banload | 0ca3b1c2202d5107d74e28fca4a84a8da8fbe9799297ea82f016e9aecce3fdab

Analysis

max time kernel
94s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ezcd.exe
Size

8.5MB
MD5

98169506fec94c2b12ba9930ad704515
SHA1

bce662a9fb94551f648ba2d7e29659957fd6a428
SHA256

9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
SHA512

7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
SSDEEP

196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK

Score

10^/10

banload lumma downloader dropper evasion persistence privilege_escalation stealer trojan

Malware Config

Extracted

Family

lumma

https://unwielldyzpwo.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ezcd.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ezcd.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ezcd.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2904 set thread context of 452	2904	ezcd.exe	86

Executes dropped EXE 1 IoCs

pid	Process
2904	ezcd.exe

Loads dropped DLL 3 IoCs

pid	Process
2904	ezcd.exe
2904	ezcd.exe
2904	ezcd.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\uKvEfacvls\ = "BLleX`~\|e\\LRqmppFkrdU\|cpquDq"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\uKvEfacvls\ = "BLleT`~\|e\\LRqmppFkrdU\|cpquDq"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ProgID\ = "Word.Document.8"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\AuxUserType	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Conversion\ReadWritable\Main	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Conversion	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\GetSet\1\ = "1,1,1,3"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\GetSet\5	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\ygkwAttgnxl	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InprocServer32\15.0.0.0\Assembly = "Microsoft.Office.Interop.Word, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\gcgczzJru	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\wasbUnczpr	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InprocHandler32\ = "ole32.dll"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\DefaultFile	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Verb\1\ = "&Open,0,2"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\MfTtsYt\ = "lk_INzGR}dduRD{[ofqgLGwBd~AkZ@"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\MfTtsYt\ = "leaDka`jNsGC^BAe\x7fvpg]LvVRdb}N\\"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\GetSet\0	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DefaultExtension\ = ".doc,Word Document (.doc)"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DocObject	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Verb\1	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\skrdJUjxHz\ = "_CIfFAdDY\\w\\ikuNClFiSmkQhsP"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\skrdJUjxHz\ = "eVVSvVsyiLcFRx]~BLoVYlQJSqp"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\GetSet\0\ = "Embed_Source,1,8,1"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\GetSet\3	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Verb\0\ = "&Edit,0,2"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\gcgczzJru\ = "OH[VDCKejyHMYtSSFiCRbo_XPCd^SN"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\skrdJUjxHz	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\AuxUserType\3	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Conversion\Readable	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DefaultIcon	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\cWFuUdwz\ = "FjJf^L[xo^~]XSWYKWrIkeg~W@\x7f^xAdi"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\gcgczzJru\ = "g`A\|@sltvpMdaqyDvm{XTkcV@Mu_jk"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\AuxUserType\3\ = "Microsoft Word 97 - 2003"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\MiscStatus	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Version\ = "9"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\wasbUnczpr\ = "GnuVo\|]E@ggnIGbuQqk"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\uKvEfacvls\ = "Ft~F]c\x7fp[W}_T}UrLvAuCACHEMJZ"	ezcd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}\wasbUnczpr\ = "@KwiDDvrltl\x7fwyK~BXg"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}\	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\wasbUnczpr	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InprocServer32\RuntimeVersion = "v2.0.50727"	ezcd.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\{8934AEBA-278E-13D1-B2E4-0060975B8649}	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\AuxUserType\2\ = "Document"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\DefaultFile\ = "MSWordDoc"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\GetSet\3\ = "HTML Format,1,1,3"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InprocServer32\Assembly = "Microsoft.Office.Interop.Word, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\MiscStatus\ = "0"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Verb	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\skrdJUjxHz\ = "eVVSvVsyiLcFRx]bBLoVYEdBhvp"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Conversion\ReadWritable	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DataFormats\GetSet\2\ = "3,1,32,1"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\DefaultExtension	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InprocServer32	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cWFuUdwz	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Insertable	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\skrdJUjxHz	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Conversion\ReadWritable\Main\ = "MSWordDocx,MSWordDocm,MSWordDotx,MSWordDotm,MSWordOdt"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\LocalServer32	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Version	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\cWFuUdwz\ = "XYnHPl^KKBSuo]IludKqP\|dReaz]ZgYr"	ezcd.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\ProgramData\TEMP:8934AEBA	ezcd.exe
File opened for modification	C:\ProgramData\TEMP:8934AEBA	ezcd.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4996	ezcd.exe
2904	ezcd.exe
2904	ezcd.exe
452	more.com
452	more.com

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2904	ezcd.exe
452	more.com

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 2904	4996	ezcd.exe	85
PID 4996 wrote to memory of 2904	4996	ezcd.exe	85
PID 2904 wrote to memory of 452	2904	ezcd.exe	86
PID 2904 wrote to memory of 452	2904	ezcd.exe	86
PID 2904 wrote to memory of 452	2904	ezcd.exe	86
PID 2904 wrote to memory of 452	2904	ezcd.exe	86
PID 452 wrote to memory of 2848	452	more.com	88
PID 452 wrote to memory of 2848	452	more.com	88
PID 452 wrote to memory of 2848	452	more.com	88
PID 452 wrote to memory of 2848	452	more.com	88

C:\Users\Admin\AppData\Local\Temp\ezcd.exe
"C:\Users\Admin\AppData\Local\Temp\ezcd.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Users\Admin\AppData\Roaming\PatchTls\ezcd.exe
  C:\Users\Admin\AppData\Roaming\PatchTls\ezcd.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Suspicious use of SetThreadContext
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Windows\SysWOW64\more.com
    C:\Windows\SysWOW64\more.com
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:452
  - - C:\Windows\SysWOW64\SearchIndexer.exe
      C:\Windows\SysWOW64\SearchIndexer.exe
      4⤵
      PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Licenses\01D69EEBF42E950EA.Lic

Filesize
156B

MD5
fa3b8b5cd8eb57f81e50bb7fb176a799

SHA1
b2599d7761f1fdf7356ed0ac1227a0c1150a1ac6

SHA256
c0e036d0cca0cafc6c19d0dd59ac46257ee6707687e818aede584ec6df76749b

SHA512
25c56f66482024909f6cd43f9a16c5934b161ec8db4ae1944cb13d45def0dc3868bbbc5d5c55b774e983e896a7dfa3081a8375511f088e97e4bdb70b71af0ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\637f208b

Filesize
1.1MB

MD5
4924517461f6275ba7ea23f69aa4bd3b

SHA1
859d5fe44acfc52f66d6c097ad831a58830a899b

SHA256
c737a6c2cf8669224743cde28f68e5dc645a66080a36da7d1de35196032c799a

SHA512
8e7a44bb59634a04c2d2c206c10934ecb89f88292a86aebc237fb263fdd5cdaa314bed6e62a52542fc3b44860e17b9ef47bbf0922d119610afe76cae72b83351

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\ACDBASE.DLL

Filesize
2.9MB

MD5
dace23695dcfa0f7309b65366ac75bc0

SHA1
c5b1bad2dec36852fae90f81f0dbd00518479c01

SHA256
cf8b85beeff99b13d06ed15c79e555ab74e30dfa1491a36c4332f54ed09887e4

SHA512
0e1e5fc158fb39c3c3c7733226cb846407cd01ca1c49800fb7668134ebef129ab43030f2768a8b149b5ba9a18b2d1b0f8bf23d1a8de487a482e9268e0b679bbb

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\VCRUNTIME140.dll

Filesize
116KB

MD5
699dd61122d91e80abdfcc396ce0ec10

SHA1
7b23a6562e78e1d4be2a16fc7044bdcea724855e

SHA256
f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1

SHA512
2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\assured.doc

Filesize
36KB

MD5
a285fc5707d7197e033594c2964f4fd5

SHA1
2ef147d12ba18602e176937a364f215b1aa7dde7

SHA256
67d660868b2f5b271ffdeb59ac915f2c978a51495b51ec11a41ac376e8bc8a19

SHA512
aa4400f70471d3e698ca0d5fed1d83d9be3c13b5cd472ac43adfed82a71f2a0f2bc6aef9dda5167fb8a598446d48475dfc7907ac03d8f07cd16e999b56baa8e7

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\ezcd.exe

Filesize
8.5MB

MD5
98169506fec94c2b12ba9930ad704515

SHA1
bce662a9fb94551f648ba2d7e29659957fd6a428

SHA256
9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363

SHA512
7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\gripe.log

Filesize
867KB

MD5
9b85e3b3f633ea90014072dce70235b2

SHA1
96b4e72bd4bce885bcf86233b8eb86fea1204343

SHA256
67d8405ec6ee146f77ec9b0a431ba1cc42d38664b2b668a1583e7bf0dafec9d1

SHA512
8a1f5b377c4a0dc4582f9ddd063a373a15b898dfbc933360064e1c419a0148906777fd62d260e03db95f466229723e62fe04f09809a0ff8e68f50339bb3d5cf9

Download Submit
C:\Users\Admin\AppData\Roaming\PatchTls\libmmd.dll

Filesize
4.0MB

MD5
49f7afd53010fdce18e22ec9e4ee83b8

SHA1
cf5486d460b81aed957338c5c0c49e788cce2a87

SHA256
9e6d457f282e19fb0e0c80748f4827d77c9668ebecdff1c0e7e47b676c383126

SHA512
f6efb30d0c67302899d8ef037aa6d6c3f1227b7f35134418329dd39a062995722f677f2e52bc8958d1173b57ce6f3f137c3988be3259c9dcd7464e787108ddbf

Download Submit
memory/452-72-0x00007FFBD9430000-0x00007FFBD9625000-memory.dmp

Filesize
2.0MB

Download
memory/452-73-0x0000000077500000-0x000000007793C000-memory.dmp

Filesize
4.2MB

Download
memory/2848-75-0x00007FFBD9430000-0x00007FFBD9625000-memory.dmp

Filesize
2.0MB

Download
memory/2848-76-0x0000000000280000-0x00000000002EE000-memory.dmp

Filesize
440KB

Download
memory/2848-77-0x0000000000280000-0x00000000002EE000-memory.dmp

Filesize
440KB

Download
memory/2904-57-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2904-68-0x00007FFBD7720000-0x00007FFBD7B92000-memory.dmp

Filesize
4.4MB

Download
memory/2904-55-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2904-69-0x00007FFBD7720000-0x00007FFBD7B92000-memory.dmp

Filesize
4.4MB

Download
memory/2904-56-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2904-52-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2904-50-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2904-37-0x0000000003FA0000-0x0000000004188000-memory.dmp

Filesize
1.9MB

Download
memory/2904-59-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/2904-54-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4996-20-0x00007FFBD7720000-0x00007FFBD7B92000-memory.dmp

Filesize
4.4MB

Download
memory/4996-19-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4996-1-0x0000000003F70000-0x0000000004158000-memory.dmp

Filesize
1.9MB

Download
memory/4996-16-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4996-17-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4996-14-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4996-15-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4996-12-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4996-10-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download