eternity | c9e0b0b6d477d32ab604417e59bb37586ecb3d708ce40481239bafaa425e2823

Analysis

max time kernel
34s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Growlauncher.exe
Size

105.4MB
MD5

55b5c5a5e18388025249a2a2a24c09df
SHA1

1c10684b24c605f805bfd94f8ee74544f32b98d8
SHA256

c9e0b0b6d477d32ab604417e59bb37586ecb3d708ce40481239bafaa425e2823
SHA512

db04d0c7248b6a4963a781d466d7d808270276b9335bcf26afe60ba37102fb7a3ffb4a167563da03dbbbd12d431f0871cfaa23e9bed6caaaeec96d2ffc3a82b7
SSDEEP

3145728:+vbzmWSkB05awcf0t3MgjQwIIuUjOE5snfdC0Y0T:ISki88Mph00fH

Score

10^/10

eternity growtopia umbral credential_access discovery evasion execution persistence spyware stealer trojan upx

Malware Config

Signatures

Detect Umbral payload 3 IoCs

resource	yara_rule
behavioral1/memory/220-5-0x0000000022120000-0x000000002558C000-memory.dmp	family_umbral
behavioral1/files/0x000700000002346c-54.dat	family_umbral
behavioral1/memory/4692-84-0x000001DCDCC30000-0x000001DCDCC70000-memory.dmp	family_umbral

Detects Eternity stealer 4 IoCs

stealer

resource	yara_rule
behavioral1/memory/220-1-0x0000000000860000-0x0000000001860000-memory.dmp	eternity_stealer
behavioral1/memory/220-5-0x0000000022120000-0x000000002558C000-memory.dmp	eternity_stealer
behavioral1/files/0x0009000000023468-18.dat	eternity_stealer
behavioral1/memory/4104-27-0x0000000000E40000-0x0000000000F26000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Growtopia
Growtopa is an opensource modular stealer written in C#.
stealer growtopia

Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Growlauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	Growlauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	Growlauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	Growlauncher.exe

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Enumerates VirtualBox DLL files 2 TTPs 2 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	System.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	System.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4088	powershell.exe
4340	powershell.exe
4048	powershell.exe
1048	powershell.exe
6248	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
2268	attrib.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Growlauncher.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe	Windows.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe	Windows.exe

Executes dropped EXE 7 IoCs

pid	Process
4256	dcd.exe
4104	Windows.exe
4724	System.exe
4692	svchost.exe
4836	dcd.exe
4660	System.exe
4932	System.exe

Loads dropped DLL 64 IoCs

pid	Process
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023566-1228.dat	upx
behavioral1/memory/4660-1233-0x00007FFA93DA0000-0x00007FFA94479000-memory.dmp	upx
behavioral1/files/0x0007000000023516-1249.dat	upx
behavioral1/files/0x00070000000234e8-1282.dat	upx
behavioral1/files/0x00070000000234e7-1281.dat	upx
behavioral1/files/0x00070000000234e6-1280.dat	upx
behavioral1/files/0x00070000000234e5-1279.dat	upx
behavioral1/files/0x00070000000234e4-1278.dat	upx
behavioral1/memory/4660-1285-0x00007FFA98DE0000-0x00007FFA98E0D000-memory.dmp	upx
behavioral1/memory/4660-1286-0x00007FFA91D00000-0x00007FFA92229000-memory.dmp	upx
behavioral1/memory/4660-1290-0x00007FFAA8450000-0x00007FFAA845D000-memory.dmp	upx
behavioral1/memory/4660-1298-0x00007FFA97E30000-0x00007FFA97E3C000-memory.dmp	upx
behavioral1/memory/4660-1313-0x00007FFA970A0000-0x00007FFA970C2000-memory.dmp	upx
behavioral1/memory/4660-1314-0x00007FFA97C60000-0x00007FFA97C93000-memory.dmp	upx
behavioral1/memory/4660-1312-0x00007FFA97940000-0x00007FFA9794C000-memory.dmp	upx
behavioral1/memory/4660-1311-0x00007FFA97950000-0x00007FFA97962000-memory.dmp	upx
behavioral1/memory/4660-1310-0x00007FFA97970000-0x00007FFA9797D000-memory.dmp	upx
behavioral1/memory/4660-1309-0x00007FFA97A70000-0x00007FFA97A7C000-memory.dmp	upx
behavioral1/memory/4660-1308-0x00007FFA97A80000-0x00007FFA97A8C000-memory.dmp	upx
behavioral1/memory/4660-1307-0x00007FFA97A90000-0x00007FFA97A9B000-memory.dmp	upx
behavioral1/memory/4660-1306-0x00007FFA97AA0000-0x00007FFA97AAB000-memory.dmp	upx
behavioral1/memory/4660-1305-0x00007FFA97AB0000-0x00007FFA97ABC000-memory.dmp	upx
behavioral1/memory/4660-1304-0x00007FFA97AC0000-0x00007FFA97ACE000-memory.dmp	upx
behavioral1/memory/4660-1303-0x00007FFA97AD0000-0x00007FFA97ADC000-memory.dmp	upx
behavioral1/memory/4660-1302-0x00007FFA97AE0000-0x00007FFA97AEC000-memory.dmp	upx
behavioral1/memory/4660-1301-0x00007FFA97AF0000-0x00007FFA97AFB000-memory.dmp	upx
behavioral1/memory/4660-1300-0x00007FFA97B00000-0x00007FFA97B0C000-memory.dmp	upx
behavioral1/memory/4660-1299-0x00007FFA97BF0000-0x00007FFA97BFB000-memory.dmp	upx
behavioral1/memory/4660-1297-0x00007FFA97E40000-0x00007FFA97E4B000-memory.dmp	upx
behavioral1/memory/4660-1296-0x00007FFA9CA00000-0x00007FFA9CA0B000-memory.dmp	upx
behavioral1/memory/4660-1295-0x00007FFA97170000-0x00007FFA9728B000-memory.dmp	upx
behavioral1/memory/4660-1294-0x00007FFA97C30000-0x00007FFA97C57000-memory.dmp	upx
behavioral1/memory/4660-1293-0x00007FFAA6370000-0x00007FFAA637D000-memory.dmp	upx
behavioral1/memory/4660-1292-0x00007FFA97290000-0x00007FFA9735D000-memory.dmp	upx
behavioral1/memory/4660-1289-0x00007FFA98DA0000-0x00007FFA98DB9000-memory.dmp	upx
behavioral1/memory/4660-1288-0x00007FFA98DC0000-0x00007FFA98DD4000-memory.dmp	upx
behavioral1/memory/4660-1287-0x00007FFAA08D0000-0x00007FFAA08E9000-memory.dmp	upx
behavioral1/memory/4660-1284-0x00007FFAAE240000-0x00007FFAAE24F000-memory.dmp	upx
behavioral1/memory/4660-1283-0x00007FFA98E10000-0x00007FFA98E35000-memory.dmp	upx
behavioral1/files/0x00070000000234e3-1277.dat	upx
behavioral1/files/0x00070000000234e2-1276.dat	upx
behavioral1/files/0x00070000000234e0-1275.dat	upx
behavioral1/files/0x00070000000234df-1274.dat	upx
behavioral1/files/0x00070000000234de-1273.dat	upx
behavioral1/files/0x00070000000234dc-1272.dat	upx
behavioral1/files/0x00070000000234da-1271.dat	upx
behavioral1/files/0x0007000000023938-1270.dat	upx
behavioral1/files/0x000700000002392d-1268.dat	upx
behavioral1/files/0x00070000000238cf-1267.dat	upx
behavioral1/files/0x000700000002356c-1266.dat	upx
behavioral1/files/0x000700000002356a-1265.dat	upx
behavioral1/files/0x0007000000023569-1264.dat	upx
behavioral1/files/0x00070000000234d7-1263.dat	upx
behavioral1/files/0x00070000000234d6-1262.dat	upx
behavioral1/files/0x00070000000234d5-1261.dat	upx
behavioral1/files/0x00070000000234d4-1260.dat	upx
behavioral1/files/0x000700000002353b-1259.dat	upx
behavioral1/files/0x0007000000023538-1258.dat	upx
behavioral1/files/0x000700000002351e-1257.dat	upx
behavioral1/files/0x000700000002351d-1256.dat	upx
behavioral1/files/0x000700000002351c-1255.dat	upx
behavioral1/files/0x000700000002351b-1254.dat	upx
behavioral1/files/0x000700000002351a-1253.dat	upx
behavioral1/files/0x0007000000023519-1252.dat	upx

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	Growlauncher.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\Windows\\System.exe"	System.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
46	discord.com
47	discord.com
49	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
33	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dcd.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
6728	wmic.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
6064	taskkill.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
4692	svchost.exe
4088	powershell.exe
4088	powershell.exe
4088	powershell.exe
4048	powershell.exe
4048	powershell.exe
4048	powershell.exe
1048	powershell.exe
1048	powershell.exe
1048	powershell.exe
3548	powershell.exe
3548	powershell.exe
3548	powershell.exe
4836	powershell.exe
4836	powershell.exe
4836	powershell.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4660	System.exe
4340	powershell.exe
4340	powershell.exe
4340	powershell.exe
6248	powershell.exe
6248	powershell.exe
6248	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	220	Growlauncher.exe
Token: SeDebugPrivilege	4104	Windows.exe
Token: SeDebugPrivilege	4692	svchost.exe
Token: SeIncreaseQuotaPrivilege	4304	wmic.exe
Token: SeSecurityPrivilege	4304	wmic.exe
Token: SeTakeOwnershipPrivilege	4304	wmic.exe
Token: SeLoadDriverPrivilege	4304	wmic.exe
Token: SeSystemProfilePrivilege	4304	wmic.exe
Token: SeSystemtimePrivilege	4304	wmic.exe
Token: SeProfSingleProcessPrivilege	4304	wmic.exe
Token: SeIncBasePriorityPrivilege	4304	wmic.exe
Token: SeCreatePagefilePrivilege	4304	wmic.exe
Token: SeBackupPrivilege	4304	wmic.exe
Token: SeRestorePrivilege	4304	wmic.exe
Token: SeShutdownPrivilege	4304	wmic.exe
Token: SeDebugPrivilege	4304	wmic.exe
Token: SeSystemEnvironmentPrivilege	4304	wmic.exe
Token: SeRemoteShutdownPrivilege	4304	wmic.exe
Token: SeUndockPrivilege	4304	wmic.exe
Token: SeManageVolumePrivilege	4304	wmic.exe
Token: 33	4304	wmic.exe
Token: 34	4304	wmic.exe
Token: 35	4304	wmic.exe
Token: 36	4304	wmic.exe
Token: SeIncreaseQuotaPrivilege	4304	wmic.exe
Token: SeSecurityPrivilege	4304	wmic.exe
Token: SeTakeOwnershipPrivilege	4304	wmic.exe
Token: SeLoadDriverPrivilege	4304	wmic.exe
Token: SeSystemProfilePrivilege	4304	wmic.exe
Token: SeSystemtimePrivilege	4304	wmic.exe
Token: SeProfSingleProcessPrivilege	4304	wmic.exe
Token: SeIncBasePriorityPrivilege	4304	wmic.exe
Token: SeCreatePagefilePrivilege	4304	wmic.exe
Token: SeBackupPrivilege	4304	wmic.exe
Token: SeRestorePrivilege	4304	wmic.exe
Token: SeShutdownPrivilege	4304	wmic.exe
Token: SeDebugPrivilege	4304	wmic.exe
Token: SeSystemEnvironmentPrivilege	4304	wmic.exe
Token: SeRemoteShutdownPrivilege	4304	wmic.exe
Token: SeUndockPrivilege	4304	wmic.exe
Token: SeManageVolumePrivilege	4304	wmic.exe
Token: 33	4304	wmic.exe
Token: 34	4304	wmic.exe
Token: 35	4304	wmic.exe
Token: 36	4304	wmic.exe
Token: SeDebugPrivilege	4088	powershell.exe
Token: SeDebugPrivilege	4048	powershell.exe
Token: SeDebugPrivilege	1048	powershell.exe
Token: SeDebugPrivilege	3548	powershell.exe
Token: SeDebugPrivilege	4660	System.exe
Token: SeDebugPrivilege	4836	powershell.exe
Token: SeDebugPrivilege	4340	powershell.exe
Token: SeIncreaseQuotaPrivilege	4580	wmic.exe
Token: SeSecurityPrivilege	4580	wmic.exe
Token: SeTakeOwnershipPrivilege	4580	wmic.exe
Token: SeLoadDriverPrivilege	4580	wmic.exe
Token: SeSystemProfilePrivilege	4580	wmic.exe
Token: SeSystemtimePrivilege	4580	wmic.exe
Token: SeProfSingleProcessPrivilege	4580	wmic.exe
Token: SeIncBasePriorityPrivilege	4580	wmic.exe
Token: SeCreatePagefilePrivilege	4580	wmic.exe
Token: SeBackupPrivilege	4580	wmic.exe
Token: SeRestorePrivilege	4580	wmic.exe
Token: SeShutdownPrivilege	4580	wmic.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 4256	220	Growlauncher.exe	89
PID 220 wrote to memory of 4256	220	Growlauncher.exe	89
PID 220 wrote to memory of 4256	220	Growlauncher.exe	89
PID 220 wrote to memory of 4104	220	Growlauncher.exe	90
PID 220 wrote to memory of 4104	220	Growlauncher.exe	90
PID 220 wrote to memory of 4724	220	Growlauncher.exe	91
PID 220 wrote to memory of 4724	220	Growlauncher.exe	91
PID 220 wrote to memory of 4692	220	Growlauncher.exe	92
PID 220 wrote to memory of 4692	220	Growlauncher.exe	92
PID 4104 wrote to memory of 4836	4104	Windows.exe	114
PID 4104 wrote to memory of 4836	4104	Windows.exe	114
PID 4104 wrote to memory of 4836	4104	Windows.exe	114
PID 4692 wrote to memory of 4304	4692	svchost.exe	94
PID 4692 wrote to memory of 4304	4692	svchost.exe	94
PID 4692 wrote to memory of 4088	4692	svchost.exe	97
PID 4692 wrote to memory of 4088	4692	svchost.exe	97
PID 4692 wrote to memory of 4048	4692	svchost.exe	100
PID 4692 wrote to memory of 4048	4692	svchost.exe	100
PID 4724 wrote to memory of 4660	4724	System.exe	105
PID 4724 wrote to memory of 4660	4724	System.exe	105
PID 4692 wrote to memory of 1048	4692	svchost.exe	109
PID 4692 wrote to memory of 1048	4692	svchost.exe	109
PID 220 wrote to memory of 3548	220	Growlauncher.exe	112
PID 220 wrote to memory of 3548	220	Growlauncher.exe	112
PID 4692 wrote to memory of 4836	4692	svchost.exe	114
PID 4692 wrote to memory of 4836	4692	svchost.exe	114
PID 4660 wrote to memory of 4340	4660	System.exe	119
PID 4660 wrote to memory of 4340	4660	System.exe	119
PID 4692 wrote to memory of 4580	4692	svchost.exe	121
PID 4692 wrote to memory of 4580	4692	svchost.exe	121
PID 4660 wrote to memory of 3388	4660	System.exe	123
PID 4660 wrote to memory of 3388	4660	System.exe	123
PID 4692 wrote to memory of 4508	4692	svchost.exe	125
PID 4692 wrote to memory of 4508	4692	svchost.exe	125
PID 3388 wrote to memory of 2268	3388	cmd.exe	127
PID 3388 wrote to memory of 2268	3388	cmd.exe	127
PID 4692 wrote to memory of 3380	4692	svchost.exe	128
PID 4692 wrote to memory of 3380	4692	svchost.exe	128
PID 3388 wrote to memory of 4932	3388	cmd.exe	130
PID 3388 wrote to memory of 4932	3388	cmd.exe	130
PID 3388 wrote to memory of 6064	3388	cmd.exe	131
PID 3388 wrote to memory of 6064	3388	cmd.exe	131
PID 4692 wrote to memory of 6248	4692	svchost.exe	132
PID 4692 wrote to memory of 6248	4692	svchost.exe	132
PID 4692 wrote to memory of 6728	4692	svchost.exe	134
PID 4692 wrote to memory of 6728	4692	svchost.exe	134

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2268	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Growlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\Growlauncher.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Checks computer location settings
- Windows security modification
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:220
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4256
- C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\Windows.exe
  "C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\Windows.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4104
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:4836
- C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\System.exe
  "C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\System.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\System.exe
    "C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\System.exe"
    3⤵
    - Enumerates VirtualBox DLL files
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4660
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Windows\""
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4340
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\Windows\activate.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3388
    - - C:\Windows\system32\attrib.exe
        
        attrib +s +h .
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:2268
    - - C:\Users\Admin\Windows\System.exe
        
        "System.exe"
        5⤵
        Executes dropped EXE
        
        PID:4932
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im "System.exe"
        5⤵
        Kills process with taskkill
        
        PID:6064
- C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4692
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4304
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\svchost.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4048
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1048
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4836
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" os get Caption
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4580
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" computersystem get totalphysicalmemory
    3⤵
    PID:4508
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:3380
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:6248
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic" path win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:6728
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
440cb38dbee06645cc8b74d51f6e5f71

SHA1
d7e61da91dc4502e9ae83281b88c1e48584edb7c

SHA256
8ef7a682dfd99ff5b7e9de0e1be43f0016d68695a43c33c028af2635cc15ecfe

SHA512
3aab19578535e6ba0f6beb5690c87d970292100704209d2dcebddcdd46c6bead27588ef5d98729bfd50606a54cc1edf608b3d15bef42c13b9982aaaf15de7fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
1ca947063bf8c58838fa7455bd0b36d6

SHA1
045ce9620e4c4df8225e72dd1f5e6a3e2b977e53

SHA256
5eb2ec3df52dbc0b6404dc0fb61f76fc4cd510f56a799140fdece2e626da6142

SHA512
5e20dc999d0103d9927ab3ea3c272977e74cb0b63c0e533b9ea20094713155a4cd7d918dce6f50ccc6a3c6217439ae6bca87f44c6fc5752f9107a0e1efb8601b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\SDL2.dll

Filesize
635KB

MD5
2b13a3f2fc8f9cdb3161374c4bc85f86

SHA1
9039a90804dba7d6abb2bcf3068647ba8cab8901

SHA256
110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6

SHA512
2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_asyncio.pyd

Filesize
37KB

MD5
903d6e21494dff27b52ad277116d47dc

SHA1
127b111023212dd58c2a92e063a9215e300addec

SHA256
ef50d13e0d5add93912c0d56ffbee45f282f1138150662cf093ef406eb9dfaf1

SHA512
0088f4865ec31d7c141c6cdc81468a07939f1c0959660c83851845356854e70bcc38ca5494bce4e3b0556ef0fae2b1252e1718ee6e32957c4d8e06aaa836c75f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_bz2.pyd

Filesize
48KB

MD5
60094641f4b17ee6386712ad6e851ae8

SHA1
5ffc23b6dbcac0c0c921060bf9cfc6d45a3fcb7a

SHA256
460e98ecb5b367812358712b62e2b6e35d29879932dea94ede221ce14543a6b2

SHA512
c3d7c80883dd36f195248aa674b4626a95cb5fe7eff7e2c0b39524b3d0c291b121b7473cb4c705b84e991ba0d7b96b42e94f98d349452ebdcca19c5cfaf047e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_cffi_backend.cp312-win_amd64.pyd

Filesize
71KB

MD5
6e8500d570b12d9e76c94ad5a22b6f21

SHA1
702b6310c0fa791d3901a8372782c6bf387f1adb

SHA256
e320d83858d951b1dc97a8260e54d0c760706dd2d5471f22642926ec69881e04

SHA512
9cf0a44baebe4eb01f02d5596bbc7b4fd09ac81d4b345da3d52159226462f27abcbf6f6aab43f549a57ef34bf437c1f3e4b1fb78cd7a7bb5c1f291495d2dff58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_ctypes.pyd

Filesize
59KB

MD5
198a370f07d31ad40b301df5a1d24377

SHA1
db1501b2f13fdd73954a23d1e1d184c1c41e1ac4

SHA256
78c6fb67d637be081d72d1da32d75336efd973ba1b4e6ca42a7df6b37e343a28

SHA512
0fbb0c4b82b0c886ea21e4c90e4bb0d82e98a55e01b6c4257477378a2cf9355a7a496cf8dc8abb9eb3a941eacef6fe5ff385e4d249f6b21343ecad6ebfc7ddbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_decimal.pyd

Filesize
105KB

MD5
54b4815fe3acc67aacbfd33a8992908c

SHA1
ea479c765a50b5b7f2d0766176f555b01fddff28

SHA256
8908ed833be3d4aa5f4e9227248b1661672afbf96d0b5eb4e56485447f3f5993

SHA512
e02415909443b431b1d510a686cd267d63cd1767464725793040b7af7f536f40231c48ea8d20a46a542e9059e617aa992151b0607afaf8228d0de7b295b536af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_elementtree.pyd

Filesize
59KB

MD5
9577a458371a4612b2f5bbfcc50792b0

SHA1
f69f690a1d5a9e3873898973c7655b0941991cb2

SHA256
0861cab4d4141845f4668df5d1793b6e12ad14037558c45b94df9065baec22d0

SHA512
a899c0dbb91856446b5ea927c8aaad4292aa775b9b958943b1b473761782bed09a06ad730d05fc5cc67c617240dcc45ad1dc69d42244eb94550274c3e2805ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_hashlib.pyd

Filesize
35KB

MD5
a6ba77793273904ec4a8ed44d8bc9c79

SHA1
f18d4fe31d50ef3393aaf131588d2b712c2ee0a8

SHA256
7257ad7ad7e768c45ccfdc87fd68108e1bc6b7afb289b4440c4cff515b280596

SHA512
03f596570c4d9c3177143bbf9c9eca09cb76017c829bcbb465ffba5241ff828728d942c4d505d3dca664a9c40b20161a70056e99b54cc8a622d9e57d9c56d1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_lzma.pyd

Filesize
86KB

MD5
3a5979717fe4aad3e98586c4e59c91dc

SHA1
a2f6dc447708619ed164c324822b8bcb4b088981

SHA256
faa8f4c6982d92438c9085a5fa914af0669277be7395564ef295f6eff6d8771b

SHA512
3954b074b78c73cfb20c14f2e916d367e1208dac49c4978f5b69ac650fad3fc72ee619eb7e4ea028c517bda93103cc300df14c4497393796ee4440d13026ff90

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_multiprocessing.pyd

Filesize
27KB

MD5
e6d092d738375704281c5cdd11254b60

SHA1
79c803de74c44f5e7b39eefd9fd18e440e52eebb

SHA256
72daee8279e7a412d7d82ec6582dc69e5cc0f6e4b73ab348c463c5cc835fb0bf

SHA512
d3f480ccbe329319d5bb6cd390b8303ed4abb90e64d566c0f84821a1973003700871ff654313f792514de62e15d1f3b8e123abcca6199feaba3d2ca99bafe5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_overlapped.pyd

Filesize
33KB

MD5
a1f2d1d5174e557cf17258484ea0c666

SHA1
16290115f744feb9018e30c60721211c15b9aecf

SHA256
f8625a4e0b8415050a152878d74351bd13071edf6f47261e4b614ca857018da3

SHA512
79519d59ed1b2b5d5c5dcb1673044df6cb6f544783ba5fb37f17e6d1c3fcfc5b5d7008042bfa06f02e39f130d5838e5ff39caa09117baeb6db2f4449307feb98

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_queue.pyd

Filesize
26KB

MD5
091014c7fa1e2c0f8e2e6b31de22fa6c

SHA1
bce793238cf039938933097d35a75d298f20f06d

SHA256
0695be59bf49c7963c2e24b184f71320d61439291f345ef7ff557c016577bf0b

SHA512
8414d5c9768bbf1b04dfc61348cd17e4529dcb6ab48618254c424212cb35b7695b045c4bc671563f661f52cb73512498af25e4cbe8e10da82c129ac89e12f5d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_socket.pyd

Filesize
44KB

MD5
60c9ee3032e6e54b40cd41de85a776c7

SHA1
0f503570f99b83f79861260700f7e95d61e3a6ee

SHA256
466bdebd099e4f67f22d8ac27b7ec241c00bba5e15cc708deb39c577cac7453a

SHA512
4544d711e0a00a9350bdf0e77a2930ce161ca77c3dba054275b1f06da28ba5c96a5822fbeeecdd73275d392baa00ed80a54daba93afac343249831b7c499700d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_sqlite3.pyd

Filesize
57KB

MD5
ad414a49997ea190a97824380c56363a

SHA1
adcf55abe4e4434b4233fdab3ae0494990a807b2

SHA256
a7191f7292a565c8f35f05d9d6d5e18f54986fc7a4455eba5b9d05e2e9f3d2e1

SHA512
dbeb0ce1023ba3982d2574f4f9b171169b005d2d07e46c4cb09834aad9d017fcebe56f479a377169f778a0f098d2286847b8e0452034c89fddb2285c3004e603

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_ssl.pyd

Filesize
65KB

MD5
e2b396bb9c74455b78d5bcf790446397

SHA1
de7f2abf7cce4498172a74a5aa5319a4e2ca3a37

SHA256
2b2ad952a4062f523aea700a52a1901b876a3a9884dcea8793d9de0580e104ac

SHA512
20e0f94c40736a2b2a4204fb3327783c1813693b4de5338a9953339d29b21de369ac1174b309706c781ff99a15f112ee0378988d4bbbc0162eac88e3f5535167

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\_tkinter.pyd

Filesize
38KB

MD5
8b7ca11e927c953dfb661902a0307d58

SHA1
f04b9aae5ff070e1034525890f70ec16ad7910fd

SHA256
11d7903bad61e166b4c616c2679b97ff1c9a03688bc90fa9c1187576e8c3771c

SHA512
0cd78e2cd00008834027687097c2b6d6d0f5f80c7f15687e25c1a037ade9f9c7486fb136f3039f810c75d87c2dec9449635a185a8187ea0c280143cc6d126c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\base_library.zip

Filesize
1.3MB

MD5
630153ac2b37b16b8c5b0dbb69a3b9d6

SHA1
f901cd701fe081489b45d18157b4a15c83943d9d

SHA256
ec4e6b8e9f6f1f4b525af72d3a6827807c7a81978cb03db5767028ebea283be2

SHA512
7e3a434c8df80d32e66036d831cbd6661641c0898bd0838a07038b460261bf25b72a626def06d0faa692caf64412ca699b1fa7a848fe9d969756e097cba39e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libcrypto-3.dll

Filesize
1.6MB

MD5
8fed6a2bbb718bb44240a84662c79b53

SHA1
2cd169a573922b3a0e35d0f9f252b55638a16bca

SHA256
f8de79a5dd7eeb4b2a053315ab4c719cd48fe90b0533949f94b6a291e6bc70fd

SHA512
87787593e6a7d0556a4d05f07a276ffdbef551802eb2e4b07104362cb5af0b32bffd911fd9237799e10e0c8685e9e7a7345c3bce2ad966843c269b4c9bd83e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libssl-3.dll

Filesize
222KB

MD5
37c7f14cd439a0c40d496421343f96d5

SHA1
1b6d68159e566f3011087befdcf64f6ee176085c

SHA256
b9c8276a3122cacba65cfa78217fef8a6d4f0204548fcacce66018cb91cb1b2a

SHA512
f446fd4bd351d391006d82198f7f679718a6e17f14ca5400ba23886275ed5363739bfd5bc01ca07cb2af19668dd8ab0b403bcae139d81a245db2b775770953ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\pyexpat.pyd

Filesize
87KB

MD5
c2bcf69fffdbc2eaa663341a3d947937

SHA1
3626eb41c3d5251b0f0f085b78506e4a9ce5c781

SHA256
f5da5a243c6bfc4a643e6915e0790e20cee96bff9cb49b22ff1a56c11a5d66f4

SHA512
9a6f795e0b4f48029f89c5579e6f357274a1b7b86cbf7b5851afad19e154539b30919e9e4f2e39a2ef73dea3e031c8c2996ef13d3ffea9d6b5effb058680c2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\python3.DLL

Filesize
66KB

MD5
6271a2fe61978ca93e60588b6b63deb2

SHA1
be26455750789083865fe91e2b7a1ba1b457efb8

SHA256
a59487ea2c8723277f4579067248836b216a801c2152efb19afee4ac9785d6fb

SHA512
8c32bcb500a94ff47f5ef476ae65d3b677938ebee26e80350f28604aaee20b044a5d55442e94a11ccd9962f34d22610b932ac9d328197cf4d2ffbc7df640efba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\python312.dll

Filesize
1.8MB

MD5
f8a73b023a10c10a060bea2b1134050d

SHA1
58ccd5d0f26bc52f4ea5ba2df035661da7d980b4

SHA256
c905061019b513e576ad98585c71f876c4cebd1da51906c6123980e3b33ab5e2

SHA512
fab9a6be342fcbec07093552d59101ef1f0536c87114297154455ff73afb95de30318fd3d33906fffbaa8f3964aa443a8b386cbc7b586d91f1ca05567db98453

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\select.pyd

Filesize
25KB

MD5
0504532def25e5e222317bd2d4c90646

SHA1
ac5ef465a7cdadbb01a7b2da31abb941bea55273

SHA256
c276ec49fe7b0d938ef574fd7a7709db7b1e9418ba9e18c330c782b8cc73f9a6

SHA512
1a066851f44ce745da3e3a7c6c410063c1256e4a92460840bd4ca6d3a88d9af2e1b455be01d557569a016a402bc76b9ca82a9aaeccea7b5a5d191c4c8fef835a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\sqlite3.dll

Filesize
630KB

MD5
8729ba1336e8bbd2288d0d049b409382

SHA1
c19f78f1127d4c1ed87a5813b8dc6fc4b966ef27

SHA256
5bec8a715c595c1aacaa7b8f36e58c7a80e6c88ba37de3286130dbcedaae6ead

SHA512
7f72e1ee078bc13911848d41d8f0001a2188f091fb2d3cd93a6086eeb6cce6ea8d422228e4e8f8393cbc59fbbbbf04365dddf3e76a4b9cfb526cf72c61b33224

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\tcl86t.dll

Filesize
651KB

MD5
d8d21c45429142d11afa87ac4e4b1844

SHA1
479360a69aed55ea34335f509bd1d06abd0193e1

SHA256
d6f817f67275cd587b1ad39055f4ead3812dc96c14010d834740388c98691d4e

SHA512
af12b41bd148ae5596b376b80a55f084b474fcd82444a0bf46afd3795f9a767b4c69e7452372fd8798ace58ab1d13d971c6c2c0997246d4b094d6d587487c37b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\tk86t.dll

Filesize
624KB

MD5
53d85aaa8044c66f3ff69d618ecfdf47

SHA1
a681e0a044594a66144e0a193599ff68446b8f05

SHA256
b69003b8c2f30ac0486fd383a1d28cbbeec4e156ef3c962f828f90663466c49e

SHA512
84f31734a3b92e374f819a86dcf3a55bd2e124b8e8eab2089d21f7b87b49aba64dbdb4bd9b1d1b395e507fd742969b567985f97b768a2fe684f5e1dc9139c717

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\unicodedata.pyd

Filesize
295KB

MD5
4f30f329d3f4b501febf16f12e376988

SHA1
1fcf01b68df3542543e557bc1124d424c6c0ea01

SHA256
f340150a4bd9170fa7ccfefffdf80d6e2aa16793687c26631d0a59612c6d4fc5

SHA512
1b0638f4cc083893f7724057bb14f4a43724bce11a15012abd833f46bce593023e008610d4e7a0324b6aa495d4394c2ea086eb9409994ca2e6e62914664ff496

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47242\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pb4rhukl.tgg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\Windows.exe

Filesize
888KB

MD5
3248ea8f5109779bc859fad23032069f

SHA1
636f4c1158c9d3effcf8b8a1e3ba175b46239313

SHA256
6c05cb0dfb914bdb8ba19fe4254d18bd7125dafc3e7cf6d3165f26a5cb35ba80

SHA512
e35dbd41589d84c0077ff33894e686a5481ecd0fcdcbf4c6f16b3e2cea9b5f5696a1fdb80cefe3a350ff234e78f9a3521d61a7e0372b9b829052e665b936c580

Download Submit
C:\Users\Admin\AppData\Local\Temp\ging5hkv.rej\svchost.exe

Filesize
229KB

MD5
05d30e13ecc4dc74db881f026506cccb

SHA1
62c17930e9d14e7aa9c312045eb50dbcf1054f8d

SHA256
4a12f44e63643ba60a1b2478eb0bd80b44b260745c5165407cbe4516777a148f

SHA512
3a38d7862d64d0747f180184388abec074c66ab04e52bdef066978a1ed96eeebe6ada23256eb87a4898db7d3c23bd466d75fcb4859aead4a6f0988787ae27d0f

Download Submit
memory/220-31-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-7-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-1-0x0000000000860000-0x0000000001860000-memory.dmp

Filesize
16.0MB

Download
memory/220-2-0x00000000093A0000-0x00000000093F0000-memory.dmp

Filesize
320KB

Download
memory/220-3-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-1348-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-133-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-4-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-5-0x0000000022120000-0x000000002558C000-memory.dmp

Filesize
52.4MB

Download
memory/220-6-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-1246-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-1291-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/220-0-0x00007FFA9F293000-0x00007FFA9F295000-memory.dmp

Filesize
8KB

Download
memory/220-1232-0x00007FFA9F293000-0x00007FFA9F295000-memory.dmp

Filesize
8KB

Download
memory/4088-357-0x00000258E19E0000-0x00000258E1A02000-memory.dmp

Filesize
136KB

Download
memory/4104-1322-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/4104-43-0x000000001BA00000-0x000000001BA3E000-memory.dmp

Filesize
248KB

Download
memory/4104-229-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/4104-186-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/4104-30-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/4104-27-0x0000000000E40000-0x0000000000F26000-memory.dmp

Filesize
920KB

Download
memory/4104-1315-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/4104-32-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/4104-33-0x00007FFA9F290000-0x00007FFA9FD51000-memory.dmp

Filesize
10.8MB

Download
memory/4660-1311-0x00007FFA97950000-0x00007FFA97962000-memory.dmp

Filesize
72KB

Download
memory/4660-1361-0x00007FFA96DC0000-0x00007FFA96DD8000-memory.dmp

Filesize
96KB

Download
memory/4660-1284-0x00007FFAAE240000-0x00007FFAAE24F000-memory.dmp

Filesize
60KB

Download
memory/4660-1287-0x00007FFAA08D0000-0x00007FFAA08E9000-memory.dmp

Filesize
100KB

Download
memory/4660-1288-0x00007FFA98DC0000-0x00007FFA98DD4000-memory.dmp

Filesize
80KB

Download
memory/4660-1289-0x00007FFA98DA0000-0x00007FFA98DB9000-memory.dmp

Filesize
100KB

Download
memory/4660-1292-0x00007FFA97290000-0x00007FFA9735D000-memory.dmp

Filesize
820KB

Download
memory/4660-1293-0x00007FFAA6370000-0x00007FFAA637D000-memory.dmp

Filesize
52KB

Download
memory/4660-1294-0x00007FFA97C30000-0x00007FFA97C57000-memory.dmp

Filesize
156KB

Download
memory/4660-1295-0x00007FFA97170000-0x00007FFA9728B000-memory.dmp

Filesize
1.1MB

Download
memory/4660-1296-0x00007FFA9CA00000-0x00007FFA9CA0B000-memory.dmp

Filesize
44KB

Download
memory/4660-1297-0x00007FFA97E40000-0x00007FFA97E4B000-memory.dmp

Filesize
44KB

Download
memory/4660-1299-0x00007FFA97BF0000-0x00007FFA97BFB000-memory.dmp

Filesize
44KB

Download
memory/4660-1300-0x00007FFA97B00000-0x00007FFA97B0C000-memory.dmp

Filesize
48KB

Download
memory/4660-1301-0x00007FFA97AF0000-0x00007FFA97AFB000-memory.dmp

Filesize
44KB

Download
memory/4660-1302-0x00007FFA97AE0000-0x00007FFA97AEC000-memory.dmp

Filesize
48KB

Download
memory/4660-1303-0x00007FFA97AD0000-0x00007FFA97ADC000-memory.dmp

Filesize
48KB

Download
memory/4660-1304-0x00007FFA97AC0000-0x00007FFA97ACE000-memory.dmp

Filesize
56KB

Download
memory/4660-1305-0x00007FFA97AB0000-0x00007FFA97ABC000-memory.dmp

Filesize
48KB

Download
memory/4660-1306-0x00007FFA97AA0000-0x00007FFA97AAB000-memory.dmp

Filesize
44KB

Download
memory/4660-1307-0x00007FFA97A90000-0x00007FFA97A9B000-memory.dmp

Filesize
44KB

Download
memory/4660-1308-0x00007FFA97A80000-0x00007FFA97A8C000-memory.dmp

Filesize
48KB

Download
memory/4660-1309-0x00007FFA97A70000-0x00007FFA97A7C000-memory.dmp

Filesize
48KB

Download
memory/4660-1310-0x00007FFA97970000-0x00007FFA9797D000-memory.dmp

Filesize
52KB

Download
memory/4660-1312-0x00007FFA97940000-0x00007FFA9794C000-memory.dmp

Filesize
48KB

Download
memory/4660-1314-0x00007FFA97C60000-0x00007FFA97C93000-memory.dmp

Filesize
204KB

Download
memory/4660-1313-0x00007FFA970A0000-0x00007FFA970C2000-memory.dmp

Filesize
136KB

Download
memory/4660-1298-0x00007FFA97E30000-0x00007FFA97E3C000-memory.dmp

Filesize
48KB

Download
memory/4660-1290-0x00007FFAA8450000-0x00007FFAA845D000-memory.dmp

Filesize
52KB

Download
memory/4660-1286-0x00007FFA91D00000-0x00007FFA92229000-memory.dmp

Filesize
5.2MB

Download
memory/4660-1320-0x00007FFA97150000-0x00007FFA97164000-memory.dmp

Filesize
80KB

Download
memory/4660-1319-0x00007FFA97900000-0x00007FFA97912000-memory.dmp

Filesize
72KB

Download
memory/4660-1318-0x00007FFA97920000-0x00007FFA97936000-memory.dmp

Filesize
88KB

Download
memory/4660-1317-0x00007FFAA5C30000-0x00007FFAA5C3D000-memory.dmp

Filesize
52KB

Download
memory/4660-1316-0x00007FFAA6340000-0x00007FFAA634B000-memory.dmp

Filesize
44KB

Download
memory/4660-1285-0x00007FFA98DE0000-0x00007FFA98E0D000-memory.dmp

Filesize
180KB

Download
memory/4660-1233-0x00007FFA93DA0000-0x00007FFA94479000-memory.dmp

Filesize
6.8MB

Download
memory/4660-1502-0x00007FFA98DA0000-0x00007FFA98DB9000-memory.dmp

Filesize
100KB

Download
memory/4660-1501-0x00007FFA91D00000-0x00007FFA92229000-memory.dmp

Filesize
5.2MB

Download
memory/4660-1350-0x00007FFA97080000-0x00007FFA9709E000-memory.dmp

Filesize
120KB

Download
memory/4660-1354-0x00007FFA97040000-0x00007FFA97079000-memory.dmp

Filesize
228KB

Download
memory/4660-1353-0x00007FFA96CF0000-0x00007FFA96D4D000-memory.dmp

Filesize
372KB

Download
memory/4660-1352-0x00007FFA97F20000-0x00007FFA97F6A000-memory.dmp

Filesize
296KB

Download
memory/4660-1351-0x00007FFA989A0000-0x00007FFA989B9000-memory.dmp

Filesize
100KB

Download
memory/4660-1349-0x00007FFA97F00000-0x00007FFA97F11000-memory.dmp

Filesize
68KB

Download
memory/4660-1495-0x00007FFA93DA0000-0x00007FFA94479000-memory.dmp

Filesize
6.8MB

Download
memory/4660-1358-0x00007FFA936C0000-0x00007FFA93836000-memory.dmp

Filesize
1.5MB

Download
memory/4660-1357-0x00007FFA96C60000-0x00007FFA96C84000-memory.dmp

Filesize
144KB

Download
memory/4660-1356-0x00007FFA96C90000-0x00007FFA96CBE000-memory.dmp

Filesize
184KB

Download
memory/4660-1355-0x00007FFA96CC0000-0x00007FFA96CE9000-memory.dmp

Filesize
164KB

Download
memory/4660-1347-0x00007FFA9C6A0000-0x00007FFA9C6B7000-memory.dmp

Filesize
92KB

Download
memory/4660-1283-0x00007FFA98E10000-0x00007FFA98E35000-memory.dmp

Filesize
148KB

Download
memory/4660-1369-0x00007FFA93DA0000-0x00007FFA94479000-memory.dmp

Filesize
6.8MB

Download
memory/4660-1387-0x00007FFA98E10000-0x00007FFA98E35000-memory.dmp

Filesize
148KB

Download
memory/4660-1386-0x00007FFA978F0000-0x00007FFA978FB000-memory.dmp

Filesize
44KB

Download
memory/4660-1385-0x00007FFA925A0000-0x00007FFA925AC000-memory.dmp

Filesize
48KB

Download
memory/4660-1384-0x00007FFA925B0000-0x00007FFA925C2000-memory.dmp

Filesize
72KB

Download
memory/4660-1383-0x00007FFA925D0000-0x00007FFA925DD000-memory.dmp

Filesize
52KB

Download
memory/4660-1382-0x00007FFA96750000-0x00007FFA9675C000-memory.dmp

Filesize
48KB

Download
memory/4660-1381-0x00007FFA96760000-0x00007FFA9676C000-memory.dmp

Filesize
48KB

Download
memory/4660-1388-0x00007FFA91C30000-0x00007FFA91C65000-memory.dmp

Filesize
212KB

Download
memory/4660-1380-0x00007FFA96770000-0x00007FFA9677B000-memory.dmp

Filesize
44KB

Download
memory/4660-1379-0x00007FFA96780000-0x00007FFA9678B000-memory.dmp

Filesize
44KB

Download
memory/4660-1378-0x00007FFA968D0000-0x00007FFA968DC000-memory.dmp

Filesize
48KB

Download
memory/4660-1377-0x00007FFA96A50000-0x00007FFA96A5E000-memory.dmp

Filesize
56KB

Download
memory/4660-1376-0x00007FFA96A60000-0x00007FFA96A6C000-memory.dmp

Filesize
48KB

Download
memory/4660-1375-0x00007FFA96A70000-0x00007FFA96A7C000-memory.dmp

Filesize
48KB

Download
memory/4660-1374-0x00007FFA96A80000-0x00007FFA96A8B000-memory.dmp

Filesize
44KB

Download
memory/4660-1373-0x00007FFA96A90000-0x00007FFA96A9C000-memory.dmp

Filesize
48KB

Download
memory/4660-1372-0x00007FFA96D60000-0x00007FFA96D6B000-memory.dmp

Filesize
44KB

Download
memory/4660-1371-0x00007FFA97030000-0x00007FFA9703C000-memory.dmp

Filesize
48KB

Download
memory/4660-1370-0x00007FFA97EF0000-0x00007FFA97EFB000-memory.dmp

Filesize
44KB

Download
memory/4660-1496-0x00007FFA98E10000-0x00007FFA98E35000-memory.dmp

Filesize
148KB

Download
memory/4660-1499-0x00007FFA98DE0000-0x00007FFA98E0D000-memory.dmp

Filesize
180KB

Download
memory/4660-1532-0x00007FFA9C6A0000-0x00007FFA9C6B7000-memory.dmp

Filesize
92KB

Download
memory/4660-1531-0x00007FFA970A0000-0x00007FFA970C2000-memory.dmp

Filesize
136KB

Download
memory/4660-1530-0x00007FFA97150000-0x00007FFA97164000-memory.dmp

Filesize
80KB

Download
memory/4660-1529-0x00007FFA97900000-0x00007FFA97912000-memory.dmp

Filesize
72KB

Download
memory/4660-1528-0x00007FFA97920000-0x00007FFA97936000-memory.dmp

Filesize
88KB

Download
memory/4660-1527-0x00007FFA97940000-0x00007FFA9794C000-memory.dmp

Filesize
48KB

Download
memory/4660-1526-0x00007FFA97950000-0x00007FFA97962000-memory.dmp

Filesize
72KB

Download
memory/4660-1525-0x00007FFA97970000-0x00007FFA9797D000-memory.dmp

Filesize
52KB

Download
memory/4660-1524-0x00007FFA97A70000-0x00007FFA97A7C000-memory.dmp

Filesize
48KB

Download
memory/4660-1523-0x00007FFA97A80000-0x00007FFA97A8C000-memory.dmp

Filesize
48KB

Download
memory/4660-1522-0x00007FFA97A90000-0x00007FFA97A9B000-memory.dmp

Filesize
44KB

Download
memory/4660-1521-0x00007FFA97AA0000-0x00007FFA97AAB000-memory.dmp

Filesize
44KB

Download
memory/4660-1520-0x00007FFA97AB0000-0x00007FFA97ABC000-memory.dmp

Filesize
48KB

Download
memory/4660-1519-0x00007FFA97AC0000-0x00007FFA97ACE000-memory.dmp

Filesize
56KB

Download
memory/4660-1518-0x00007FFA97AD0000-0x00007FFA97ADC000-memory.dmp

Filesize
48KB

Download
memory/4660-1517-0x00007FFA97AE0000-0x00007FFA97AEC000-memory.dmp

Filesize
48KB

Download
memory/4660-1516-0x00007FFA97AF0000-0x00007FFA97AFB000-memory.dmp

Filesize
44KB

Download
memory/4660-1515-0x00007FFA97B00000-0x00007FFA97B0C000-memory.dmp

Filesize
48KB

Download
memory/4660-1514-0x00007FFA97BF0000-0x00007FFA97BFB000-memory.dmp

Filesize
44KB

Download
memory/4660-1513-0x00007FFA97E30000-0x00007FFA97E3C000-memory.dmp

Filesize
48KB

Download
memory/4660-1512-0x00007FFA97E40000-0x00007FFA97E4B000-memory.dmp

Filesize
44KB

Download
memory/4660-1511-0x00007FFA9CA00000-0x00007FFA9CA0B000-memory.dmp

Filesize
44KB

Download
memory/4660-1509-0x00007FFA97170000-0x00007FFA9728B000-memory.dmp

Filesize
1.1MB

Download
memory/4660-1508-0x00007FFA97C30000-0x00007FFA97C57000-memory.dmp

Filesize
156KB

Download
memory/4660-1506-0x00007FFAA6370000-0x00007FFAA637D000-memory.dmp

Filesize
52KB

Download
memory/4660-1505-0x00007FFA97290000-0x00007FFA9735D000-memory.dmp

Filesize
820KB

Download
memory/4660-1497-0x00007FFAAE240000-0x00007FFAAE24F000-memory.dmp

Filesize
60KB

Download
memory/4692-84-0x000001DCDCC30000-0x000001DCDCC70000-memory.dmp

Filesize
256KB

Download
memory/4692-1325-0x000001DCF8720000-0x000001DCF873E000-memory.dmp

Filesize
120KB

Download
memory/4692-1324-0x000001DCF8600000-0x000001DCF8676000-memory.dmp

Filesize
472KB

Download