944aafbfd05f13ddbd13aeb361eec76b28941b4cd51ff0e2a58d37fbe8c8b08ba1ab88edac93dca3

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000048

                                Filesize

                                225KB

                                MD5

                                c10aa33f5593e6bfad40395a119b691c

                                SHA1

                                214c629df8ac528bc9af3a2674b7ffa0eb0e146c

                                SHA256

                                f0e4ca6c3678b4e80d3a676fefd4e2f3cdb7c68148ab8229c4fc5a050102dd2b

                                SHA512

                                749443e074c086a81176ddb4cceb43c8999ce58bd1349a5120ad696d7e8c4a4ce85ca535127f4d292422c7f653d33673e59f6cc0178f4d6724d09cb4e9a51032

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000049

                                Filesize

                                48KB

                                MD5

                                5711f8815489f44e6c7be7d0e38a1fc2

                                SHA1

                                96fe97be1fade741d037adfa2989058d10bdb5f8

                                SHA256

                                adaed962631180f5bb1684a044330acc1240f6bb44faeb62aa37cd72d7becbef

                                SHA512

                                74ac473b11b6a0cffb39c2a6f49d017ff2fd443f879cf2f6d876edef45af82ab31f37b9f30a339e65e2df99bd2515d726c1b6a22551c5230217c7f6d4bc44a81

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004a

                                Filesize

                                217KB

                                MD5

                                384f2e203afb9f4cb886e039a3249f48

                                SHA1

                                243fcd6aa75bd6a2a269b0fd0ec6dc743ca37c76

                                SHA256

                                7568b729bec1a79a773702afae3785e4741fb73e7405071b8a1dfd33e4841c08

                                SHA512

                                fb2dff7751878310a7ebd0d2d918d72f10548fbeb5877e2b3d49b1040fa52dacfb586e64f48c438ea99bf105569ace26a9ba8d91fc09de55203f5f2b1324db87

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004b

                                Filesize

                                261KB

                                MD5

                                dc56ccc23cac3a1afb92c90eb7f34bce

                                SHA1

                                20884a76481b8446243abe19a65a0160c20ea3ef

                                SHA256

                                fcb74db1f03e405e7b32a09b6e2c678dd57e1e104136b082eed6802eb54f0635

                                SHA512

                                5507fb1b5e48a6714fcecffc1e90650f0b32a0ce9f361c41f0319da716eb12880f850bc309ccaf4a17ab243af9059e6af9bddcd99eac83699605afbeae0c42ce

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004c

                                Filesize

                                345KB

                                MD5

                                a2034813f0d7e9c272cc8e114621b2c1

                                SHA1

                                0393f1fbfc95a493f068419efa9a0b24727e485c

                                SHA256

                                c3e82ddd61a8b3b0af4c54422bddfd44e540d723c28dd8a4efdf75e5c8162056

                                SHA512

                                5a00334b87222113ea4c7584bc1764536020f113d7c4954ea9c7183ef368b1e9a3899b478d59853d36ede4a3e9fdd7b08cc17fdcf48a6debb5efbee5121df211

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004d

                                Filesize

                                41KB

                                MD5

                                80cd8e11e0b8819ea4fbef40a0b39010

                                SHA1

                                ce762223a4ee8e9f8c558c4a00ecb335acaaf6fb

                                SHA256

                                eefca238087dcfb596cdff3ca27fbbc370d64dddfa5325edf9a0604410375df6

                                SHA512

                                f7366822ff4e0c2ec0f0322c115c11f32cfcc158447bfd4c8eafbb0a2786e0265f8990ce2f782f6637e139535d18c9a2683fb981a54b1edf257cd14a121a3488

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000059

                                Filesize

                                81KB

                                MD5

                                4942848dd80629325ad64ec0eb447f86

                                SHA1

                                2b3ec476c2554d91ae323d4f8aec3e4c724debac

                                SHA256

                                c44e3f430773066e863cff140b2b8a54edcb34bd371fa48c931435d9aa942b74

                                SHA512

                                9945df177bcdf138057ad5d3c5d1e7a3fadc09d99880f93d4152f01e207731a376cd2191d991548850fcb5b7d5c2692d90a9fa1b3888c5bc86fe8ed4a58f81ec

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\GPUCache\data_2

                                Filesize

                                8KB

                                MD5

                                0962291d6d367570bee5454721c17e11

                                SHA1

                                59d10a893ef321a706a9255176761366115bedcb

                                SHA256

                                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                SHA512

                                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\databases\https_www.iwin.com_0\2

                                Filesize

                                24KB

                                MD5

                                f1ac6beb03b6d9a05a9de585fe2d7c5c

                                SHA1

                                8c1d4989fb4dcc7271d1eeb024a4f932886e8f86

                                SHA256

                                87fb2357fc29f44cfdc286fd3d003ff60301c34196375a43d512ddcf92a71e90

                                SHA512

                                06d743b28f0efa8bab7c8fff74840c5b2766a0416721828034be6a9bf6af0c2cdf1dccee1bb0b11d7ebdaaae187831dae1b877f547d7c06c58bbe9eeacef5e1f

                              • C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

                                Filesize

                                2.4MB

                                MD5

                                9a8c7b2afe7e690c939061aa93082f0e

                                SHA1

                                e4e743364748192dd99389277fceae5a0b205d0b

                                SHA256

                                b85029e8eeff9ead46ebb2a0bb9e2cc3058f10a078cfcfa5f922a610f9df3326

                                SHA512

                                14f5904cefcc5389c9b79b341dff15e750cd5182421b168419d142e0f74ac49c7524abca04c41eeb90311f157873c43c8b160d6f3523ca603c3850ad47062ef4

                              • C:\Users\Admin\AppData\Local\Programs\iWin-Games-Notifier\iWin Games Notifier.exe

                                Filesize

                                3.4MB

                                MD5

                                8bf314e5bc558e530dae69ae5839d5f3

                                SHA1

                                a825ed53034668ce3c789fc642026ca3c6cb9674

                                SHA256

                                dcd85299dd78422ecf2d1555bb70434c2d0ae86c5c27f61357b1809f87445167

                                SHA512

                                d139a3e87cfed7387e4f36872592f709fc42a1270b817101dc775a5a6130c21ef32c34a76b3cd27170433e2ac6fd48576c0ce4a81781219807847a1b7eaaeae6

                              • C:\Users\Admin\AppData\Local\Temp\GameManager\DRMWorker\drmworker6899059330203837874

                                Filesize

                                80B

                                MD5

                                76755bc5bacfbe32e382996e34c5a21e

                                SHA1

                                c0ffa7b06de1e5a3bf680a05a0b30d7e8d26e2d0

                                SHA256

                                3280fd4c8a3658e14f03e584deb9e9ba928051f54aef0e4835c116f695f6738b

                                SHA512

                                f9a7aaf0f66f979d0897ba78de41075f7ff82bc36d7840f48da66be1ffa94c1c26f28569f63ac8bc3870ced0a5239c76d885d956010b3c692ba50f7fd44f7332

                              • C:\Users\Admin\AppData\Local\Temp\HFI5646.tmp.html

                                Filesize

                                15KB

                                MD5

                                cd131d41791a543cc6f6ed1ea5bd257c

                                SHA1

                                f42a2708a0b42a13530d26515274d1fcdbfe8490

                                SHA256

                                e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

                                SHA512

                                a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

                              • C:\Users\Admin\AppData\Local\Temp\nsh556A.tmp\WinShell.dll

                                Filesize

                                3KB

                                MD5

                                1cc7c37b7e0c8cd8bf04b6cc283e1e56

                                SHA1

                                0b9519763be6625bd5abce175dcc59c96d100d4c

                                SHA256

                                9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

                                SHA512

                                7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

                              • C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\INetC.dll

                                Filesize

                                25KB

                                MD5

                                e7ebd034dacf96fcc0c7a35c62477d21

                                SHA1

                                cd372d0607d94b48ac84a1738ed434df4d882f22

                                SHA256

                                dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2

                                SHA512

                                df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3

                              • C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\System.dll

                                Filesize

                                11KB

                                MD5

                                bf712f32249029466fa86756f5546950

                                SHA1

                                75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

                                SHA256

                                7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

                                SHA512

                                13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

                              • C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\nsProcess.dll

                                Filesize

                                4KB

                                MD5

                                f0438a894f3a7e01a4aae8d1b5dd0289

                                SHA1

                                b058e3fcfb7b550041da16bf10d8837024c38bf6

                                SHA256

                                30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

                                SHA512

                                f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

                              • C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe

                                Filesize

                                2.2MB

                                MD5

                                08b9d680ad84d123016433f77616264d

                                SHA1

                                d9899c0e80bfc85c1f910f832b910b93f7ac8de5

                                SHA256

                                b848325fb1622e962f7371781d052bc28e7935cd446fbd99e3c7d2cbadaff629

                                SHA512

                                da65c50bf648f7ff83a7cbe1bb975e3950ecc4cf1d2dbaa4c04e55c7916f5d68bb0a53c1bfc14f70489d243583672474b9067be35ce8ad26b6bb98d6fee34818

                              • C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe

                                Filesize

                                1.8MB

                                MD5

                                3a18f65d0951df9e67bfc11ced5c24f5

                                SHA1

                                aeb925b5a9fa5c1208125596fac15f4b0cf3dee4

                                SHA256

                                b3ab676e9f1512792236b613af6a73a62d12edecc8695ebeb78b4806919681b8

                                SHA512

                                cd91350d6e8fa0560f56bfdc40fa9c89e4d361006a3ab74ae7564f2d184d0c1c745574a74162091d4f960f46dd650915ee2291f6d78f1c4e4c0cd18c575754b0

                              • C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\NSISdl.dll

                                Filesize

                                14KB

                                MD5

                                a5f8399a743ab7f9c88c645c35b1ebb5

                                SHA1

                                168f3c158913b0367bf79fa413357fbe97018191

                                SHA256

                                dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

                                SHA512

                                824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

                              • C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\System.dll

                                Filesize

                                11KB

                                MD5

                                c17103ae9072a06da581dec998343fc1

                                SHA1

                                b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

                                SHA256

                                dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

                                SHA512

                                d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

                              • C:\Users\Admin\AppData\Roaming\iWin Games Notifier\installer.exe

                                Filesize

                                3.2MB

                                MD5

                                0676a955ce2d9fe004c537eb1aae28dd

                                SHA1

                                dd7aabe72fedbaf6bd87409bb99b002c019a53e9

                                SHA256

                                48ab7497a60fe97bde347685bf971d464cae3111a19c354f76dfbe19c0b37fd0

                                SHA512

                                aefafcccea7e9c95607b60d480f1f6418e1fa72bf7b484cbb860189769b4b47450a62673f3c19171525e6ebe8c320227b77c4310f35d47f319db51d2fad845e8

                              • memory/456-2731-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2724-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2713-0x0000000002940000-0x0000000002B4C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2719-0x0000000002940000-0x0000000002B4C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2723-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2730-0x0000000002940000-0x0000000002B4C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2726-0x0000000002940000-0x0000000002B4C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2725-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/456-2712-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1300-817-0x0000000000E70000-0x0000000000E71000-memory.dmp

                                Filesize

                                4KB

                              • memory/1944-2874-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1944-2875-0x0000000002980000-0x0000000002B8C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1944-2861-0x0000000002980000-0x0000000002B8C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/2100-3064-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/2100-3065-0x0000000002900000-0x0000000002B0C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/2100-3051-0x0000000002900000-0x0000000002B0C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/2188-2838-0x0000000002990000-0x0000000002B9C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/2188-2851-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/2188-2852-0x0000000002990000-0x0000000002B9C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/2924-3006-0x000000006CDE0000-0x000000006D590000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/2924-3110-0x000000006CDE0000-0x000000006D590000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/3244-2751-0x00000000029B0000-0x0000000002BBC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3244-2752-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3244-2747-0x00000000029B0000-0x0000000002BBC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3244-2745-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3244-2746-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3244-2744-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3244-2740-0x00000000029B0000-0x0000000002BBC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3244-2733-0x00000000029B0000-0x0000000002BBC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2705-0x0000000002A20000-0x0000000002C2C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2706-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2689-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2691-0x0000000002A20000-0x0000000002C2C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2697-0x0000000002A20000-0x0000000002C2C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2700-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2701-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2702-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/3272-2703-0x0000000002A20000-0x0000000002C2C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4292-2824-0x000000006CDE0000-0x000000006D590000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/4292-2822-0x000000006CDE0000-0x000000006D590000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/4292-2823-0x0000000000130000-0x00000000001E2000-memory.dmp

                                Filesize

                                712KB

                              • memory/4656-2790-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4656-2773-0x0000000002A60000-0x0000000002C6C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4656-2803-0x0000000002A60000-0x0000000002C6C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4656-2780-0x0000000002A60000-0x0000000002C6C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4656-2802-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4656-2788-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4664-2985-0x00000000028B0000-0x0000000002ABC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4664-3007-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4664-3008-0x00000000028B0000-0x0000000002ABC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/4812-825-0x0000000002A40000-0x0000000002A41000-memory.dmp

                                Filesize

                                4KB

                              • memory/5052-3017-0x0000000000400000-0x000000000068A000-memory.dmp

                                Filesize

                                2.5MB

                              • memory/5052-2983-0x0000000002AA0000-0x0000000002CAC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/5052-3020-0x0000000002AA0000-0x0000000002CAC000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/5060-3041-0x0000000002990000-0x0000000002B9C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/5060-3028-0x0000000002990000-0x0000000002B9C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/5060-3042-0x0000000000400000-0x000000000060C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/5080-2829-0x0000000002890000-0x0000000002A9C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/5080-2774-0x0000000002890000-0x0000000002A9C000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/5080-2789-0x0000000000400000-0x000000000068A000-memory.dmp

                                Filesize

                                2.5MB

                              • memory/5080-2787-0x0000000000400000-0x000000000068A000-memory.dmp

                                Filesize

                                2.5MB

                              • memory/5080-2765-0x0000000000400000-0x000000000068A000-memory.dmp

                                Filesize

                                2.5MB

                              • memory/5080-2828-0x0000000000400000-0x000000000068A000-memory.dmp

                                Filesize

                                2.5MB

                              • memory/5080-2767-0x0000000002890000-0x0000000002A9C000-memory.dmp

                                Filesize

                                2.0MB