d799fd57e288d45ad583b60ed3bef30460873cf07609235667d024e158b55ba7

Analysis

max time kernel
30s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TTDSCAMCLIENTV4.exe
Size

76.7MB
MD5

54dec6c887295f87f1fb0d01fdf73d8f
SHA1

c7777bf58065fee312c64f2cd83c1d5c23fa2bd2
SHA256

d799fd57e288d45ad583b60ed3bef30460873cf07609235667d024e158b55ba7
SHA512

89611690706fd6b757b46830c1ff5019f9f29808c7b58966a7b2ee92d0d97fdb38b0f20c9beff42d1e1a2fad9205f02cb79bdbce78abd8518973645b6e9abe1b
SSDEEP

1572864:ovbzj91WSk8IpG7V+VPhqb+TTE7UjxA7fEVWcRIsjHEYuMbkyyI6MWhFau6oUq4f:ovbzvWSkB05awb+TxtpEcRDkYlyvMgkd

Score

9^/10

evasion execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

Processes:

TTDSCAMCLIENTV4.exeTTDSCAMCLIENTV3.exe

description	ioc	process
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	TTDSCAMCLIENTV4.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	TTDSCAMCLIENTV3.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	TTDSCAMCLIENTV3.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	TTDSCAMCLIENTV4.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exe

pid process

1900 powershell.exe
6864 powershell.exe
Sets file to hidden 1 TTPs 1 IoCs
Modifies file attributes to stop it showing in Explorer etc.
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

4376 attrib.exe
Executes dropped EXE 2 IoCs

Processes:

TTDSCAMCLIENTV3.exeTTDSCAMCLIENTV3.exe

pid process

1904 TTDSCAMCLIENTV3.exe
6556 TTDSCAMCLIENTV3.exe

pid	process
1900	powershell.exe
6864	powershell.exe

pid	process
4376	attrib.exe

pid	process
1904	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe

Loads dropped DLL 64 IoCs

Processes:

TTDSCAMCLIENTV4.exe

pid	process
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI7482\python312.dll	upx
behavioral1/memory/3984-1255-0x00007FF94B400000-0x00007FF94BAD0000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libffi-8.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_ctypes.pyd	upx
behavioral1/memory/3984-1265-0x00007FF95FD30000-0x00007FF95FD3F000-memory.dmp	upx
behavioral1/memory/3984-1271-0x00007FF95B8E0000-0x00007FF95B90D000-memory.dmp	upx
behavioral1/memory/3984-1270-0x00007FF95C310000-0x00007FF95C329000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_lzma.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_bz2.pyd	upx
behavioral1/memory/3984-1264-0x00007FF95F100000-0x00007FF95F125000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_hashlib.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_wmi.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libcrypto-3.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libssl-3.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\charset_normalizer\md.cp312-win_amd64.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_queue.pyd	upx
behavioral1/memory/3984-1320-0x00007FF95B8C0000-0x00007FF95B8D5000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_ssl.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_tkinter.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_sqlite3.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_overlapped.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_multiprocessing.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_elementtree.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_decimal.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_cffi_backend.cp312-win_amd64.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_asyncio.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\zlib1.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\unicodedata.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\tk86t.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\tcl86t.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\sqlite3.dll	upx
behavioral1/memory/3984-1324-0x00007FF95B770000-0x00007FF95B7A3000-memory.dmp	upx
behavioral1/memory/3984-1343-0x00007FF95AC90000-0x00007FF95AC9B000-memory.dmp	upx
behavioral1/memory/3984-1345-0x00007FF951E30000-0x00007FF951E3D000-memory.dmp	upx
behavioral1/memory/3984-1344-0x00007FF95AC80000-0x00007FF95AC8B000-memory.dmp	upx
behavioral1/memory/3984-1342-0x00007FF95AEB0000-0x00007FF95AEBC000-memory.dmp	upx
behavioral1/memory/3984-1341-0x00007FF95B9E0000-0x00007FF95B9EB000-memory.dmp	upx
behavioral1/memory/3984-1340-0x00007FF952480000-0x00007FF95248C000-memory.dmp	upx
behavioral1/memory/3984-1339-0x00007FF95AC70000-0x00007FF95AC7C000-memory.dmp	upx
behavioral1/memory/3984-1338-0x00007FF95AE90000-0x00007FF95AE9C000-memory.dmp	upx
behavioral1/memory/3984-1337-0x00007FF95AEA0000-0x00007FF95AEAE000-memory.dmp	upx
behavioral1/memory/3984-1336-0x00007FF95AEC0000-0x00007FF95AECC000-memory.dmp	upx
behavioral1/memory/3984-1335-0x00007FF95B210000-0x00007FF95B21B000-memory.dmp	upx
behavioral1/memory/3984-1334-0x00007FF95B220000-0x00007FF95B22C000-memory.dmp	upx
behavioral1/memory/3984-1333-0x00007FF95B230000-0x00007FF95B23B000-memory.dmp	upx
behavioral1/memory/3984-1332-0x00007FF95B240000-0x00007FF95B24C000-memory.dmp	upx
behavioral1/memory/3984-1331-0x00007FF95B250000-0x00007FF95B25B000-memory.dmp	upx
behavioral1/memory/3984-1330-0x00007FF95BB70000-0x00007FF95BB7D000-memory.dmp	upx
behavioral1/memory/3984-1329-0x00007FF94ADB0000-0x00007FF94AECB000-memory.dmp	upx
behavioral1/memory/3984-1328-0x00007FF95B870000-0x00007FF95B897000-memory.dmp	upx
behavioral1/memory/3984-1327-0x00007FF95C300000-0x00007FF95C30B000-memory.dmp	upx
behavioral1/memory/3984-1326-0x00007FF95F400000-0x00007FF95F40D000-memory.dmp	upx
behavioral1/memory/3984-1325-0x00007FF95B6A0000-0x00007FF95B76D000-memory.dmp	upx
behavioral1/memory/3984-1323-0x00007FF95FBD0000-0x00007FF95FBDD000-memory.dmp	upx
behavioral1/memory/3984-1322-0x00007FF95B8A0000-0x00007FF95B8B9000-memory.dmp	upx
behavioral1/memory/3984-1321-0x00007FF94AED0000-0x00007FF94B3F2000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2_ttf.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2_mixer.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2_image.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\pyexpat.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI7482\portmidi.dll	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

TTDSCAMCLIENTV4.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsSYS = "C:\\Users\\Admin\\WindowsSystemUser\\TTDSCAMCLIENTV3.exe"	TTDSCAMCLIENTV4.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

36 discord.com
37 discord.com
38 discord.com
39 discord.com
32 discord.com
35 discord.com

flow	ioc
36	discord.com
37	discord.com
38	discord.com
39	discord.com
32	discord.com
35	discord.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

6340 taskkill.exe

pid	process
6340	taskkill.exe

Modifies registry class 5 IoCs

Processes:

taskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

Processes:

TTDSCAMCLIENTV4.exepowershell.exetaskmgr.exeTTDSCAMCLIENTV3.exepowershell.exe

pid	process
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
3984	TTDSCAMCLIENTV4.exe
1900	powershell.exe
1900	powershell.exe
1900	powershell.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
6556	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe
6556	TTDSCAMCLIENTV3.exe
6864	powershell.exe
6864	powershell.exe
6864	powershell.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

TTDSCAMCLIENTV4.exepowershell.exetaskmgr.exetaskkill.exeTTDSCAMCLIENTV3.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	3984	TTDSCAMCLIENTV4.exe
Token: SeDebugPrivilege	1900	powershell.exe
Token: SeDebugPrivilege	4704	taskmgr.exe
Token: SeSystemProfilePrivilege	4704	taskmgr.exe
Token: SeCreateGlobalPrivilege	4704	taskmgr.exe
Token: SeDebugPrivilege	6340	taskkill.exe
Token: SeDebugPrivilege	6556	TTDSCAMCLIENTV3.exe
Token: SeDebugPrivilege	6864	powershell.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

taskmgr.exe

pid	process
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe

Suspicious use of SendNotifyMessage 34 IoCs

Processes:

taskmgr.exe

pid	process
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe
4704	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

TTDSCAMCLIENTV3.exe

pid process

6556 TTDSCAMCLIENTV3.exe

pid	process
6556	TTDSCAMCLIENTV3.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

TTDSCAMCLIENTV4.exeTTDSCAMCLIENTV4.execmd.exeTTDSCAMCLIENTV3.exeTTDSCAMCLIENTV3.exe

description	pid	process	target process
PID 748 wrote to memory of 3984	748	TTDSCAMCLIENTV4.exe	TTDSCAMCLIENTV4.exe
PID 748 wrote to memory of 3984	748	TTDSCAMCLIENTV4.exe	TTDSCAMCLIENTV4.exe
PID 3984 wrote to memory of 1900	3984	TTDSCAMCLIENTV4.exe	powershell.exe
PID 3984 wrote to memory of 1900	3984	TTDSCAMCLIENTV4.exe	powershell.exe
PID 3984 wrote to memory of 4944	3984	TTDSCAMCLIENTV4.exe	cmd.exe
PID 3984 wrote to memory of 4944	3984	TTDSCAMCLIENTV4.exe	cmd.exe
PID 4944 wrote to memory of 4376	4944	cmd.exe	attrib.exe
PID 4944 wrote to memory of 4376	4944	cmd.exe	attrib.exe
PID 4944 wrote to memory of 1904	4944	cmd.exe	TTDSCAMCLIENTV3.exe
PID 4944 wrote to memory of 1904	4944	cmd.exe	TTDSCAMCLIENTV3.exe
PID 4944 wrote to memory of 6340	4944	cmd.exe	taskkill.exe
PID 4944 wrote to memory of 6340	4944	cmd.exe	taskkill.exe
PID 1904 wrote to memory of 6556	1904	TTDSCAMCLIENTV3.exe	TTDSCAMCLIENTV3.exe
PID 1904 wrote to memory of 6556	1904	TTDSCAMCLIENTV3.exe	TTDSCAMCLIENTV3.exe
PID 6556 wrote to memory of 6864	6556	TTDSCAMCLIENTV3.exe	powershell.exe
PID 6556 wrote to memory of 6864	6556	TTDSCAMCLIENTV3.exe	powershell.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

4376 attrib.exe

pid	process
4376	attrib.exe

C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe
"C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:748

C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe
"C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe"
2⤵
- Enumerates VirtualBox DLL files
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3984

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WindowsSystemUser\""
3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1900

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\WindowsSystemUser\activate.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:4944

C:\Windows\system32\attrib.exe
attrib +s +h .
4⤵
- Sets file to hidden
- Views/modifies file attributes
PID:4376

C:\Users\Admin\WindowsSystemUser\TTDSCAMCLIENTV3.exe
"TTDSCAMCLIENTV3.exe"
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1904

C:\Users\Admin\WindowsSystemUser\TTDSCAMCLIENTV3.exe
"TTDSCAMCLIENTV3.exe"
5⤵
- Enumerates VirtualBox DLL files
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:6556

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WindowsSystemUser\""
6⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6864

C:\Windows\system32\taskkill.exe
taskkill /f /im "TTDSCAMCLIENTV4.exe"
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:6340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=996,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
1⤵
PID:3320

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x49c
1⤵
PID:3076

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4704

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2.dll

Filesize
635KB

MD5
2b13a3f2fc8f9cdb3161374c4bc85f86

SHA1
9039a90804dba7d6abb2bcf3068647ba8cab8901

SHA256
110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6

SHA512
2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_asyncio.pyd

Filesize
37KB

MD5
86f7f73065bda9580336dc8803431880

SHA1
3d1dc06d25c4dc0e404d5d580bc5457507385f5a

SHA256
7856601b517c8f5755c899332b188d5f001b663092b83a783f23c4d45459ee7e

SHA512
e429b9e976d6a0eb30665cfa23ddd0adfa732f2be1c04c60c23be9d44a50bb059d9c4627198302eadf0bbe7d9d8da4e7d3ebcacac49679338660db11f3f32ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_bz2.pyd

Filesize
48KB

MD5
74bc4cb52e6b10983fdc2d40d611d8a4

SHA1
fc181a1167d77759781dc086e374f90c78930b7b

SHA256
57e4e02f82eeed869625e9e5e4f2d51f4f4819b24e04c8cee840d82133f2161a

SHA512
378c3fb1f8556cf2a3a0a5df5811903c1626a36fb5f6b52f719e3aa2e066fe1b7db83883f13bd57d5ff81a409919b9fafea0c1acb0980841bd62997a6b25b259

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_cffi_backend.cp312-win_amd64.pyd

Filesize
71KB

MD5
6e8500d570b12d9e76c94ad5a22b6f21

SHA1
702b6310c0fa791d3901a8372782c6bf387f1adb

SHA256
e320d83858d951b1dc97a8260e54d0c760706dd2d5471f22642926ec69881e04

SHA512
9cf0a44baebe4eb01f02d5596bbc7b4fd09ac81d4b345da3d52159226462f27abcbf6f6aab43f549a57ef34bf437c1f3e4b1fb78cd7a7bb5c1f291495d2dff58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_ctypes.pyd

Filesize
59KB

MD5
6e02d07340dfaea121a64bef762e0d67

SHA1
48b107a7391772ed849fd1f13a7d2eca9fc09593

SHA256
7035c88e2a0099785ef34f89275de92b34ef3299f01c816d844832c55701c3e3

SHA512
8790af18a4ac4a23f67c8c8e5db1217a399fe75519878e89da4faf87b08c8448aab42aa9ddf40087bc3e959a5490d861531637f3978b2ddcda4d727e60887b6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_decimal.pyd

Filesize
105KB

MD5
8eac90c1cae636ab7580c6643015bfef

SHA1
161e937f92b83937c2aff83f7c454359fb0e9d70

SHA256
05b05ff5e47e4cd1c3915db343fa651b95ff24af8f449b30de0b622e2b5623f6

SHA512
23a287b0e947dfe76b33dfec13c425271142e855cd73ccac8bf359b7e2efe6cbbc3ebf3650ca7e0b3f78afa0f754c5630efebece32f31a37a53f337484eb281c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_elementtree.pyd

Filesize
59KB

MD5
08230eec1b0c727abdd9ed8ff55510d1

SHA1
7c516ce20d63f6ac8fe7a2beb77fa7e74821b2e2

SHA256
b30f631998f3be67dea659282d869d92a6e77524d50fa5440da20bbbd7de4a72

SHA512
6c1c8db49a5b440ce2cbc0b8199f5721c619a81ecfd1d4ce5a8b903b4d497cdd8c0f363810ed8bd93b59063d21d355d2e553b5e2f34e47a0c831da809d5c00b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_hashlib.pyd

Filesize
35KB

MD5
800c591e0b72f72aba1e36ff8f1b02f4

SHA1
f3efa2bf569364de1ce055fcf653caf54acbe7bb

SHA256
e2c4c8f4c8cf2c1f568cbe33421c7ec58d5dc5b9ddacde34bb887540d7b0b8e0

SHA512
e288ec8cccc97d7eb0eb04c78416215e52afa163c354709300e675df9bef9f50e2ca9863ba1f47983f73d98652ce98f2d51e7860ed010adf1d991a9f562edfa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_lzma.pyd

Filesize
85KB

MD5
b5527d2f85ff0ef7c781447601c55e8e

SHA1
3c1f96424de9c6075d3dde9c2700027fe6dadb66

SHA256
67f56b6b023600b2ef2dac5b37c75d8df7197f3db714621055a2e37422316e27

SHA512
2ecaa3feda6669e541a9704c380bfa99580e2790795cacd626b3c99e906e698b42c62e7ee69bc48d1f4d3131a91901615b601523d0d95b2d9ba7ec6659a10a62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_multiprocessing.pyd

Filesize
27KB

MD5
543cf30483f615c86c24fa40f1ee7f4a

SHA1
3325ca7780b23355c3539dbd7706f847ed383696

SHA256
8e0a498120075d31402dc75837448ba4a94e2c1a49b47ef21c730b18808495ad

SHA512
228582bdc337a422aef8e95a2b3d1d7026165af71e93e60ca79bd8fa2c941fc8d55b5d324d683d0784a1f5ec25e8b65fdfc31e02c7bf40508ebadc777bc00f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_overlapped.pyd

Filesize
33KB

MD5
13352ea7b29511370cdda268ce2b6914

SHA1
ba8196fdef628bf414b18d2dc344eb6306c3ff20

SHA256
31cb0832bfdd291dbf0a1ffabc7f7d2daf54716ea26ffc610397903c021b79ae

SHA512
5fa72e56f46bdab4c73afd11dcd7665c4e76f1c158f03d5ac9e04d10054f1659ffda45d532103f9f36153ad4c1846ed832f0fde357261d44ffccc829c98a49a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_queue.pyd

Filesize
26KB

MD5
4a4d8bea8523bc27b7be3ad37433ad47

SHA1
8176d144c0606d8290b2cb381ecb51dd18dd667f

SHA256
f27f4970c4aa44c4f6b296bb61e5f0b9850f0f5433d2b2a0554885a572ddec20

SHA512
66a0502dde21c509297297e3fda99d97ce3ad92d9c362e85bff900bd44efc175317e78963064592983f334bbfb765be136b443b7bfa1019cd55eb7d432371b0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_socket.pyd

Filesize
44KB

MD5
31ccfef9e4b41f2c19041c601d1f01e3

SHA1
05d1fe595c7ed40dd7e85945f305a9d817f6aa31

SHA256
ebe8289a237ba92de57d7c7e978aa25e46f475980fda6f75b6ad72dbd84a000c

SHA512
7dee95a51c0bc57515bc04534d895d4fb1bdea92962c8c681b9780f46a5543d98b0976804fc7a19ba45116b27cbe18d98db3bc8f6b10db3ca836ed5dddd5d169

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_sqlite3.pyd

Filesize
57KB

MD5
5c5c151b06829601b91c0723ec6c7b7f

SHA1
438d08dcf190b635e3f136749d0fb622469c5031

SHA256
47554e09957b0f7e6cfca754145261f33022b178c65b5ea0ff387d2ef4932d91

SHA512
8fbdf025f0352355a68d704a98528da61f6ad0b091ca7811da8ad2e44b0ebf42e3cab8fd410ef1dfa28602c635ff1c3c196d9dd8e30dcc7e3292ad75c1d398b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_ssl.pyd

Filesize
65KB

MD5
81c0bd53e4313436a7aeb57a9d7474ac

SHA1
539f7b6ddf892d8b6e2d5a522a1fd31e2286549a

SHA256
d43be44713910444f6663376d5f8c2f5aa575e2e30325e7c5b8f72f09576ca02

SHA512
f449f349a0ada30d6fd85bb3105bcfca21b0b6fcaa1de186754d92eb61397e9bb43987c07608f52a74c411bf44cf84b1f1f070a5b30d1c7f9f5a6d9909610d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_tkinter.pyd

Filesize
38KB

MD5
c4ccd5030fc722cf60ee0c7efc1b5692

SHA1
ce49ba73f6b159f1e9e2b7edf0c9ccf445595b58

SHA256
efb96671fe9bc2eedc3f26741daa2a9b0f48f62c34588729d6e58a4485a8ad7d

SHA512
1f68e2af85c0568e6c192fb61ac58e59482b890077a08e31b587947c82ee86f8617c6f68bc4196b7efbfdec78929c0432260bbcffc91b2987b2f1ea3a4145931

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_uuid.pyd

Filesize
24KB

MD5
3c8737723a903b08d5d718336900fd8c

SHA1
2ad2d0d50f6b52291e59503222b665b1823b0838

SHA256
bb418e91e543c998d11f9e65fd2a4899b09407ff386e059a88fe2a16aed2556b

SHA512
1d974ec1c96e884f30f4925cc9a03fb5af78687a267dec0d1582b5d7561d251fb733cf733e0cc00faee86f0fef6f73d36a348f3461c6d34b0238a75f69320d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_wmi.pyd

Filesize
28KB

MD5
6bc9dc6488c6baff992d37f3e4dfd04a

SHA1
0197737d5fc9682411d46be774b905c3e4238cd8

SHA256
07ba7048b05d479d9bb4263a4e3b89e62fa80f2583c683d7664cb076014c23b8

SHA512
143d6a657e111e91fd953cc1b4f31c4dee18ef97b2aaa1065f9af878a2c8ec772b10effe8cf637c9231ad413e2104a74952ac359f72d2727c885c3c453279819

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\base_library.zip

Filesize
1.3MB

MD5
3909f1a45b16c6c6ef797032de7e3b61

SHA1
5a243f6c8db11bf401aeac69f4c2a0c6cd63b3a8

SHA256
56cce68da6a7ebd11aab4b4a4e6a164647b42b29ae57656532c530d1e22e5b44

SHA512
647e343eb9732150c0fd12c7142a960ede969b41d5a567940e89636f021f0c0b3249b6cfc99c732190085bcae7aa077f8ac52c8e7fe7817d48a34489f0cd5148

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
9KB

MD5
191c247b7e0543cc769718232ead35da

SHA1
e3f0be22199ff1f5cf131a12c1c7a58805f2fff5

SHA256
3d393309cbc6e88919c4fd472394d7c31f26f1709dffadd1c7e8895097e6cab3

SHA512
ad0316e9430308a05672e28050bf5c23bd2f7d81e7dc97e7926cd54a9fc0ba78ba904dee87b04688e7d0377ba69892a6cea7ab9f972c08e8d9da1d7c13693f97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libcrypto-3.dll

Filesize
1.6MB

MD5
f8076a47c6f0dac4754d2a0186f63884

SHA1
d228339ff131fba16f023ec8fa40c658991eb01f

SHA256
3423134795ab8fce58190ae156d4b5d70053bebe6c9a228bea3281855e5357fa

SHA512
a6d4144cbba4a26edf563806696d312d8a3486122b165aae2c1692defc2828f3ff6bd6a7f24df730ff11c12bc60ac4408f9475c19b543ed1116b0a5d3466300b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libssl-3.dll

Filesize
223KB

MD5
f4dd15287cd387b289143e65e37ad5ae

SHA1
f37b85d8e24b85eedda5958658cdaa36c4a14651

SHA256
6844483a33468eb919e9a3ef3561c80dd9c4cd3a11ad0961c9c4f2025b0a8dff

SHA512
8583692f19c686cbb58baaf27b4ab464d597025f1ff8596c51ec357e2f71136995b414807a2a84f5409f25a0798cb7c497ddb0018df3a96b75aba39950581a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\pyexpat.pyd

Filesize
88KB

MD5
7ea56bf06d270a0aa728819fd82bb528

SHA1
7a4baacb006d0fb6f93c831f52d306ef305c8a64

SHA256
18bae31b8adfe2ac706170df3f07722dd620e840b01e0d55db5171c0244be18b

SHA512
3cf1e8c298c0a5ba6d5b2e2b4d6774d1f6458c1b23c2cee37dbe10a990deeda0c191b5fcf6898fa113fe7812f780020df8683cb6ecc1e0749960d2804c9b3a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\python3.DLL

Filesize
66KB

MD5
77896345d4e1c406eeff011f7a920873

SHA1
ee8cdd531418cfd05c1a6792382d895ac347216f

SHA256
1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb

SHA512
3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\python312.dll

Filesize
1.7MB

MD5
f23aa992b8e0a301ec8f473d6b784f4b

SHA1
ee73a5da238341cb21a781a3ddcb187d1f971680

SHA256
0ddfba7779ebc44f2fa819a78b54bc730a5543274986e973beee024fab0ecfc6

SHA512
028abb66298fee6173d34f80940f5bdd3988a8373234f32a780ae93e155d90af191d85164077d9b76dc3651bda4d9902ccbfd03d37be3e9662006b65c3defb35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\select.pyd

Filesize
25KB

MD5
b97b2d725ce3832b4a264d419d191136

SHA1
c1d7c41807dce8b0fe9dfea19b041c22d4bcd3b6

SHA256
fee38fbe1edf76eff82278657dfe1a0c91cdc1024c8e97abc946e4b059c57371

SHA512
8fd04e3c505d3c556eb979d0b2eb3027f2f81bcd4864c0c47c868c67893e078bd024e2b6b90f2d2f43289bd6e3cb0d125a64c86634d89fd6b18bbad6233f8436

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\sqlite3.dll

Filesize
622KB

MD5
7322946b955c6add788db2b1c3709bdf

SHA1
a3261f30732762418d2392b012ee0fd0eeedb0dd

SHA256
cbc0ebe600b3b747b87b61ee33d42a12da4a423f913c87db08de6a7a5432e646

SHA512
ff1fe26a28d05f629e7b7a8a2324a854e2898efc73d2f6f5f50b4c8a3066a0025f1b7b2e8c624066a43f019cbafb62d5f04578d66f485fce45b7d4a1c9d46dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\tcl86t.dll

Filesize
651KB

MD5
d8d21c45429142d11afa87ac4e4b1844

SHA1
479360a69aed55ea34335f509bd1d06abd0193e1

SHA256
d6f817f67275cd587b1ad39055f4ead3812dc96c14010d834740388c98691d4e

SHA512
af12b41bd148ae5596b376b80a55f084b474fcd82444a0bf46afd3795f9a767b4c69e7452372fd8798ace58ab1d13d971c6c2c0997246d4b094d6d587487c37b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\tk86t.dll

Filesize
624KB

MD5
53d85aaa8044c66f3ff69d618ecfdf47

SHA1
a681e0a044594a66144e0a193599ff68446b8f05

SHA256
b69003b8c2f30ac0486fd383a1d28cbbeec4e156ef3c962f828f90663466c49e

SHA512
84f31734a3b92e374f819a86dcf3a55bd2e124b8e8eab2089d21f7b87b49aba64dbdb4bd9b1d1b395e507fd742969b567985f97b768a2fe684f5e1dc9139c717

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\unicodedata.pyd

Filesize
295KB

MD5
5f1548676f6bc141f7c7cd2bd642d0a1

SHA1
aa2540cfcaa375a59366e2a60c957f138954c3bd

SHA256
c8e4292dfc9a33968d01386d50fbae8dfebf48d38882f863c70835ae92c59fd0

SHA512
b7dab2334eb200390b62667b72d92c594661e0ecc4c1ea420576c00249c398a4cc0cd2efca99c34b9f35533de0fa64c4069b931811bd4cb066b2f354c08211d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vrf50jpz.pii.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/3984-1365-0x00007FF95BB70000-0x00007FF95BB7D000-memory.dmp

Filesize
52KB

Download
memory/3984-1389-0x00007FF9496D0000-0x00007FF949DC4000-memory.dmp

Filesize
7.0MB

Download
memory/3984-1333-0x00007FF95B230000-0x00007FF95B23B000-memory.dmp

Filesize
44KB

Download
memory/3984-1332-0x00007FF95B240000-0x00007FF95B24C000-memory.dmp

Filesize
48KB

Download
memory/3984-1331-0x00007FF95B250000-0x00007FF95B25B000-memory.dmp

Filesize
44KB

Download
memory/3984-1330-0x00007FF95BB70000-0x00007FF95BB7D000-memory.dmp

Filesize
52KB

Download
memory/3984-1329-0x00007FF94ADB0000-0x00007FF94AECB000-memory.dmp

Filesize
1.1MB

Download
memory/3984-1328-0x00007FF95B870000-0x00007FF95B897000-memory.dmp

Filesize
156KB

Download
memory/3984-1327-0x00007FF95C300000-0x00007FF95C30B000-memory.dmp

Filesize
44KB

Download
memory/3984-1326-0x00007FF95F400000-0x00007FF95F40D000-memory.dmp

Filesize
52KB

Download
memory/3984-1325-0x00007FF95B6A0000-0x00007FF95B76D000-memory.dmp

Filesize
820KB

Download
memory/3984-1323-0x00007FF95FBD0000-0x00007FF95FBDD000-memory.dmp

Filesize
52KB

Download
memory/3984-1322-0x00007FF95B8A0000-0x00007FF95B8B9000-memory.dmp

Filesize
100KB

Download
memory/3984-1321-0x00007FF94AED0000-0x00007FF94B3F2000-memory.dmp

Filesize
5.1MB

Download
memory/3984-1335-0x00007FF95B210000-0x00007FF95B21B000-memory.dmp

Filesize
44KB

Download
memory/3984-1336-0x00007FF95AEC0000-0x00007FF95AECC000-memory.dmp

Filesize
48KB

Download
memory/3984-1337-0x00007FF95AEA0000-0x00007FF95AEAE000-memory.dmp

Filesize
56KB

Download
memory/3984-1338-0x00007FF95AE90000-0x00007FF95AE9C000-memory.dmp

Filesize
48KB

Download
memory/3984-1339-0x00007FF95AC70000-0x00007FF95AC7C000-memory.dmp

Filesize
48KB

Download
memory/3984-1340-0x00007FF952480000-0x00007FF95248C000-memory.dmp

Filesize
48KB

Download
memory/3984-1341-0x00007FF95B9E0000-0x00007FF95B9EB000-memory.dmp

Filesize
44KB

Download
memory/3984-1342-0x00007FF95AEB0000-0x00007FF95AEBC000-memory.dmp

Filesize
48KB

Download
memory/3984-1344-0x00007FF95AC80000-0x00007FF95AC8B000-memory.dmp

Filesize
44KB

Download
memory/3984-1345-0x00007FF951E30000-0x00007FF951E3D000-memory.dmp

Filesize
52KB

Download
memory/3984-1343-0x00007FF95AC90000-0x00007FF95AC9B000-memory.dmp

Filesize
44KB

Download
memory/3984-1324-0x00007FF95B770000-0x00007FF95B7A3000-memory.dmp

Filesize
204KB

Download
memory/3984-1320-0x00007FF95B8C0000-0x00007FF95B8D5000-memory.dmp

Filesize
84KB

Download
memory/3984-1264-0x00007FF95F100000-0x00007FF95F125000-memory.dmp

Filesize
148KB

Download
memory/3984-1270-0x00007FF95C310000-0x00007FF95C329000-memory.dmp

Filesize
100KB

Download
memory/3984-1271-0x00007FF95B8E0000-0x00007FF95B90D000-memory.dmp

Filesize
180KB

Download
memory/3984-1350-0x00007FF94AD70000-0x00007FF94AD84000-memory.dmp

Filesize
80KB

Download
memory/3984-1349-0x00007FF951DD0000-0x00007FF951DE6000-memory.dmp

Filesize
88KB

Download
memory/3984-1348-0x00007FF94AD90000-0x00007FF94ADA2000-memory.dmp

Filesize
72KB

Download
memory/3984-1347-0x00007FF951E00000-0x00007FF951E0C000-memory.dmp

Filesize
48KB

Download
memory/3984-1346-0x00007FF951E10000-0x00007FF951E22000-memory.dmp

Filesize
72KB

Download
memory/3984-1351-0x00007FF94AD40000-0x00007FF94AD62000-memory.dmp

Filesize
136KB

Download
memory/3984-1357-0x00007FF95F100000-0x00007FF95F125000-memory.dmp

Filesize
148KB

Download
memory/3984-1356-0x00007FF94AA90000-0x00007FF94AAA9000-memory.dmp

Filesize
100KB

Download
memory/3984-1355-0x00007FF94AA20000-0x00007FF94AA31000-memory.dmp

Filesize
68KB

Download
memory/3984-1354-0x00007FF94AA40000-0x00007FF94AA8A000-memory.dmp

Filesize
296KB

Download
memory/3984-1353-0x00007FF94AAB0000-0x00007FF94AAC7000-memory.dmp

Filesize
92KB

Download
memory/3984-1352-0x00007FF94B400000-0x00007FF94BAD0000-memory.dmp

Filesize
6.8MB

Download
memory/3984-1358-0x00007FF94A9F0000-0x00007FF94AA0E000-memory.dmp

Filesize
120KB

Download
memory/3984-1359-0x00007FF94A990000-0x00007FF94A9ED000-memory.dmp

Filesize
372KB

Download
memory/3984-1364-0x00007FF94A730000-0x00007FF94A8A7000-memory.dmp

Filesize
1.5MB

Download
memory/3984-1363-0x00007FF94A8B0000-0x00007FF94A8D4000-memory.dmp

Filesize
144KB

Download
memory/3984-1362-0x00007FF94A8F0000-0x00007FF94A91E000-memory.dmp

Filesize
184KB

Download
memory/3984-1361-0x00007FF94A920000-0x00007FF94A949000-memory.dmp

Filesize
164KB

Download
memory/3984-1360-0x00007FF94A950000-0x00007FF94A989000-memory.dmp

Filesize
228KB

Download
memory/3984-1265-0x00007FF95FD30000-0x00007FF95FD3F000-memory.dmp

Filesize
60KB

Download
memory/3984-1366-0x00007FF94A6E0000-0x00007FF94A6F8000-memory.dmp

Filesize
96KB

Download
memory/3984-1383-0x00007FF94A4E0000-0x00007FF94A4EC000-memory.dmp

Filesize
48KB

Download
memory/3984-1382-0x00007FF94A4F0000-0x00007FF94A502000-memory.dmp

Filesize
72KB

Download
memory/3984-1381-0x00007FF94A510000-0x00007FF94A51D000-memory.dmp

Filesize
52KB

Download
memory/3984-1380-0x00007FF94A520000-0x00007FF94A52C000-memory.dmp

Filesize
48KB

Download
memory/3984-1379-0x00007FF94A530000-0x00007FF94A53C000-memory.dmp

Filesize
48KB

Download
memory/3984-1378-0x00007FF94A540000-0x00007FF94A54B000-memory.dmp

Filesize
44KB

Download
memory/3984-1377-0x00007FF94A550000-0x00007FF94A55B000-memory.dmp

Filesize
44KB

Download
memory/3984-1376-0x00007FF94A560000-0x00007FF94A56C000-memory.dmp

Filesize
48KB

Download
memory/3984-1375-0x00007FF94A570000-0x00007FF94A57E000-memory.dmp

Filesize
56KB

Download
memory/3984-1374-0x00007FF94A580000-0x00007FF94A58C000-memory.dmp

Filesize
48KB

Download
memory/3984-1373-0x00007FF94A590000-0x00007FF94A59C000-memory.dmp

Filesize
48KB

Download
memory/3984-1372-0x00007FF94A5A0000-0x00007FF94A5AB000-memory.dmp

Filesize
44KB

Download
memory/3984-1371-0x00007FF94A5B0000-0x00007FF94A5BC000-memory.dmp

Filesize
48KB

Download
memory/3984-1370-0x00007FF94A5C0000-0x00007FF94A5CB000-memory.dmp

Filesize
44KB

Download
memory/3984-1369-0x00007FF94A5D0000-0x00007FF94A5DC000-memory.dmp

Filesize
48KB

Download
memory/3984-1368-0x00007FF94A5E0000-0x00007FF94A5EB000-memory.dmp

Filesize
44KB

Download
memory/3984-1367-0x00007FF94A5F0000-0x00007FF94A5FB000-memory.dmp

Filesize
44KB

Download
memory/3984-1384-0x00007FF94A3A0000-0x00007FF94A3D4000-memory.dmp

Filesize
208KB

Download
memory/3984-1385-0x00007FF94AD40000-0x00007FF94AD62000-memory.dmp

Filesize
136KB

Download
memory/3984-1386-0x00007FF949DD0000-0x00007FF94A053000-memory.dmp

Filesize
2.5MB

Download
memory/3984-1388-0x00007FF94AA40000-0x00007FF94AA8A000-memory.dmp

Filesize
296KB

Download
memory/3984-1387-0x00007FF94AAB0000-0x00007FF94AAC7000-memory.dmp

Filesize
92KB

Download
memory/3984-1334-0x00007FF95B220000-0x00007FF95B22C000-memory.dmp

Filesize
48KB

Download
memory/3984-1390-0x00007FF94A680000-0x00007FF94A6D5000-memory.dmp

Filesize
340KB

Download
memory/3984-1391-0x00007FF948D40000-0x00007FF949020000-memory.dmp

Filesize
2.9MB

Download
memory/3984-1392-0x00007FF946C40000-0x00007FF948D33000-memory.dmp

Filesize
32.9MB

Download
memory/3984-1393-0x00007FF94A610000-0x00007FF94A627000-memory.dmp

Filesize
92KB

Download
memory/3984-1394-0x00007FF94A8B0000-0x00007FF94A8D4000-memory.dmp

Filesize
144KB

Download
memory/3984-1397-0x00007FF94A0F0000-0x00007FF94A112000-memory.dmp

Filesize
136KB

Download
memory/3984-1396-0x00007FF94A120000-0x00007FF94A141000-memory.dmp

Filesize
132KB

Download
memory/3984-1399-0x00007FF94A0C0000-0x00007FF94A0F0000-memory.dmp

Filesize
192KB

Download
memory/3984-1398-0x00007FF946BA0000-0x00007FF946C39000-memory.dmp

Filesize
612KB

Download
memory/3984-1395-0x00007FF94A730000-0x00007FF94A8A7000-memory.dmp

Filesize
1.5MB

Download
memory/3984-1403-0x00007FF946A30000-0x00007FF946AE2000-memory.dmp

Filesize
712KB

Download
memory/3984-1407-0x00007FF946A00000-0x00007FF946A21000-memory.dmp

Filesize
132KB

Download
memory/3984-1406-0x00007FF94A060000-0x00007FF94A07A000-memory.dmp

Filesize
104KB

Download
memory/3984-1405-0x00007FF946B50000-0x00007FF946B91000-memory.dmp

Filesize
260KB

Download
memory/3984-1404-0x00007FF94A080000-0x00007FF94A0B1000-memory.dmp

Filesize
196KB

Download
memory/3984-1402-0x00007FF946AF0000-0x00007FF946B04000-memory.dmp

Filesize
80KB

Download
memory/3984-1401-0x00007FF946B10000-0x00007FF946B2C000-memory.dmp

Filesize
112KB

Download
memory/3984-1400-0x00007FF946B30000-0x00007FF946B49000-memory.dmp

Filesize
100KB

Download
memory/3984-1408-0x00007FF946C40000-0x00007FF948D33000-memory.dmp

Filesize
32.9MB

Download
memory/3984-1410-0x00007FF946480000-0x00007FF94651E000-memory.dmp

Filesize
632KB

Download
memory/3984-1409-0x00007FF9465F0000-0x00007FF9469F5000-memory.dmp

Filesize
4.0MB

Download
memory/3984-1255-0x00007FF94B400000-0x00007FF94BAD0000-memory.dmp

Filesize
6.8MB

Download
memory/3984-1430-0x00007FF95F100000-0x00007FF95F125000-memory.dmp

Filesize
148KB

Download
memory/3984-1429-0x00007FF94B400000-0x00007FF94BAD0000-memory.dmp

Filesize
6.8MB

Download
memory/3984-1469-0x00007FF94AA20000-0x00007FF94AA31000-memory.dmp

Filesize
68KB

Download
memory/3984-1468-0x00007FF94AA40000-0x00007FF94AA8A000-memory.dmp

Filesize
296KB

Download
memory/3984-1466-0x00007FF94AAB0000-0x00007FF94AAC7000-memory.dmp

Filesize
92KB

Download
memory/3984-1465-0x00007FF94AD40000-0x00007FF94AD62000-memory.dmp

Filesize
136KB

Download
memory/3984-1464-0x00007FF94AD70000-0x00007FF94AD84000-memory.dmp

Filesize
80KB

Download
memory/3984-1463-0x00007FF94AD90000-0x00007FF94ADA2000-memory.dmp

Filesize
72KB

Download
memory/3984-1461-0x00007FF951E00000-0x00007FF951E0C000-memory.dmp

Filesize
48KB

Download
memory/3984-1460-0x00007FF951E10000-0x00007FF951E22000-memory.dmp

Filesize
72KB

Download
memory/3984-1459-0x00007FF951E30000-0x00007FF951E3D000-memory.dmp

Filesize
52KB

Download
memory/3984-1458-0x00007FF952480000-0x00007FF95248C000-memory.dmp

Filesize
48KB

Download
memory/3984-1457-0x00007FF95AC70000-0x00007FF95AC7C000-memory.dmp

Filesize
48KB

Download
memory/3984-1456-0x00007FF95AC80000-0x00007FF95AC8B000-memory.dmp

Filesize
44KB

Download
memory/3984-1454-0x00007FF95AE90000-0x00007FF95AE9C000-memory.dmp

Filesize
48KB

Download
memory/3984-1453-0x00007FF95AEA0000-0x00007FF95AEAE000-memory.dmp

Filesize
56KB

Download
memory/3984-1451-0x00007FF95AEC0000-0x00007FF95AECC000-memory.dmp

Filesize
48KB

Download
memory/3984-1450-0x00007FF95B210000-0x00007FF95B21B000-memory.dmp

Filesize
44KB

Download
memory/3984-1449-0x00007FF95B220000-0x00007FF95B22C000-memory.dmp

Filesize
48KB

Download
memory/3984-1448-0x00007FF95B230000-0x00007FF95B23B000-memory.dmp

Filesize
44KB

Download
memory/3984-1447-0x00007FF95B240000-0x00007FF95B24C000-memory.dmp

Filesize
48KB

Download
memory/3984-1446-0x00007FF95B250000-0x00007FF95B25B000-memory.dmp

Filesize
44KB

Download
memory/3984-1444-0x00007FF95BB70000-0x00007FF95BB7D000-memory.dmp

Filesize
52KB

Download
memory/3984-1443-0x00007FF94ADB0000-0x00007FF94AECB000-memory.dmp

Filesize
1.1MB

Download
memory/3984-1442-0x00007FF95B870000-0x00007FF95B897000-memory.dmp

Filesize
156KB

Download
memory/3984-1441-0x00007FF95C300000-0x00007FF95C30B000-memory.dmp

Filesize
44KB

Download
memory/3984-1435-0x00007FF94AED0000-0x00007FF94B3F2000-memory.dmp

Filesize
5.1MB

Download
memory/3984-1439-0x00007FF95B6A0000-0x00007FF95B76D000-memory.dmp

Filesize
820KB

Download
memory/4704-2741-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2740-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2739-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2755-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2754-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2753-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2752-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2751-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2750-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/4704-2749-0x0000029FDEE30000-0x0000029FDEE31000-memory.dmp

Filesize
4KB

Download
memory/6556-3889-0x00007FF94AF90000-0x00007FF94B05D000-memory.dmp

Filesize
820KB

Download
memory/6556-3891-0x00007FF95B9E0000-0x00007FF95B9EB000-memory.dmp

Filesize
44KB

Download
memory/6556-3890-0x00007FF95BB70000-0x00007FF95BB7D000-memory.dmp

Filesize
52KB

Download
memory/6556-3885-0x00007FF949C20000-0x00007FF94A142000-memory.dmp

Filesize
5.1MB

Download
memory/6556-3888-0x00007FF95B700000-0x00007FF95B733000-memory.dmp

Filesize
204KB

Download
memory/6556-3887-0x00007FF95F100000-0x00007FF95F10D000-memory.dmp

Filesize
52KB

Download
memory/6556-3886-0x00007FF95B740000-0x00007FF95B759000-memory.dmp

Filesize
100KB

Download
memory/6556-3879-0x00007FF94B060000-0x00007FF94B730000-memory.dmp

Filesize
6.8MB

Download
memory/6556-3883-0x00007FF95B780000-0x00007FF95B7AD000-memory.dmp

Filesize
180KB

Download
memory/6556-3882-0x00007FF95B870000-0x00007FF95B889000-memory.dmp

Filesize
100KB

Download
memory/6556-3881-0x00007FF95FBD0000-0x00007FF95FBDF000-memory.dmp

Filesize
60KB

Download
memory/6556-3880-0x00007FF95B890000-0x00007FF95B8B5000-memory.dmp

Filesize
148KB

Download
memory/6556-3884-0x00007FF95B760000-0x00007FF95B775000-memory.dmp

Filesize
84KB

Download