purelogstealer | b9acc01291f8d96d040f8658dd9c7c5f71b5afad96f701b555b3c4576eaf7c29

Analysis

max time kernel
149s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fvp_setup_5.2.0.21fi.exe
Size

108.9MB
MD5

43f097184e5afed165103aef4f43e45f
SHA1

3ad46bd322154b5405a3462451eee97a998edf30
SHA256

b9acc01291f8d96d040f8658dd9c7c5f71b5afad96f701b555b3c4576eaf7c29
SHA512

9c8eb22ad99ac245f4c8571c9c656b932b301302083c0811bedd110f8a246ae77fdf4425eb46a87da48c0514ea24719a4812b254eff9df4a78ccf017aa54a8e5
SSDEEP

3145728:n48uz5HYa2pWDyyh32HPElESyyqNa574EyV:n4RtUYySnuypBl2

Score

10^/10

purelogstealer discovery stealer

Malware Config

Signatures

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 6 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3644-3895-0x000001B47BF00000-0x000001B47C03A000-memory.dmp	family_purelog_stealer
C:\Program Files (x86)\File Viewer Plus 5\WW.dll	family_purelog_stealer
C:\Program Files (x86)\File Viewer Plus 5\WW.Pdf.dll	family_purelog_stealer
behavioral1/memory/3644-3973-0x000001B481B40000-0x000001B481B62000-memory.dmp	family_purelog_stealer
C:\Program Files (x86)\File Viewer Plus 5\WW.GL.dll	family_purelog_stealer
behavioral1/memory/3644-3971-0x000001B483D10000-0x000001B483D46000-memory.dmp	family_purelog_stealer

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

fvp_setup_5.2.0.21fi.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\de\DevExpress.XtraRichEdit.v23.2.resources.dll	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\IM_MOD_RL_kernel_.dll	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\libgcc_s_seh-1.dll	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\es\is-S2HF7.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\is-0UGVC.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Image\ExifTool\Lang\is-8MJ33.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\is-L25JM.tmp	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\fr\DevExpress.Diagram.v23.2.Core.resources.dll	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\is-ANRMI.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\html\TagNames\is-LQKKP.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Image\ExifTool\is-TNV5I.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-707P8.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-52C6I.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-9P6C6.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\images\is-URKEL.tmp	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\it\DevExpress.RichEdit.v23.2.Core.resources.dll	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Math\BigInt\is-UOSVA.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-R1LUD.tmp	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\System.Data.SQLite.dll	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\is-0NH37.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\it\is-7I212.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\dictionaries\is-27GSI.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\html\TagNames\is-NKHC9.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Math\is-HATRS.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-8QJEC.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\images\is-MLUCI.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\images\is-44NHC.tmp	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\DevExpress.DataVisualization.v23.2.Core.dll	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Image\ExifTool\Lang\is-DHOJM.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-Q1GDL.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-5POIK.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\fr\is-55RS2.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\html\TagNames\is-H5PDM.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-0NFJQ.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\is-B3DVI.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\images\is-N5E27.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\is-HF22J.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\File\HomeDir\is-7Q5N8.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Term\is-3VQFE.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Test\is-8NFRH.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-RCK73.tmp	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\CORE_RL_libraw_.dll	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\IM_MOD_RL_cals_.dll	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\fr\is-91R6H.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\html\TagNames\is-GQDVO.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\is-JP3HR.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\pl\is-VDR8B.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\config_files\is-U84V8.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\Image\ExifTool\is-11EGI.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-K0Q04.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-AO68Q.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-69AP5.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\is-IH783.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\html\TagNames\is-2FUJM.tmp	fvp_setup_5.2.0.21fi.tmp
File opened for modification	C:\Program Files (x86)\File Viewer Plus 5\lib\av\avcodec-59.dll	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\fr\is-B3P26.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\fr\is-680N6.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\config_files\is-EVE0P.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\lib\File\HomeDir\is-0N0VM.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-R2H28.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-Q13HL.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-QLL4M.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\images\is-79FQ5.tmp	fvp_setup_5.2.0.21fi.tmp
File created	C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\images\is-8SE9C.tmp	fvp_setup_5.2.0.21fi.tmp

Drops file in Windows directory 64 IoCs

Processes:

mscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exe

description	ioc	process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\1a856cd8b4506b84f967fb416431e03d\System.ComponentModel.DataAnnotations.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv14b62006#\a6837987d5f7f99c049c36b10f7fae63\System.ServiceModel.Activation.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsForm0b574481#\e7e5492e56749d080c562b5e820efe7f\WindowsFormsIntegration.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c44-0\System.IdentityModel.Selectors.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6ec-0\WW.GL.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11b8-0\System.ServiceModel.Activities.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\137c-0\System.Web.RegularExpressions.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\1e6e4f724b2b37ef0ce0d52cbab78ab7\System.Data.Entity.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Idena7b556ff#\cfd88bf4734e54f19fb28eba3abccabb\System.IdentityModel.Selectors.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\210-0\ReachFramework.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12a8-0\DevExpress.Office.v23.2.Core.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\8d4-0\System.Data.SQLite.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bc4-0\System.Numerics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DevExpress.25e5f28e#\6f0ae8e5428d99c09af59da506c2222b\DevExpress.XtraEditors.v23.2.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\a2c74e59241b0d472b42fa009dcf3049\System.Xaml.Hosting.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DevExpress.88b66ae3#\29593586348d63ef1e1b9915d3efe358\DevExpress.Sparkline.v23.2.Core.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e2c-0\System.ServiceModel.Activation.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c88-0\WW.License.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10a0-0\WW.Pdf.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12b0-0\Microsoft.WindowsAPICodePack.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DevExpress.5757c117#\980eb2b5cb6579bf71458f05f54a1e3f\DevExpress.DataAccess.v23.2.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\TrIDEngine\772e149fb11431fd79de457ea5b6c14b\TrIDEngine.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10e0-0\System.Deployment.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\RemObjects.930b4b3f#\b88a5442a148aaad5d9c667364b1c163\RemObjects.Hydra.Host.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\6f69c2900b13ef16144a4dd218db8baf\System.Runtime.Caching.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1208-0\DevExpress.Printing.v23.2.Core.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\fvp5\043df4c105f9f28324904790efed33e0\fvp5.ni.exe.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1d0-0\System.Activities.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\WW.Cad\b0f2efa519647dbc057d1d84d6373b44\WW.Cad.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\WW.License\ff7033ecb81d53c6c9b45d4aedea059b\WW.License.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DevExpress.ae41b966#\5ff8459795b13305a1dfd5984e611aa8\DevExpress.XtraLayout.v23.2.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\99c-0\System.Data.SqlXml.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\dc-0\Microsoft.Build.Framework.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1d0-0\System.Runtime.InteropServices.RuntimeInformation.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\WW\d9abe1adeed16bf7425a208b78352fe7\WW.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\c9d532d5040768732fdbb078eb294563\Newtonsoft.Json.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1178-0\DevExpress.XtraLayout.v23.2.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b50-0\System.Web.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a80-0\System.DirectoryServices.Protocols.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\8d4-0\System.Web.ApplicationServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Acti2661942e#\954549281df8a4267220799c1c4b3005\System.Activities.DurableInstancing.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\580-0\UIAutomationClient.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6ec-0\SMDiagnostics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b14-0\System.EnterpriseServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a84-0\SevenZipLib.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DevExpress.49c4b707#\80183f81eb393f86a757c7a0a31179ba\DevExpress.Printing.v23.2.Core.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\822e3c418ff74738e06afde50a8c707a\PresentationUI.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DevExpress.ffe6caf4#\8545c7c215cd2608a742e3c27ae9dc1b\DevExpress.Utils.v23.2.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\2d4-0\DevExpress.XtraEditors.v23.2.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\588-0\Patagames.Pdf.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b98-0\System.Data.Linq.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\13b0-0\DevExpress.Drawing.v23.2.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b14-0\System.EnterpriseServices.Wrapper.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cf0-0\DevExpress.Pdf.v23.2.Drawing.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d30-0\RemObjects.Hydra.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d48-0\WW.Cad.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\7e76b1fb4198734d8af8f5d806b99864\SMDiagnostics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\f78-0\WindowsFormsIntegration.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DevExpress.2845c53e#\aceb3a0962f8372846b01a48356d3cbd\DevExpress.XtraBars.v23.2.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b8c-0\System.Runtime.Caching.dll	mscorsvw.exe

Executes dropped EXE 2 IoCs

Processes:

fvp_setup_5.2.0.21fi.tmpfvp-optimize.exe

pid process

4060 fvp_setup_5.2.0.21fi.tmp
4944 fvp-optimize.exe

Loads dropped DLL 64 IoCs

Processes:

fvp_setup_5.2.0.21fi.tmpmscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exe

pid	process
4060	fvp_setup_5.2.0.21fi.tmp
3644	mscorsvw.exe
3644	mscorsvw.exe
3644	mscorsvw.exe
3644	mscorsvw.exe
4220	mscorsvw.exe
400	mscorsvw.exe
3012	mscorsvw.exe
4320	mscorsvw.exe
2460	mscorsvw.exe
4180	mscorsvw.exe
4320	mscorsvw.exe
464	mscorsvw.exe
1772	mscorsvw.exe
1772	mscorsvw.exe
2896	mscorsvw.exe
2356	mscorsvw.exe
2836	mscorsvw.exe
2956	mscorsvw.exe
2896	mscorsvw.exe
4988	mscorsvw.exe
1716	mscorsvw.exe
1716	mscorsvw.exe
2896	mscorsvw.exe
3628	mscorsvw.exe
4128	mscorsvw.exe
2260	mscorsvw.exe
3628	mscorsvw.exe
4536	mscorsvw.exe
2688	mscorsvw.exe
5040	mscorsvw.exe
220	mscorsvw.exe
2464	mscorsvw.exe
2464	mscorsvw.exe
2464	mscorsvw.exe
4552	mscorsvw.exe
2464	mscorsvw.exe
2464	mscorsvw.exe
2556	mscorsvw.exe
2556	mscorsvw.exe
2556	mscorsvw.exe
2968	mscorsvw.exe
2748	mscorsvw.exe
2748	mscorsvw.exe
2748	mscorsvw.exe
2748	mscorsvw.exe
2748	mscorsvw.exe
4436	mscorsvw.exe
4436	mscorsvw.exe
4436	mscorsvw.exe
4436	mscorsvw.exe
3140	mscorsvw.exe
3140	mscorsvw.exe
3140	mscorsvw.exe
3140	mscorsvw.exe
4128	mscorsvw.exe
704	mscorsvw.exe
704	mscorsvw.exe
3628	mscorsvw.exe
3628	mscorsvw.exe
3628	mscorsvw.exe
3628	mscorsvw.exe
3628	mscorsvw.exe
3628	mscorsvw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

fvp-optimize.exefvp_setup_5.2.0.21fi.exefvp_setup_5.2.0.21fi.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fvp-optimize.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fvp_setup_5.2.0.21fi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fvp_setup_5.2.0.21fi.tmp

Modifies registry class 64 IoCs

Processes:

fvp_setup_5.2.0.21fi.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.ari\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.cam\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.dcr\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.ptx\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.wve	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.fvp\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.iwb	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.ora\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.a2l\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.bz2	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.dct	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.dot\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.dwg\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.htk\ = "Hidden Markov Model Toolkit Audio"	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.csv\DefaultIcon\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\",1"	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.dot\shell\open\command\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\" \"%1\""	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.flv\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.mp3	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.sgi\ = "Silicon Graphics Image File"	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.xar\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.cbl\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.h263\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.jp2\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.pdf\ = "Portable Document Format File"	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.qt\shell	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.vdw\shell\open\command\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\" \"%1\""	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.cpio\shell	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.h263\ = "H.263 Video"	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.mvi\DefaultIcon	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.nsi\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.xcf\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.bz2\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.cdxl\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.dds	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.deskthemepack\ = "Windows Desktop Theme Pack"	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.msg\shell\open\command\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\" \"%1\""	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.ac3\DefaultIcon	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.hpp	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.roq\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.wbmp	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.cab\shell\open\command\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\" \"%1\""	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.dss\DefaultIcon	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.ra\shell\open	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.tga\shell\open\command\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\" \"%1\""	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.v\DefaultIcon	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.dotx\DefaultIcon	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.nuv\DefaultIcon	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.pvf\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.wtv\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.deskthemepack\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.heic	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.hs\DefaultIcon\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\",1"	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.jp2\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.tgv\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.docx	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.emlx\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.erl\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.act\DefaultIcon\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\",1"	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.nsv	fvp_setup_5.2.0.21fi.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.ott\shell\open\command\ = "\"C:\\Program Files (x86)\\File Viewer Plus 5\\fvp5.exe\" \"%1\""	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.smk\shell\open\command	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.3gp\shell	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fvp5.document.msg\shell\open	fvp_setup_5.2.0.21fi.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\fvp5.document.vb	fvp_setup_5.2.0.21fi.tmp

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 20 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

fvp_setup_5.2.0.21fi.tmp

pid process

4060 fvp_setup_5.2.0.21fi.tmp
4060 fvp_setup_5.2.0.21fi.tmp
4060 fvp_setup_5.2.0.21fi.tmp
4060 fvp_setup_5.2.0.21fi.tmp
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

fvp_setup_5.2.0.21fi.tmp

pid process

4060 fvp_setup_5.2.0.21fi.tmp

description	flow	ioc
HTTP User-Agent header	20	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

fvp_setup_5.2.0.21fi.exefvp_setup_5.2.0.21fi.tmpfvp-optimize.exe

description	pid	process	target process
PID 3900 wrote to memory of 4060	3900	fvp_setup_5.2.0.21fi.exe	fvp_setup_5.2.0.21fi.tmp
PID 3900 wrote to memory of 4060	3900	fvp_setup_5.2.0.21fi.exe	fvp_setup_5.2.0.21fi.tmp
PID 3900 wrote to memory of 4060	3900	fvp_setup_5.2.0.21fi.exe	fvp_setup_5.2.0.21fi.tmp
PID 4060 wrote to memory of 4944	4060	fvp_setup_5.2.0.21fi.tmp	fvp-optimize.exe
PID 4060 wrote to memory of 4944	4060	fvp_setup_5.2.0.21fi.tmp	fvp-optimize.exe
PID 4060 wrote to memory of 4944	4060	fvp_setup_5.2.0.21fi.tmp	fvp-optimize.exe
PID 4944 wrote to memory of 3132	4944	fvp-optimize.exe	ngen.exe
PID 4944 wrote to memory of 3132	4944	fvp-optimize.exe	ngen.exe

C:\Users\Admin\AppData\Local\Temp\fvp_setup_5.2.0.21fi.exe
"C:\Users\Admin\AppData\Local\Temp\fvp_setup_5.2.0.21fi.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Users\Admin\AppData\Local\Temp\is-PEI05.tmp\fvp_setup_5.2.0.21fi.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PEI05.tmp\fvp_setup_5.2.0.21fi.tmp" /SL5="$601D8,113586505,146432,C:\Users\Admin\AppData\Local\Temp\fvp_setup_5.2.0.21fi.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Users\Admin\AppData\Local\Temp\is-5B785.tmp\fvp-optimize.exe
    "C:\Users\Admin\AppData\Local\Temp\is-5B785.tmp\fvp-optimize.exe" "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" "C:\Program Files (x86)\File Viewer Plus 5\fvp5.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4944
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files (x86)\File Viewer Plus 5\fvp5.exe"
      4⤵
      PID:3132
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1c8 -InterruptEvent 0 -NGENProcess 1b8 -Pipe 1c4 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:3644
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 268 -Pipe 254 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4220
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 0 -NGENProcess 278 -Pipe 280 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2460
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 0 -NGENProcess 268 -Pipe 2b0 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:400
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 268 -Pipe 278 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:3012
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 270 -Pipe 290 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4320
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 2c0 -Pipe 2ac -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4180
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 0 -NGENProcess 268 -Pipe 2c8 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:464
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 288 -Pipe 284 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:1772
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 0 -NGENProcess 2c0 -Pipe 270 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:2356
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 2d4 -Pipe 27c -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2896
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 250 -Pipe 2a4 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2836
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 250 -Pipe 2e0 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2956
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2dc -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4988
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 29c -Pipe 300 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:1716
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f4 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:3628
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 304 -Pipe 30c -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:4128
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 318 -Pipe 2f8 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2260
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 318 -Pipe 328 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4536
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 304 -Pipe 2c0 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2688
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 0 -NGENProcess 2fc -Pipe 28c -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:5040
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2cc -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:220
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 0 -NGENProcess 268 -Pipe 2a0 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:2464
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 304 -Pipe 2e4 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:4552
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 334 -Pipe 314 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2556
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 334 -Pipe 348 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:2968
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 0 -NGENProcess 320 -Pipe 344 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:2748
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 334 -Pipe 33c -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:4436
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2d4 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:3140
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 334 -Pipe 338 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:4128
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 34c -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:704
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 31c -Pipe 2c4 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:3628
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 320 -Pipe 340 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4536
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 330 -Pipe 2e8 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:464
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 0 -NGENProcess 304 -Pipe 288 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4616
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 0 -NGENProcess 330 -Pipe 2f0 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:5040
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 32c -Pipe 318 -Comment "NGen Worker Process"
        5⤵
        
        PID:3516
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 324 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:1896
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 2fc -Pipe 2d8 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3524
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 320 -Pipe 268 -Comment "NGen Worker Process"
        5⤵
        
        PID:4896
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 334 -Pipe 250 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3312
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 334 -Pipe 360 -Comment "NGen Worker Process"
        5⤵
        
        PID:4640
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 36c -Pipe 364 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3676
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 36c -Pipe 37c -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4560
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 378 -Pipe 370 -Comment "NGen Worker Process"
        5⤵
        
        PID:1588
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 388 -Pipe 334 -Comment "NGen Worker Process"
        5⤵
        
        PID:1800
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 378 -Pipe 38c -Comment "NGen Worker Process"
        5⤵
        
        PID:1380
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 17c -Pipe 368 -Comment "NGen Worker Process"
        5⤵
        
        PID:4368
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 17c -Pipe 398 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:528
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4764
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 31c -Pipe 35c -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:1408
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 380 -Pipe 3a0 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:724
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 17c -InterruptEvent 0 -NGENProcess 380 -Pipe 374 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:2312
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 380 -Pipe 3a4 -Comment "NGen Worker Process"
        5⤵
        
        PID:2972
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 330 -Pipe 394 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:464
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 31c -Pipe 388 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3644
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 3a8 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3376
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 390 -Pipe 330 -Comment "NGen Worker Process"
        5⤵
        
        PID:696
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3b4 -Pipe 384 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3400
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 17c -Pipe 358 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:2580
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3ac -Pipe 3bc -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3208
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 17c -InterruptEvent 0 -NGENProcess 2d0 -Pipe 350 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4256
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 3b8 -Pipe 304 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:1772
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3ac -Pipe 36c -Comment "NGen Worker Process"
        5⤵
        
        PID:244
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 320 -Pipe 3cc -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4776
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 3c0 -Pipe 3c4 -Comment "NGen Worker Process"
        5⤵
        
        PID:1132
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 3c0 -Pipe 378 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4784
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 320 -Pipe 308 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3960
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 2ec -Pipe 2d0 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:2692
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 310 -Pipe 320 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4436
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 3c0 -Pipe 31c -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:1416
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 3ac -Comment "NGen Worker Process"
        5⤵
        
        PID:3012
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 3c0 -Pipe 354 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:2260
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3c0 -Pipe 3dc -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:4472
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 3c0 -Pipe 3e8 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:2460
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 3c0 -Pipe 3d8 -Comment "NGen Worker Process"
        5⤵
        
        PID:1120
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 2ec -Pipe 3e0 -Comment "NGen Worker Process"
        5⤵
        
        PID:4504
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 3b4 -Pipe 3f4 -Comment "NGen Worker Process"
        5⤵
        
        PID:2880
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3f8 -InterruptEvent 0 -NGENProcess 3f0 -Pipe 3d0 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:436
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 0 -NGENProcess 17c -Pipe 32c -Comment "NGen Worker Process"
        5⤵
        
        PID:4144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\File Viewer Plus 5\Aspose.Diagram.dll

Filesize
4.4MB

MD5
11bdb66d4f08e2d10574435e4efde3a3

SHA1
14d2d9b85c2001f0ec33e6139306c64309f85ce8

SHA256
2793964399d44e3e5d4ee4050f2c55316f6628d657b2d14eae7f6a9521af274f

SHA512
3e1ab4e62ebe71787e90ff150d5389ed265a092be12cda87fad7665c06337cad64c7a1d7a8c734093f867b52d22b966ed006c9fe3fee2de233fbf41e8c5bfed7

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Aspose.Email.dll

Filesize
8.6MB

MD5
4fa7b251e609d6816ab0b5fe68ec4846

SHA1
951a4e41702110ad08b6ac553465ff6fd1065e56

SHA256
e92176a072dec6e78eab8b88d1e7bd2c7e89c7b0e23dbe2c17dd6120a4d05d7b

SHA512
65dd3ab166d6a2ecbb8e91c85298dc0e077b781f87a21a25ac0a6d2cff2fdf02812ba8cb2d8be18b3e34713ba28c2fabdd0c69217addf0624f6190c6564a5b88

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Aspose.Slides.dll

Filesize
23.1MB

MD5
8fff32e0df306298466f1bd033dd10fe

SHA1
5653a6e903bae9a69c05bb47d168bcdaa660e305

SHA256
895366c708d460d1d7241af0ad6b91c84d88eee96aca9476f00321a668416d20

SHA512
9664cf556642a564ea0f822b0429cbcaeb4f292ea2160be7e49704879d1b202a4fa3af68f1dfb0ff5197f1bbe73c2298a3ac0096bcea1f6388e7917596fb1c77

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Aspose.Tasks.dll

Filesize
5.9MB

MD5
22b6e610392ada93788a35f1b5f9e836

SHA1
1a61d6b665d3441aa1184aa5bbbf4d7fc622a0bb

SHA256
2d4b1656849cdc56990e7359497f5e2e7f503ff0b2b670b0f3abdbfec2a3f424

SHA512
f255b9abb5f55abfc1cdb23d4811e3aa79df23f616c04cff32d37fd863429b9fd7264fbf4c0e19bb5a59f9be588fc82df178c1627124787b2d97ff7812b6d1af

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Charts.v23.2.Core.dll

Filesize
1.0MB

MD5
8dc7d4445ef5629e095b43627f96de1f

SHA1
215197155eb0d9a5ef1d05b5116dad9393336b10

SHA256
43ee525dea5631deac52f5510083ffb099624b325664ce8b7dab7ace52c7991a

SHA512
bfaf88c0e16184d92f1e1e72a88f88c73a9a40cc53b91a02e3e919bebb462487305cd8e33e27295621d51308b20a0918bff117cb766a774c33d09a84ec991552

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Data.Desktop.v23.2.dll

Filesize
973KB

MD5
a348a61d6cc5b58ebe53cf91d558b010

SHA1
c6649142dab7a3785cc8df50d72141b5a81c2a1d

SHA256
8c9152fa7943145c84e0ff0118bc287cf50701e1cac09a9fbeb5eaffb1c2e2da

SHA512
7a5a378a520afeb7a910857f01bc3be98738d2cbb8f3ad910f6b47ef9230b9b41f74f79d88636a38733eef0bad018c8009a9218bb71a327b10549b60d4c93bfb

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Data.v23.2.dll

Filesize
5.3MB

MD5
04a8cd2f92d07ac953f8d41c3424e563

SHA1
0b2c68bef316b83d93fd27431a53d2bfaf41dc4b

SHA256
f10e30b694a94c0833fc4d4cda89e77d185a6285a7c05a9a1c302de5cd53dba8

SHA512
56cefaf64db1753bff581ff5b99b90672413c1d2aef104c4ce479c87aea4b037e160e1af49aaf7038d2d64a09f8cd8af9246487740746516ce73b55ef1a35653

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.DataAccess.v23.2.dll

Filesize
2.6MB

MD5
6dec30338ee2e630ac664e6e2e026d9d

SHA1
aef9220d7ad0d1a9788c97faee46e4a8119a87a1

SHA256
7743e8abbf69127aabf0a2ebd1801a523cc22862780cacadba25865e85668bd2

SHA512
d7b93725931768b73159901a4e6d3da25baa35e7c31f16e13ac7bedee113018b2d737fb65724bb0c2f304b9626d19015f8a3e2873d1c9f2260075a865fe36072

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.DataVisualization.v23.2.Core.dll

Filesize
79KB

MD5
28cb491b973e37d9e4a70d8e1600ae1c

SHA1
6abc499625016b1a2b121c9d0545bdab83a25521

SHA256
3881e765cb4a7df50e6ffa9a56410e835df1756b13da0d718b984e4f1103ed91

SHA512
bb59471da11da5b5502ce51430728ae2702666519624c40a8e27f9c65ab58ac9a756c8914d58cf316b9d2cd709374e72da75070cfe8bf04c14db2e38eaa3c62e

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Docs.v23.2.dll

Filesize
4.0MB

MD5
b819154cc0384d067ffd00a2c0dd2fb7

SHA1
f92c3df89be1232b331e3ad0c6941008ec87afeb

SHA256
9a51f5fa53b376976f2b5f930f6cea2be1a6dfda47d601c99bc37a11976041d3

SHA512
d1048d49f6c9fb66ed132b432a40a1663786a1fa43b7a37a7fa2c56133bb3dfa894a2b65427fcc9a592252e628226037e2fbe050727e5de758a82b059e2c5b64

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Drawing.v23.2.dll

Filesize
978KB

MD5
d1f5ba22c14aa55afde7255a66abadd1

SHA1
e90385d9d97f7836661e852b4504dff9be86dfaa

SHA256
a6750e1bf60125dfdd03da2c0411f2fdf637e4b69ee56ffd3ba284263cdc180f

SHA512
7ada3860b2bf0693f4163fddb9de4b974180a9cee5b7e236ef465267817fd7d5de3041e2ebb8f4e32aef65e65566fd52d800fcbd7449382f50df3685ea71ab12

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Images.v23.2.dll

Filesize
8.4MB

MD5
4879c3d9bb4c15f8f2885b7a1cfa5e1d

SHA1
61fc6d97eaadd568d925ba04016505eb02f63f20

SHA256
20766687a48decdde05ccba12860d66836497408963f4bc4f09a77440807388f

SHA512
a1b514dd25c2b01b3cb4cc8a1b805d5ecd7d0136bc192ffc12e5ededd25296477252012e3d53d31bbb3200392a0a0186e5bf65ae2b13c617b48efcbbfc666148

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Office.v23.2.Core.dll

Filesize
3.5MB

MD5
a83aced4e94ba91217619cef0ab876d6

SHA1
de32f20e84d971a74e32ef3cb4b29daac024d8c8

SHA256
dd7550979b8a6a271103437e2ced3c89083a42a03b5a1b166bebf2668784f0f2

SHA512
004f3c7c8319bac6e9fe2b46fd2cfbb2c4248da1d233f3a7637d32be108fd40e9152d10a31a55d73164bb3bb03c02ee4bf9c2f76eed171efb58fa26cb3a9d615

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Pdf.v23.2.Core.dll

Filesize
4.9MB

MD5
eb9f3af643cb8b9efde32efd94e84653

SHA1
9db27ec9e7d18bc8208f9bf7159ff6029eeff002

SHA256
8704929922999cc60764b6b11995ea84fa97f9f30ad06069b66de9f351b9a35b

SHA512
b7a41c339891b723ca735bcd56554a060cad02229c10e561c254d4151981d3a821e8313558f311806f26fd698b9b4d82d7a156bfb546a005adeff9a3df4b9538

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Pdf.v23.2.Drawing.dll

Filesize
516KB

MD5
4303aa29fbd78927390a29838cb8325b

SHA1
e30a844d97677e1e2b0e6ca74854a7210d722e4b

SHA256
3aeafb2eecca4f81a87e28a083779e1ece9f825b18ede4606350c55f37ff8a74

SHA512
12824412044b8192f2a446589420c69b227d1074601036eb3bbd013e579d468e949a9df278591736f2f90db5da4b23cd1922ada2f4a8891d2e6720773f7d4415

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Printing.v23.2.Core.dll

Filesize
4.4MB

MD5
2c3d6fed2b112138597d86ed7e4ff65e

SHA1
4e8c6b318d9b4d895464cf828746627c0109532f

SHA256
2bb7b1cd744d6f76b24651852fb8c6e868b8b9be291d7f324063e993a7b9ae53

SHA512
e1228b8dc495fd6f215ba94da2c2f46512d1e5365ef724f824fe51f0b61fe8bc820f0635115c8f325da28d38f03c37204c11c74087dbf5af906f0a436e7ad323

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.RichEdit.v23.2.Core.dll

Filesize
8.6MB

MD5
f8b519b6c63c5aca50caa479cdb6fd06

SHA1
63665bbbb1ab227b2404f41ea722075e1c403844

SHA256
50a094c67dc0da4805f8c5bd8e48cd2337bfd5b86049f8734913f9b59742380d

SHA512
333911fcf2dd954e7e54abc86d43f3f5374c75a0e341f858e2c16df3c96bff84a8fbdfe71d9a7ea7da050e1f9c754141bc9f8cefa308e13fbab1af0f2ae4345a

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Sparkline.v23.2.Core.dll

Filesize
94KB

MD5
5279791ae2865421b53be7071a21a37f

SHA1
f0d97443f10a5b436467eb96ddd8995cf72f16f1

SHA256
995e8f4d795b330ca270a02af7b80947be50beb5190f16f97e82660b45fe8723

SHA512
f1e8a3bc5910ae65a72c360431e2a666fb9639539d5b783af967b5024ee4ca5931779de2de8369403266ef87e0bffc9fa836aed5bbaf053383114d51519bd007

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.SpellChecker.v23.2.Core.dll

Filesize
1.2MB

MD5
7f1ce4a7dbe15bb0493b1734bdf2b2b2

SHA1
f396a2832ab9cb108b339855d9ba78b4e61f3ad7

SHA256
82a151ee846516265facefd8fb596809a1525824da5350b36c965d963441dbdb

SHA512
0bfa815be2ed63d1e4bd0904cb5f63ef972325770ca11a710414cc35da097c8998e1e040ba8f6b75f61ebf74415ed1e8f98cceb4b53ae35b1126ceb201dee142

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Spreadsheet.v23.2.Core.dll

Filesize
15.3MB

MD5
e83b52e91f8123af8646964bbf1d24f5

SHA1
1c979906161e81773b474ccdfe2a4bea3c8e4600

SHA256
a97798c54acca6aaddcb2d002ab51d378fc9d6a734d9053a8a12689d2ac7f6e1

SHA512
5c7a95d63bf75bf2bc752df6bb75362d86e609444a0bddeb73c702943ceb86b48245c4dff049e24799e21ebb661b6cb65214744c9dfd1620c0977d27f68a6ec9

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.TreeMap.v23.2.Core.dll

Filesize
40KB

MD5
4540f4d77f6d4bb033af1470e23aca6b

SHA1
f4efffdb52ea4499ed075cb06bfda10a3fdccbeb

SHA256
efa88020457243e2ea03b96c9957e3ca88c47a2faef2582fd3a6b0919c710b7e

SHA512
0fb3ffa96a4712ff5b1cf9003058b858ab060219fa4a8cfd1e2609ee22a2d3dcf40ffd97d996bbaa4ee751a1b823b8eac5327d71e78abde52bd06e4fc75394e2

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Utils.v23.2.dll

Filesize
19.5MB

MD5
6cfc7782691add5af53d27f552fb39e5

SHA1
ecb00bf22941c02c725c470d501d2b152ce3e52b

SHA256
0d2490e2430a5216b96016db4aa28f0ae1eed5973d95223d25f362d484ca699c

SHA512
fed82cf664f641f46f48275ea7f9a936abdf59fb51f5960f30b9b4a163ef70c03ed86647b7787b578b7471c1d826de075d71dfef218954d0a921d83524739595

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.Xpo.v23.2.dll

Filesize
2.2MB

MD5
9f8bdf144172fe279dd166d6cf6052cb

SHA1
6685c939e931cf593478ac1a2b1593488e09faba

SHA256
a090efd7f7a5f13a83e12eb475b494ab790281dc3d2a5dff5f72a340609383d2

SHA512
edd31cf079f4ae32714e52ee323a9c499b47188b9cc42a5c392538646d4bc73451b080929396d0f2b3549fa997efa1d18af4c0e2afbedc1bd73abd272c0c1b87

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraBars.v23.2.dll

Filesize
6.7MB

MD5
a8db635f701d093966b719d381630067

SHA1
8c1cc3784017aef593f058fc1a54d5a784e42029

SHA256
3785573819f52809302d9809e110e2fd0db94eb8eb1cf6ff23ad0d83d544e34d

SHA512
fc8f8500816e1c43be33444c3828af98cab4c6dae2914cdc141d22b623d0f2cb3d3f7071a5e626dae5f3e3607f95bb91ca6ca5f09283f03bfcbcadecf5b5a9fe

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraCharts.v23.2.dll

Filesize
5.2MB

MD5
e796da977791b525f4e247024472b56e

SHA1
188a8d699645c8829a48f579ca4871ba74172291

SHA256
cc5d61779643db8d029ca2d07299e9ce2b1ab37d278ab14b824762cf6f826881

SHA512
e38cbf6961b0c527fe5620d20b3fc72fcf499f8a467eecfbfbde0c23b326be580840a7e0190b6bb0f44350beca9cab0fbfdf235e083730cb20c5bcd53b51acb6

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraEditors.v23.2.dll

Filesize
7.8MB

MD5
f881af750c0f0ad4bd146e3c844e1d97

SHA1
e8f19ba5d327a83fda1ef88ec84c0ded969fc900

SHA256
7ca38293792c02a1ba95c2170d0956bebb7be2cb4ac2467ccf6b1f2845c82f20

SHA512
f949668134c1d50ba655ef4a7898d29655aaab4c974ea4433f5b54468470f1909cf9d2d239970f27c9382e666e1b283f2f2f5ff978c31b031c1f207e60258bbd

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraGrid.v23.2.dll

Filesize
3.7MB

MD5
c684066446b6f4368b8c52d8b729ff06

SHA1
9960f6ab9bef25cd5728e73649f5380b73bfbef4

SHA256
346ab00e7c7246f82c465532cad6cfc927277e016ee58921647a59a217445f0f

SHA512
a342f5b140f1d8ca61047d1b1fb98f9da5dcc5acd007c44facbf01073c7d9b20ceb495846600fcea05c576c233b02730202c4280da7e7ca08e456f0fc2b8cbec

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraLayout.v23.2.dll

Filesize
2.1MB

MD5
7b8090cf5e9183a55a296ac62888993e

SHA1
a56f162f31a0dd317155ab41fcd0dd1002207364

SHA256
430245beb667884a381e69c2f843751118529fd2d10c7de24f6de9245f74a4b4

SHA512
8a26f829d6516a21cd4801dfc2f76bca11edfd3430ee174321d54f628fc1f8ebec9c1a5a0f1a147751fa1a9d13d83b71e409b48acfef1bab022528b830265e2a

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraPrinting.v23.2.dll

Filesize
1.1MB

MD5
32920652782997c0b1c4639983b10a9b

SHA1
4ab197ac6ca21364232422ffd766e0073bf236b9

SHA256
d04c7fb5657e2d8adcb568b4435e121afff5aa3999ba55c7f7845af5ea7ae550

SHA512
dc50bbca680c4a87757e020fa21c4ec3e2a25df79144921306fd27a203980abd373b9b61b6e24d5a5bb5de8d0823f3cf5bcc1d79c26f880c6e920ecbbbc4672a

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraRichEdit.v23.2.dll

Filesize
3.0MB

MD5
0561c0c6261f660e633181d35c621f8d

SHA1
e954aec694584b34c41b701600aebbe17e6a28a2

SHA256
90ff4fe7b05bb168efe5afd567d0d106adb66111e74cb0060ade93f1b8afeff0

SHA512
7d4565a0f12a661072a967e28d629326d54a4541ebb10bf6cda0315ced5a7e8bf4029cbd2922f01eeb2bcefb0e6dcfdaca2a7deda0736baf2c21a904dd0b7a6b

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraSpellChecker.v23.2.dll

Filesize
263KB

MD5
e25d03dbf8c6cc4bb6e5ef9c7c316211

SHA1
08f5d84913ccac731ff2d14d4027e43c3420a3fc

SHA256
feea7c8e1cae48d7fa2478759751c502f0eb504cc5c888cd7d4cb3484b8ac675

SHA512
673c07b83d6468e2d5d153ed80c8d6387ed177c0320bea932b73321631d74c30c20aa066a320d2d86c02de590e9a24b0e3c7b40b2a03a61aeae777140a842a7e

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraSpreadsheet.v23.2.dll

Filesize
4.9MB

MD5
4c051f3cbe29b02b84f5cee847c718a8

SHA1
6d09caf817ba357ca04715613d0bfbd999bbfe93

SHA256
b9e4a6657385d4775ab3e32df4c09079bfa56b09be2f8facd6abecb97d645c59

SHA512
17bf6bb27be45231fbace54ebbcf8e2ddeb9631ba6fbc9a5a11b8513f4c2d3ddf48ce9eee6d0b161aee930137cf66dbc317b42e3970233619dd9d4a323bbf6af

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraTreeList.v23.2.dll

Filesize
1.6MB

MD5
415af7031496a2b7cd7ed873c5d9a1c8

SHA1
4288c64b0e88f73c3e0f0d98864dcef941121a30

SHA256
dbb504c9d9cec11bf1b7c3dce100ffca50622d2e10b056af746279d454df254d

SHA512
1d6851d79d2a5d76651441f5824cf71de3afcf691e72e78f19c169de18103cede3c6685631a3305a71567e4ab9afe3cfc594eed508ed73c5bfa1b86c08af7667

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\DevExpress.XtraTreeMap.v23.2.dll

Filesize
275KB

MD5
2ea40d79d5d64a9425bcf491652246bf

SHA1
ee3149c601b15c29817e7ac101aed4b3e93d5c99

SHA256
0c4338d6adc5b9ed3ecda8c8fcb9cdceb36f603d2a72bec9980d87934b34c20d

SHA512
940a36313b70ebea8e5bc1acf7b33abbadbe4da0d0f1b1c286f156656ddbe16f4a6bbb2a96a614fb669fce770412805ea5b90b07a819265d75daa32eddd94515

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\IEvolution2.dll

Filesize
446KB

MD5
2b9c6fb42b5124f4f5354257adb2b369

SHA1
002cef7dd77078d2811718b16b271533a947104d

SHA256
d9631a1da5a13f4f52b7272728c7e07f602811358fdec5e6828aa6424e14097f

SHA512
19f487c0eb57ea9d7d8788c044f8df4778349f7b3ab076be5d4700b61128e7080482ab196afe4068af6bf02c35939c21b1335aeb0b752f743395c3140c10668d

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Microsoft.WindowsAPICodePack.Shell.dll

Filesize
529KB

MD5
54fe9a2748c4a0f282d4ec91e3cadc16

SHA1
970b783a697d893ecd4916dd86b5ff7574896c9e

SHA256
e6fa9d9e34ff3bf63ce782654b14e4b54a3abd1022c87bc099032c2948157672

SHA512
c7d567e3c039f98f3a99249b2d9bc2186c34efd73eec421331732d2307a8af940911381e27b015f58d0f65871bb4b038cc0f27d3fa495acd08994226bb033b7f

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Microsoft.WindowsAPICodePack.dll

Filesize
96KB

MD5
0d661949ebc172dfb3c3b98566bdf0fe

SHA1
c400a3d279b9b2ed8f5cfca0b3a8c342ea64d9e1

SHA256
808e96f59e7dd2212eace049079d25545f6c9c3f05244ec9cdc539fda18d34d6

SHA512
7baf43c4ae7709d91cdd2f70dfceb1db881d0d7c89c673fb166294d56a0eafff056128b605be20e0ad304f9392235403441a3b17a3c2f785a4e81931b40e0abd

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Newtonsoft.Json.dll

Filesize
647KB

MD5
5afda7c7d4f7085e744c2e7599279db3

SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261

SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Patagames.Pdf.WinForms.dll

Filesize
221KB

MD5
815ce3221f64ed9072d0f9787759e985

SHA1
7427b407aa2b21e6e6d58efa1f165f89b57cf81d

SHA256
6a08783418259bc3a14a1a9a61ab8eb71970131f26305978dfa7be3ac2ec33c9

SHA512
0b6b9183f6ce3304739e280ec758e085752bcbdc617cdbc83fc686fdb20455afb07388988c6838965e327a93521aa94333d56c7143b4bd2ea3ea43c94c4c0bd7

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\Patagames.Pdf.dll

Filesize
673KB

MD5
7ed4897ade946c4b264aefca3590ac14

SHA1
831158a359535197fe7ef725de40acb90f63a435

SHA256
890a4f9e2ca5ed74606690bd2efa2625be6b91a9b19f3859cc2b84c5e77e28e5

SHA512
c803f771090c09026f643009dc1f425c4cc38e3f09f9cd220a2908a0ac9ff4d781f4cc9049beab688d12c860fb2edafbbe7703701a4f746689f60008bb4c9bc6

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\RemObjects.Hydra.Host.dll

Filesize
92KB

MD5
297c4003f044c1c24c57af33e918327b

SHA1
7991b82dd1cac83b3a081bfad13696e914fd460a

SHA256
b3afca87a94cb338e254412ec3c93c412a49650cfcd1714c249e61bc811dd3ce

SHA512
b350487fdab819e5dd53b5359042d7e07a319266c45985cffd9a6b8b1c4b77ddb276d3c696bef6ec81ac49bed911e0f8a111a6a376370b9dc687f5290526974c

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\RemObjects.Hydra.dll

Filesize
52KB

MD5
b4b0eabdec0ba5c521de85a527e44ee9

SHA1
8a8b3d64750e801f8367cdfc0b9fe1f3d84b4834

SHA256
f83273932535c9b24e70ac507773a4f60c3001d4fd7564a1ab7aa1ee251b8d70

SHA512
24e71de88a4636a081769e30f3f9b897cc83c22361f5158de5bbefc1b6ef5ccf4db490cb0c3b76bc4142c9279c4117b3e9434493fdc8c192233f6af1565ea19f

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\SevenZipExtractor.dll

Filesize
30KB

MD5
ef9027b0c5836a1e4180ab000cfb30e4

SHA1
7197a33294b6290d50d30ec3f39c925d74178b28

SHA256
e5c7f62d36a298fb80aca242d744f60ac10d0fa00cdc4143a8ff90a1cdd6ad9b

SHA512
b54b1e6fa5d65266b9033cddbd5574fdd99fcdfd0bc841198e9c32601e5891a99aa5f58c68a288453fbc1d08f743e406548d3960aaf0ce833543b62ab24aff29

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\SevenZipLib.dll

Filesize
81KB

MD5
d4d4cdcf3f87f4d22a55488d5f56b58b

SHA1
dcd5e100e87ad3b27ec8141f0345f3a5882e6c01

SHA256
35f5c8beba6b3ab48b54ae9b1141162cf4197462763b17e33c8639f12d1d09b0

SHA512
f303c4ce363bdf5087feab818ec7c09b82565c47bd8c4ab3f05bc266bfbf9064df1aec7f46354bbd33ae660ed1d87a6517b79066577e86b566e19d47cfb341e3

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\System.Data.SQLite.dll

Filesize
337KB

MD5
66a3d16000dae771fb5cd00d33344e8d

SHA1
d33a5ea4f0241001240332c6ba663405d26e6672

SHA256
54b105ff8ad7aac149e4f42615a37a063fec7ce9b3edd2cd6cdec1eb6c57e2c0

SHA512
9ee8213a39aebf99a2068b3fc23b228b93a8e76061ae6011e8efd11451eaac2e992ae3537a9714ed046f4fd8e23b9ac01ec56e47e8fd1c402f5f88b91f8bc44a

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\TrIDEngine.dll

Filesize
24KB

MD5
17639204fe99abb8e039d61472b2ae8a

SHA1
e2bcf1750c85f9bbd42ddb700fdeca4b0a01be98

SHA256
b9c9740bd92848f3e98e08095059e6b161a9b30a3e67d71ca86eb13f609a99ad

SHA512
f12a18217c485ceab11f982361243b224d2ea5e1ece43d94939e5f0c183baa7c0a93a703403ead7e053fdbff0d10a8df911dd56e21fb1d76f744ae9ca6aa5a7b

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\WW.Cad.dll

Filesize
3.4MB

MD5
53c8841da0b61445596cef6457cd5f7c

SHA1
8a47002bfa1ad9c84174b16bbb42564ac22ec424

SHA256
67449e56f65a4d90c504ae4fc91740ea9309521eae44ce9bc2ef329a4b2d324b

SHA512
dd105e23ba20a68dbd91808d5ff4e523d3f255122fae1009e5817a7810250e17fa66fef44a24a54ac8e2cd959173aebc6b4ddd7c2e42e67ef8bc5ac1835be9d5

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\WW.GL.dll

Filesize
110KB

MD5
45c4b893a682491be2b288487e189134

SHA1
10c47e9b2100803cf1f38899706cbfd9cc4948f8

SHA256
5033c66a9a2254c01f818ef2a26462f8516b871a94c0119cd9302a51bd99d80e

SHA512
5c53b81ecbecd6ffc25a3ab4f7a38f12a56181033a32a1f63ff1cc1f1896a258e5ac2d00c4b08750bfeaa3343f3abca707008fe0e0e1ac09dc6911c61c36f5bc

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\WW.License.dll

Filesize
7KB

MD5
09f96f2e415e17546ca92ca82fc5e99f

SHA1
ef5e7d6d1a3a0136ddba236585f20d0b0ed44b3c

SHA256
bf0793e8ea5311936d2b9ff2547ed2083b6d374d254689cf8b0cf6f7ef09f695

SHA512
aea04e4ed60d6c6002a7f4dccd05bb6f76f4c63aa53a617586fe548be296526d0d3d8c3195a92292c99b8e7d5bec5b36546de589048b55d2eaea314de700fd58

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\WW.Pdf.dll

Filesize
189KB

MD5
1e50e0eb7a515ecc0dc662137826b9b6

SHA1
08981186fe7d3d8a6475cddc2b675e2effd42834

SHA256
1e60753bafafa226f0aeb343ccad8c0ea0a297572cd454d93cbf20234617638f

SHA512
99bde2d3e77d5d7b06a6b1aefd148c8f65b59b704058d7ef5671a86216dc68600f6282f012d43b89ea4e53d874f350a8e88c0caf3a0eb7d12a9331a6a54f2cea

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\WW.dll

Filesize
1.2MB

MD5
90f6eabccb8e783251404d6e19e19e04

SHA1
cf6fde6b53413c35c56ffb5102377592ac8c2d29

SHA256
4f6d6d0f032aed8c109d3280d84e3f46bcdbb522a5f01ba62e477f3a8f26e26e

SHA512
8791bce4469a86d1684e14ea43b580636f9fa9a00c5fd28f4a640298700b45dc8f4662951475b6507ec56d39163474904e9f0abeee39b30089ac535329c9eaf0

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\fvp5.exe

Filesize
2.6MB

MD5
ec957803a70c69e35e2109ca876118b3

SHA1
376959c4112a01fbbd88393793f25593b832bcb9

SHA256
9a33c8e0337368747e22aec958f00df03eb3d0f0d6d722b345fef22a177bab07

SHA512
45214185955b58160e60179b1e16251ca9e5fc15b3c3b3a40e10116a2218d5d21e2db66238446bf11789594a290d15ec34b80c8b174099527077719c506fd016

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\fvp5.exe.config

Filesize
3KB

MD5
0683ff3b0bfb1123285328aff6620f1d

SHA1
37aa5dde6853d45063189374be8da22eed07dbdb

SHA256
5678f1d604d9b1eab3e295ceb4c3339e845e8c77afb84c2d38cb52dff1368bad

SHA512
a207497a8f3ab53f85803619ebb3e1ba6e2cb809682d4798c272ef8e7c21d453e85dfff24cb03ed989d370dbaa708422dd3d19efe485d92aa828ce184505d3dd

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\lib\exiftool_files\t\is-UBBPS.tmp

Filesize
193B

MD5
e3103fb863f7af1f2e983078dbd3b373

SHA1
b76af0b5231c5dca32aa967d6b6e821dfec5a6b9

SHA256
a72440ff75f5220d4ae84665c4386411ec3fa83702efda14054b911a5db90ba6

SHA512
58f472aa4ccea7f793d97e6b9355e0129d532db301125c66ac196c932cb21c3a0acb1589ffbf2e0b44c7d83c9641f75b9e7756a8206964a2e0c1e4f9ee75b150

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\lib\ielib64.dll

Filesize
3.1MB

MD5
2fc128c3b41c5a9cc4e2bf9f5d63d0e1

SHA1
bf9059b047c3dd997c37df8f1a85ef4bdf6ef47c

SHA256
96d220e5625ad40f67fd24c242e7cde57d0c210af9cb986f3591b501e23793bb

SHA512
df2cc9949e8d02a18068faf08d6afddbae9289f33b6daad64ff29fda718d089b65c655a240f2297fac1521cd61fc9978c6769d26b7d472da7e389fca1a3588c3

Download Submit
C:\Program Files (x86)\File Viewer Plus 5\skins.dll

Filesize
331KB

MD5
6a715cba23f1ddbb3ced64947137b0d3

SHA1
59ff92f0ade9ff16cc0c0a7ec56f9bd6018efc6d

SHA256
4f2717a254aa1a72721a22ed0a0dbfc142264a96893a26f6864d9b3ce7c4948f

SHA512
c7e79657f4004a13e08ba3aa8bbad4b5e553d9c998b1bc74bc213012d4e5cf3ec3416d8bd1340659c1d2066e648d24e89a405d60d952880c78d1e2dadc999e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5B785.tmp\fvp-optimize.exe

Filesize
49KB

MD5
54e066e8add0254e5c1c020a6bf4f13b

SHA1
326f0fe99a0770287244eda66115a8956b19db33

SHA256
e17b375720cc50b6090f3f1dbd821b7c8cabb1ef927b477f798421f867d1d591

SHA512
4da297bd65bcf853e87b67fb1f72e8053310bd0361998c5a3e6d218d5935ed11487bc084b80709e6d27012fcff28b192bc149efbeb1d3403d445cf2013427e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5B785.tmp\fvp-optimize.exe.config

Filesize
294B

MD5
a034a2d888648980b7f7b82905afcb1a

SHA1
63fddcdc96a27ff0cd588a35eafbffc03bf79e1e

SHA256
aeab7125cc07bd170a09ec67907bd9c9821cd7c932a72d84feea21f5817e3095

SHA512
6e9c411f924fa65fe3686df65b545f54cf0882fac3a51cab12355572bdfe6d2f7aae61766a84eb340b4fb3baabe12f33ebe68dcac00ca596aeb666ecbf90cf8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5B785.tmp\psvince.dll

Filesize
36KB

MD5
a4e5c512b047a6d9dc38549161cac4de

SHA1
49d3e74f9604a6c61cda04ccc6d3cda87e280dfb

SHA256
c7f1e7e866834d9024f97c2b145c09d106e447e8abd65a10a1732116d178e44e

SHA512
2edb8a492b8369d56dda735a652c9e08539a5c4709a794efaff91adcae192a636d0545725af16cf8c31b275b34c2f19e4b019b57fb9050b99de65a4c08e3eee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PEI05.tmp\fvp_setup_5.2.0.21fi.tmp

Filesize
1.2MB

MD5
a70e87dec0176e40d6db823a80338903

SHA1
424caad55e77bee0b5f077f481c2acaa2f4617ec

SHA256
dd7520a8640bf5f86b4f8ce6cc29980d2203f5240f8a54e882a4be5a4f35cead

SHA512
4108f14a9a3da178f479c4b408933fc7ce654e323913105c35b74fe649cb19ca1ea4d64d7e618e8448fe76046e9a36746d839d46a96622beb7441057a63926f0

Download Submit
memory/400-4041-0x0000064449A20000-0x0000064449B18000-memory.dmp

Filesize
992KB

Download
memory/2460-4069-0x00000644451A0000-0x00000644454A4000-memory.dmp

Filesize
3.0MB

Download
memory/3012-4055-0x0000064443EC0000-0x0000064443F11000-memory.dmp

Filesize
324KB

Download
memory/3644-3905-0x000001B480870000-0x000001B480A14000-memory.dmp

Filesize
1.6MB

Download
memory/3644-3936-0x000001B47BE00000-0x000001B47BE1A000-memory.dmp

Filesize
104KB

Download
memory/3644-3885-0x000001B480B10000-0x000001B4811BC000-memory.dmp

Filesize
6.7MB

Download
memory/3644-3883-0x000001B47E940000-0x000001B47EB54000-memory.dmp

Filesize
2.1MB

Download
memory/3644-3889-0x000001B4832A0000-0x000001B483B4C000-memory.dmp

Filesize
8.7MB

Download
memory/3644-3881-0x000001B47AE20000-0x000001B47AE7A000-memory.dmp

Filesize
360KB

Download
memory/3644-3891-0x000001B484AA0000-0x000001B4859E6000-memory.dmp

Filesize
15.3MB

Download
memory/3644-3879-0x000001B481B80000-0x000001B48329A000-memory.dmp

Filesize
23.1MB

Download
memory/3644-3893-0x000001B480460000-0x000001B480866000-memory.dmp

Filesize
4.0MB

Download
memory/3644-3897-0x000001B47EE60000-0x000001B47F160000-memory.dmp

Filesize
3.0MB

Download
memory/3644-3875-0x000001B47BCC0000-0x000001B47BDB8000-memory.dmp

Filesize
992KB

Download
memory/3644-3877-0x000001B47AF80000-0x000001B47B02E000-memory.dmp

Filesize
696KB

Download
memory/3644-3901-0x000001B47EB60000-0x000001B47EC8C000-memory.dmp

Filesize
1.2MB

Download
memory/3644-3899-0x000001B47AA10000-0x000001B47AA56000-memory.dmp

Filesize
280KB

Download
memory/3644-3873-0x000001B47AED0000-0x000001B47AF78000-memory.dmp

Filesize
672KB

Download
memory/3644-3871-0x000001B47FF10000-0x000001B480460000-memory.dmp

Filesize
5.3MB

Download
memory/3644-3895-0x000001B47BF00000-0x000001B47C03A000-memory.dmp

Filesize
1.2MB

Download
memory/3644-3869-0x000001B47A930000-0x000001B47A948000-memory.dmp

Filesize
96KB

Download
memory/3644-3865-0x000001B47AD90000-0x000001B47AE1A000-memory.dmp

Filesize
552KB

Download
memory/3644-3969-0x000001B481AF0000-0x000001B481B0C000-memory.dmp

Filesize
112KB

Download
memory/3644-3907-0x000001B484140000-0x000001B48472A000-memory.dmp

Filesize
5.9MB

Download
memory/3644-3863-0x000001B47FAA0000-0x000001B47FF08000-memory.dmp

Filesize
4.4MB

Download
memory/3644-3903-0x000001B481570000-0x000001B48191E000-memory.dmp

Filesize
3.7MB

Download
memory/3644-3909-0x000001B47AD00000-0x000001B47AD3E000-memory.dmp

Filesize
248KB

Download
memory/3644-3915-0x000001B47EC90000-0x000001B47EDAC000-memory.dmp

Filesize
1.1MB

Download
memory/3644-3917-0x000001B4811C0000-0x000001B4812B8000-memory.dmp

Filesize
992KB

Download
memory/3644-3861-0x000001B47F1F0000-0x000001B47FA92000-memory.dmp

Filesize
8.6MB

Download
memory/3644-3918-0x000001B47BE40000-0x000001B47BEB6000-memory.dmp

Filesize
472KB

Download
memory/3644-3859-0x000001B47B080000-0x000001B47B3F4000-memory.dmp

Filesize
3.5MB

Download
memory/3644-3913-0x000001B47B460000-0x000001B47B4BA000-memory.dmp

Filesize
360KB

Download
memory/3644-3919-0x000001B481920000-0x000001B481AA6000-memory.dmp

Filesize
1.5MB

Download
memory/3644-3857-0x000001B47A9A0000-0x000001B47AA10000-memory.dmp

Filesize
448KB

Download
memory/3644-3911-0x000001B4859F0000-0x000001B485EDA000-memory.dmp

Filesize
4.9MB

Download
memory/3644-3853-0x000001B47A8F0000-0x000001B47A90E000-memory.dmp

Filesize
120KB

Download
memory/3644-3855-0x000001B47A910000-0x000001B47A924000-memory.dmp

Filesize
80KB

Download
memory/3644-3920-0x000001B47AE80000-0x000001B47AED0000-memory.dmp

Filesize
320KB

Download
memory/3644-3921-0x000001B4812C0000-0x000001B481372000-memory.dmp

Filesize
712KB

Download
memory/3644-3922-0x000001B47B030000-0x000001B47B052000-memory.dmp

Filesize
136KB

Download
memory/3644-3923-0x000001B47B400000-0x000001B47B422000-memory.dmp

Filesize
136KB

Download
memory/3644-3924-0x000001B481380000-0x000001B48143A000-memory.dmp

Filesize
744KB

Download
memory/3644-3926-0x000001B47AD40000-0x000001B47AD52000-memory.dmp

Filesize
72KB

Download
memory/3644-3925-0x000001B47BDC0000-0x000001B47BDFC000-memory.dmp

Filesize
240KB

Download
memory/3644-3927-0x000001B418530000-0x000001B418A58000-memory.dmp

Filesize
5.2MB

Download
memory/3644-3928-0x000001B418040000-0x000001B41807A000-memory.dmp

Filesize
232KB

Download
memory/3644-3929-0x000001B47AD60000-0x000001B47AD7C000-memory.dmp

Filesize
112KB

Download
memory/3644-3930-0x000001B485EE0000-0x000001B4863AC000-memory.dmp

Filesize
4.8MB

Download
memory/3644-3931-0x000001B47B060000-0x000001B47B072000-memory.dmp

Filesize
72KB

Download
memory/3644-3932-0x000001B47B430000-0x000001B47B450000-memory.dmp

Filesize
128KB

Download
memory/3644-3933-0x000001B47BEC0000-0x000001B47BEF2000-memory.dmp

Filesize
200KB

Download
memory/3644-3934-0x000001B47EDB0000-0x000001B47EDF4000-memory.dmp

Filesize
272KB

Download
memory/3644-3935-0x000001B47B4C0000-0x000001B47B4DE000-memory.dmp

Filesize
120KB

Download
memory/3644-3887-0x000001B47A8D0000-0x000001B47A8DE000-memory.dmp

Filesize
56KB

Download
memory/3644-3937-0x000001B483B50000-0x000001B483C72000-memory.dmp

Filesize
1.1MB

Download
memory/3644-3938-0x000001B418080000-0x000001B4180FE000-memory.dmp

Filesize
504KB

Download
memory/3644-3939-0x000001B47BE20000-0x000001B47BE40000-memory.dmp

Filesize
128KB

Download
memory/3644-3940-0x000001B47EE00000-0x000001B47EE2E000-memory.dmp

Filesize
184KB

Download
memory/3644-3941-0x000001B4863B0000-0x000001B48678A000-memory.dmp

Filesize
3.9MB

Download
memory/3644-3942-0x000001B481440000-0x000001B4814EA000-memory.dmp

Filesize
680KB

Download
memory/3644-3851-0x000001B47A8C0000-0x000001B47A8C8000-memory.dmp

Filesize
32KB

Download
memory/3644-3944-0x000001B486C80000-0x000001B48716E000-memory.dmp

Filesize
4.9MB

Download
memory/3644-3946-0x000001B480A20000-0x000001B480AA4000-memory.dmp

Filesize
528KB

Download
memory/3644-3850-0x000001B47E4D0000-0x000001B47E93C000-memory.dmp

Filesize
4.4MB

Download
memory/3644-3947-0x000001B483D90000-0x000001B483E9A000-memory.dmp

Filesize
1.0MB

Download
memory/3644-3948-0x000001B480AB0000-0x000001B480B10000-memory.dmp

Filesize
384KB

Download
memory/3644-3949-0x000001B47EE30000-0x000001B47EE54000-memory.dmp

Filesize
144KB

Download
memory/3644-3950-0x000001B47F160000-0x000001B47F1A4000-memory.dmp

Filesize
272KB

Download
memory/3644-3951-0x000001B47F1B0000-0x000001B47F1DA000-memory.dmp

Filesize
168KB

Download
memory/3644-3952-0x000001B4814F0000-0x000001B481522000-memory.dmp

Filesize
200KB

Download
memory/3644-3953-0x000001B483C80000-0x000001B483D0C000-memory.dmp

Filesize
560KB

Download
memory/3644-3954-0x000001B484730000-0x000001B4848A6000-memory.dmp

Filesize
1.5MB

Download
memory/3644-3955-0x000001B47A8E0000-0x000001B47A8EC000-memory.dmp

Filesize
48KB

Download
memory/3644-3956-0x000001B481530000-0x000001B481552000-memory.dmp

Filesize
136KB

Download
memory/3644-3957-0x000001B418A60000-0x000001B418E29000-memory.dmp

Filesize
3.8MB

Download
memory/3644-3958-0x000001B418360000-0x000001B4183C0000-memory.dmp

Filesize
384KB

Download
memory/3644-3959-0x000001B483EA0000-0x000001B483F48000-memory.dmp

Filesize
672KB

Download
memory/3644-3960-0x000001B47A950000-0x000001B47A95E000-memory.dmp

Filesize
56KB

Download
memory/3644-3961-0x000001B481AB0000-0x000001B481AE8000-memory.dmp

Filesize
224KB

Download
memory/3644-3971-0x000001B483D10000-0x000001B483D46000-memory.dmp

Filesize
216KB

Download
memory/3644-3964-0x000001B484030000-0x000001B484104000-memory.dmp

Filesize
848KB

Download
memory/3644-3965-0x000001B47C060000-0x000001B47C072000-memory.dmp

Filesize
72KB

Download
memory/3644-3848-0x000001B47B4E0000-0x000001B47BCBC000-memory.dmp

Filesize
7.9MB

Download
memory/3644-3846-0x000001B47C090000-0x000001B47D41E000-memory.dmp

Filesize
19.6MB

Download
memory/3644-3975-0x000001B47A960000-0x000001B47A968000-memory.dmp

Filesize
32KB

Download
memory/3644-3844-0x000001B47A240000-0x000001B47A24A000-memory.dmp

Filesize
40KB

Download
memory/3644-3973-0x000001B481B40000-0x000001B481B62000-memory.dmp

Filesize
136KB

Download
memory/3644-3841-0x000001B47AA60000-0x000001B47ACF4000-memory.dmp

Filesize
2.6MB

Download
memory/3900-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3900-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/3900-11-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4060-12-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download
memory/4060-3963-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download
memory/4060-6-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download
memory/4060-2894-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download
memory/4060-1185-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download
memory/4180-4083-0x0000064449980000-0x00000644499D8000-memory.dmp

Filesize
352KB

Download
memory/4220-4027-0x000006448A000000-0x000006448A017000-memory.dmp

Filesize
92KB

Download
memory/4320-4097-0x0000064445320000-0x000006444561E000-memory.dmp

Filesize
3.0MB

Download
memory/4944-3836-0x0000000072870000-0x0000000073020000-memory.dmp

Filesize
7.7MB

Download
memory/4944-3831-0x000000007287E000-0x000000007287F000-memory.dmp

Filesize
4KB

Download
memory/4944-3832-0x0000000000F30000-0x0000000000F42000-memory.dmp

Filesize
72KB

Download
memory/4944-3833-0x0000000005DD0000-0x0000000006374000-memory.dmp

Filesize
5.6MB

Download
memory/4944-3834-0x0000000005820000-0x00000000058B2000-memory.dmp

Filesize
584KB

Download
memory/4944-3837-0x0000000072870000-0x0000000073020000-memory.dmp

Filesize
7.7MB

Download
memory/4944-3835-0x0000000005800000-0x000000000580A000-memory.dmp

Filesize
40KB

Download