banload | 0ca3b1c2202d5107d74e28fca4a84a8da8fbe9799297ea82f016e9aecce3fdab

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ezcd.exe
Size

8.5MB
MD5

98169506fec94c2b12ba9930ad704515
SHA1

bce662a9fb94551f648ba2d7e29659957fd6a428
SHA256

9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
SHA512

7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
SSDEEP

196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK

Score

10^/10

banload downloader dropper evasion trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ezcd.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ezcd.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ezcd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2828 set thread context of 1052	2828	ezcd.exe	31

Executes dropped EXE 1 IoCs

pid	Process
2828	ezcd.exe

Loads dropped DLL 12 IoCs

pid	Process
2840	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mutNvr\ = "Vo\|]E@ggnIGbuQqkgiAuJOAEiLtWru@"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\gQsxQbgd	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\nqttgjcKurbpP\ = "WrFfEipk@\x7f^xAdiFt~F]c\x7fp[W}_"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mEim	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mEim\ = "o_XPCd^SNFVBeaohEWN^juHFd\x7fiiS"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\nqttgjcKurbpP\ = "WrFfEipk@\x7f^tAdiFt~FQc\x7fp[W}_"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\gQsxQbgd\ = "OEBBccXYnHPl^KKBSuo]Ilu"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ViJq\ = "iB\\_CIfFAdDY\\w\\ikuNClFiS"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ViJq\ = "TkReVVSvVsyiLcFRx]~BLoVY"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\nqttgjcKurbpP	ezcd.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ShellFolder\Attributes = "114"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mEim\ = "kcV@Mu_jkbli\\[]mnPL@GdbSNaTLl"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mutNvr\ = "iDDvrltl\x7fwyK~BXgdtmJ@mfj\x7f`ZaAIc"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\nqttgjcKurbpP\ = "dK~]\\j\\Yaz]VgYrBLleT`~\|e\\LR"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\EkhcHiG\ = "q\x7flsz`"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ViJq\ = "iB\\_CIfFAdDY\\w\\ikuRClFiS"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\lhfn\ = "lk_INzGR}dduRD{[ofqgLGwBd"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\gQsxQbgd	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\txso\ = "qmppFkrdU\|cpquDqGnu"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ViJq\ = "TkReVVSvVsyiLcFRx]bBLoVY"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\lhfn	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\txso\ = "T}UrLvAuCACHEMJZ@Kw"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\EkhcHiG\ = "Yp\x7fs\x7f@"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\nqttgjcKurbpP\ = "dK~]\\j\\Yaz]ZgYrBLleX`~\|e\\LR"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\txso	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ViJq	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\EkhcHiG	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ajpjmdicocqO	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\EkhcHiG	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\EkhcHiG\ = "pEwHx@"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\lhfn	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ajpjmdicocqO	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\nqttgjcKurbpP	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\lhfn\ = "leaDka`jNsGC^BAe\x7fvpg]LvVR"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ajpjmdicocqO\ = "db}N\\g`A\|@sltvpMdaqyDvm{XT"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mEim	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\txso	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ViJq	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ShellFolder	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\mutNvr	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\EkhcHiG\ = "XJdH}`"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ajpjmdicocqO\ = "~AkZ@OH[VDCKejyHMYtSSFiCRb"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\gQsxQbgd\ = "\\nK\\pxFjJf^L[xo^~]XSWYK"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\{8934AEBA-278E-13D1-B2E4-0060975B8649}\mutNvr	ezcd.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\ProgramData\TEMP:8934AEBA	ezcd.exe
File opened for modification	C:\ProgramData\TEMP:8934AEBA	ezcd.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2840	ezcd.exe
2828	ezcd.exe
2828	ezcd.exe
1052	more.com
1052	more.com

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2828	ezcd.exe
1052	more.com

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2828	2840	ezcd.exe	30
PID 2840 wrote to memory of 2828	2840	ezcd.exe	30
PID 2840 wrote to memory of 2828	2840	ezcd.exe	30
PID 2828 wrote to memory of 1052	2828	ezcd.exe	31
PID 2828 wrote to memory of 1052	2828	ezcd.exe	31
PID 2828 wrote to memory of 1052	2828	ezcd.exe	31
PID 2828 wrote to memory of 1052	2828	ezcd.exe	31
PID 2828 wrote to memory of 1052	2828	ezcd.exe	31
PID 1052 wrote to memory of 2584	1052	more.com	33
PID 1052 wrote to memory of 2584	1052	more.com	33
PID 1052 wrote to memory of 2584	1052	more.com	33
PID 1052 wrote to memory of 2584	1052	more.com	33
PID 1052 wrote to memory of 2584	1052	more.com	33

C:\Users\Admin\AppData\Local\Temp\ezcd.exe
"C:\Users\Admin\AppData\Local\Temp\ezcd.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Users\Admin\AppData\Roaming\PatchTls\ezcd.exe
  C:\Users\Admin\AppData\Roaming\PatchTls\ezcd.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Suspicious use of SetThreadContext
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Windows\SysWOW64\more.com
    C:\Windows\SysWOW64\more.com
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:1052
  - - C:\Windows\SysWOW64\SearchIndexer.exe
      C:\Windows\SysWOW64\SearchIndexer.exe
      4⤵
      PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Licenses\01D69EEBF42E950EA.Lic

Filesize
156B

MD5
d0efff465a38dc74dfc2ab2a4b860b9e

SHA1
6d66a17589bb3077090fd8b4255389cb1b69b7d2

SHA256
c5c9e39a9709492727407893fba6c7151b558cc7ff31f3aa57870c439fd62bdd

SHA512
995abaa6e25cbadfb4296767688d17b851827a24897b412eeca95ccb8d38dfc71415279e7be066e76383e06085a29e1c1be2745c1395cb3cfe1b90889e533d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\21049b91

Filesize
1.1MB

MD5
3b74bc302af0536b153730dfa8613c5a

SHA1
bfdf7cf0b6ba82aaf4b7f0cfc4480ba0f93c5a0b

SHA256
af3d1226ef593827c1f73bbfa27c3523b21f95f0885eacb3b90eb4270e0d4239

SHA512
f875cca01dcdbd965a09e4036407137aad9dc51e774a049008263493c10336d5bda86c46e6c322577f62af1416df71f33f05b5958d78bab2b11ce105fa3bdaf2

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\ACDBASE.DLL

Filesize
2.9MB

MD5
dace23695dcfa0f7309b65366ac75bc0

SHA1
c5b1bad2dec36852fae90f81f0dbd00518479c01

SHA256
cf8b85beeff99b13d06ed15c79e555ab74e30dfa1491a36c4332f54ed09887e4

SHA512
0e1e5fc158fb39c3c3c7733226cb846407cd01ca1c49800fb7668134ebef129ab43030f2768a8b149b5ba9a18b2d1b0f8bf23d1a8de487a482e9268e0b679bbb

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\API-MS-WIN-CRT-STDIO-L1-1-0.DLL

Filesize
25KB

MD5
97f24295c9bd6e1acae0c391e68a64cf

SHA1
75700dce304c45ec330a9405523f0f22e5dcbb18

SHA256
189d551fb3cba3dbb9b9c1797e127a52ac486d996f0ac7cba864fe35984a8d28

SHA512
cac75f623545c41b2597a25c14f2af7eb93e3e768b345d3b0e1928d8fd1f12bec39b18b8277f9550aa6a66d9cfe1bf6c3db93ae1eb2a6c07019d4f210b3e5998

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\VCRUNTIME140.dll

Filesize
116KB

MD5
699dd61122d91e80abdfcc396ce0ec10

SHA1
7b23a6562e78e1d4be2a16fc7044bdcea724855e

SHA256
f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1

SHA512
2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
1a72e5f24214eb723e03a22ff53f8a22

SHA1
578d1dbfb22e9ff3b10c095d6a06acaf15469709

SHA256
fda46141c236a11054d4d3756a36da4412c82dd7877daad86cb65bf53d81ca1a

SHA512
530e693daecc7c7080b21e39b856c538bb755516aafdb6839a23768f40bcfc38d71b19586e8c8e37bb1c2b7a7c31fcb8e24a2315a8dd90f50fec22f973d86cb4

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
6b39d005deb6c5ef2c9dd9e013b32252

SHA1
79a0736454befd88ba8d6bd88794d07712e38a67

SHA256
b0e50572eb82a46ed499775e95bfde7cb25c498957432c18c20cf930f332efd0

SHA512
50bc1f669499589a480379d72166dae701914427d51223994d63a0363420ca6fdde07010803270a62451afea9e4ae55206d8a4c00ca4680e7a9120cd33f99a0f

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
d282a4fa046d05d40d138cc68c518914

SHA1
d5012090399f405ffe7d2fed09650e3544528322

SHA256
8b1471101145343da5f2c5981c515da4dfae783622ed71d40693fe59c3088d7a

SHA512
718926e728627f67ba60a391339b784accd861a15596f90d7f4e6292709ac3d170bcbca3cbf6267635136cb00b4f93da7dfd219fa0beee0cf8d95ce7090409e4

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
8ed70910380aa0b28317512d72762cc0

SHA1
0421518370f24f9559f96459d0798d98b81ea732

SHA256
f15af0db93d9385ff9d8efdc06aacd0729d0dfcb66e91ca0243bb160f2ed89d0

SHA512
b31ef07eaac310fdd3df3546246e7dc696595b8e92141e3db79a44ddc3358b12129e3829a53c76d0fef214e3f29dba77fa5d556211830a140ea34ff62258d9d7

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\assured.doc

Filesize
36KB

MD5
a285fc5707d7197e033594c2964f4fd5

SHA1
2ef147d12ba18602e176937a364f215b1aa7dde7

SHA256
67d660868b2f5b271ffdeb59ac915f2c978a51495b51ec11a41ac376e8bc8a19

SHA512
aa4400f70471d3e698ca0d5fed1d83d9be3c13b5cd472ac43adfed82a71f2a0f2bc6aef9dda5167fb8a598446d48475dfc7907ac03d8f07cd16e999b56baa8e7

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\gripe.log

Filesize
867KB

MD5
9b85e3b3f633ea90014072dce70235b2

SHA1
96b4e72bd4bce885bcf86233b8eb86fea1204343

SHA256
67d8405ec6ee146f77ec9b0a431ba1cc42d38664b2b668a1583e7bf0dafec9d1

SHA512
8a1f5b377c4a0dc4582f9ddd063a373a15b898dfbc933360064e1c419a0148906777fd62d260e03db95f466229723e62fe04f09809a0ff8e68f50339bb3d5cf9

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\libmmd.dll

Filesize
4.0MB

MD5
49f7afd53010fdce18e22ec9e4ee83b8

SHA1
cf5486d460b81aed957338c5c0c49e788cce2a87

SHA256
9e6d457f282e19fb0e0c80748f4827d77c9668ebecdff1c0e7e47b676c383126

SHA512
f6efb30d0c67302899d8ef037aa6d6c3f1227b7f35134418329dd39a062995722f677f2e52bc8958d1173b57ce6f3f137c3988be3259c9dcd7464e787108ddbf

Download Submit
\Users\Admin\AppData\Roaming\PatchTls\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
9f812bd3815909e559b15cb13489f294

SHA1
df751c956f59b4e3c82496d86895adc7cc1a1619

SHA256
ce6fcc2ddf21720c92bee04f5736a4787acffa970a1b0dbeea39ff5efec52c75

SHA512
0a360e8b81bf80cb6bdf240d627ddcf71b1a4ca42759de61b2d27fab521a8e6e3afa308cc69caf5a7c8b14d98d3d448f0d400ae1826cbe7d0f0ceafd14682064

Download Submit
\Users\Admin\AppData\Roaming\PatchTls\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
9d136bbecf98a931e6371346059b5626

SHA1
2466e66bfd88dd66c1c693cbb95ea8a91b9558cd

SHA256
7617838af1b589f57e4fe9fee1e1412101878e6d3287cdc52a51cd03e3983717

SHA512
8c720c798d2a06f48b106a0a1ef38be9b4a2aebe2a657c8721278afa9fdbab9da2a672f47b7996ca1ce7517015d361d77963c686e0ae637a98c32fd75e5d0610

Download Submit
\Users\Admin\AppData\Roaming\PatchTls\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
6d35a57a6d8d569f870b96e00e7f1f4d

SHA1
8407bdb3cd5ec15b2ce738b3dbd704aa289ce3e1

SHA256
f41511e477a164eb9451ca51fb3810437f3b15f21e6f5c6ce0956e84ec823723

SHA512
4317b86d32ca93e5f0d832819cf1ab8af68e853a19eb07dd1fa4d168a0b2a8eab309194884ed3a613b09fc6d511be872a053f76f00ea443499006cdd226fea8f

Download Submit
\Users\Admin\AppData\Roaming\PatchTls\ezcd.exe

Filesize
8.5MB

MD5
98169506fec94c2b12ba9930ad704515

SHA1
bce662a9fb94551f648ba2d7e29659957fd6a428

SHA256
9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363

SHA512
7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30

Download Submit
memory/1052-91-0x00000000778D0000-0x0000000077A79000-memory.dmp

Filesize
1.7MB

Download
memory/1052-92-0x00000000771E0000-0x000000007737D000-memory.dmp

Filesize
1.6MB

Download
memory/2584-96-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2584-94-0x00000000778D0000-0x0000000077A79000-memory.dmp

Filesize
1.7MB

Download
memory/2584-95-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2828-40-0x0000000003D60000-0x0000000003F48000-memory.dmp

Filesize
1.9MB

Download
memory/2828-51-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2828-67-0x0000000004AB0000-0x0000000004EAA000-memory.dmp

Filesize
4.0MB

Download
memory/2828-88-0x000007FEFF400000-0x000007FEFF5D7000-memory.dmp

Filesize
1.8MB

Download
memory/2828-57-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2828-59-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2828-56-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2828-53-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2828-60-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2828-55-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2828-87-0x000007FEFF400000-0x000007FEFF5D7000-memory.dmp

Filesize
1.8MB

Download
memory/2840-19-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2840-15-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2840-13-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2840-17-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2840-10-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2840-16-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2840-14-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2840-20-0x00000000046C0000-0x0000000004ABA000-memory.dmp

Filesize
4.0MB

Download
memory/2840-22-0x000007FEFF400000-0x000007FEFF5D7000-memory.dmp

Filesize
1.8MB

Download
memory/2840-0-0x0000000003D90000-0x0000000003F78000-memory.dmp

Filesize
1.9MB

Download