5647b77efb32d2aa156141f4b19f4c430d171ec8b5a41f68c7bcb38802786f20

Analysis

max time kernel
143s
max time network
139s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-01-2025 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Patch.exe
Size

81.1MB
MD5

28f92c8109c23a1d2518b8d307596692
SHA1

e8303bd61ce03b039e8393f50c49aeccbaa61f05
SHA256

5647b77efb32d2aa156141f4b19f4c430d171ec8b5a41f68c7bcb38802786f20
SHA512

39ed46f4d0e28853079c3bd8d21dadf3c6a16ad8bc1937ead29280512a4cfe871485f8e10f7e25170ca65c164f88f5be14569bd31e36b3c21f47695afbb51c9f
SSDEEP

1572864:YvxZQgldWjRnIZSk8IpG7V+VPhqFiE7jblgwviYgj+h58sMwRTZDK:YvxZxzCnIZSkB05awFTewR5p

Score

9^/10

defense_evasion discovery execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 2 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	Patch.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Patch.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2452	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3776	attrib.exe

Executes dropped EXE 1 IoCs

pid	Process
4076	Patch.exe

Loads dropped DLL 64 IoCs

pid	Process
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Patch = "C:\\Users\\Admin\\Patch\\Patch.exe"	Patch.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x002000000004675f-1304.dat	upx
behavioral1/memory/4748-1308-0x00007FF9E18C0000-0x00007FF9E1EA8000-memory.dmp	upx
behavioral1/files/0x002000000004670b-1315.dat	upx
behavioral1/memory/4748-1316-0x00007FF9F13D0000-0x00007FF9F13F4000-memory.dmp	upx
behavioral1/memory/4748-1318-0x00007FF9FA000000-0x00007FF9FA00F000-memory.dmp	upx
behavioral1/files/0x00280000000462f0-1314.dat	upx
behavioral1/files/0x00280000000462ee-1319.dat	upx
behavioral1/memory/4748-1321-0x00007FF9F13B0000-0x00007FF9F13C9000-memory.dmp	upx
behavioral1/files/0x00280000000462f4-1322.dat	upx
behavioral1/memory/4748-1324-0x00007FF9F0A60000-0x00007FF9F0A8D000-memory.dmp	upx
behavioral1/files/0x002000000004670e-1370.dat	upx
behavioral1/files/0x002000000004670d-1369.dat	upx
behavioral1/files/0x002000000004670c-1368.dat	upx
behavioral1/files/0x002000000004670a-1367.dat	upx
behavioral1/files/0x0020000000046702-1366.dat	upx
behavioral1/memory/4748-1371-0x00007FF9F0730000-0x00007FF9F0744000-memory.dmp	upx
behavioral1/memory/4748-1372-0x00007FF9E1540000-0x00007FF9E18B5000-memory.dmp	upx
behavioral1/memory/4748-1373-0x00007FF9F03D0000-0x00007FF9F03E9000-memory.dmp	upx
behavioral1/memory/4748-1374-0x00007FF9F5820000-0x00007FF9F582D000-memory.dmp	upx
behavioral1/memory/4748-1376-0x00007FF9E18C0000-0x00007FF9E1EA8000-memory.dmp	upx
behavioral1/memory/4748-1377-0x00007FF9E2BE0000-0x00007FF9E2C98000-memory.dmp	upx
behavioral1/memory/4748-1375-0x00007FF9F0340000-0x00007FF9F036E000-memory.dmp	upx
behavioral1/memory/4748-1379-0x00007FF9F5500000-0x00007FF9F550D000-memory.dmp	upx
behavioral1/memory/4748-1380-0x00007FF9F5420000-0x00007FF9F542B000-memory.dmp	upx
behavioral1/memory/4748-1378-0x00007FF9F13D0000-0x00007FF9F13F4000-memory.dmp	upx
behavioral1/memory/4748-1381-0x00007FF9E8750000-0x00007FF9E8776000-memory.dmp	upx
behavioral1/memory/4748-1383-0x00007FF9E2740000-0x00007FF9E285C000-memory.dmp	upx
behavioral1/memory/4748-1382-0x00007FF9F0A60000-0x00007FF9F0A8D000-memory.dmp	upx
behavioral1/memory/4748-1384-0x00007FF9F0730000-0x00007FF9F0744000-memory.dmp	upx
behavioral1/memory/4748-1385-0x00007FF9E8710000-0x00007FF9E8747000-memory.dmp	upx
behavioral1/memory/4748-1395-0x00007FF9F0340000-0x00007FF9F036E000-memory.dmp	upx
behavioral1/memory/4748-1394-0x00007FF9F03B0000-0x00007FF9F03BC000-memory.dmp	upx
behavioral1/memory/4748-1393-0x00007FF9F03D0000-0x00007FF9F03E9000-memory.dmp	upx
behavioral1/memory/4748-1392-0x00007FF9F0720000-0x00007FF9F072B000-memory.dmp	upx
behavioral1/memory/4748-1391-0x00007FF9F03C0000-0x00007FF9F03CB000-memory.dmp	upx
behavioral1/memory/4748-1390-0x00007FF9F0710000-0x00007FF9F071C000-memory.dmp	upx
behavioral1/memory/4748-1389-0x00007FF9F0C30000-0x00007FF9F0C3C000-memory.dmp	upx
behavioral1/memory/4748-1388-0x00007FF9F0D40000-0x00007FF9F0D4B000-memory.dmp	upx
behavioral1/memory/4748-1387-0x00007FF9F12F0000-0x00007FF9F12FB000-memory.dmp	upx
behavioral1/memory/4748-1386-0x00007FF9E1540000-0x00007FF9E18B5000-memory.dmp	upx
behavioral1/memory/4748-1401-0x00007FF9E8110000-0x00007FF9E811B000-memory.dmp	upx
behavioral1/memory/4748-1400-0x00007FF9E2BE0000-0x00007FF9E2C98000-memory.dmp	upx
behavioral1/memory/4748-1399-0x00007FF9E8700000-0x00007FF9E870B000-memory.dmp	upx
behavioral1/memory/4748-1398-0x00007FF9EA6E0000-0x00007FF9EA6EC000-memory.dmp	upx
behavioral1/memory/4748-1397-0x00007FF9F02D0000-0x00007FF9F02DE000-memory.dmp	upx
behavioral1/memory/4748-1396-0x00007FF9F0380000-0x00007FF9F038C000-memory.dmp	upx
behavioral1/memory/4748-1402-0x00007FF9E8100000-0x00007FF9E810C000-memory.dmp	upx
behavioral1/memory/4748-1404-0x00007FF9E80F0000-0x00007FF9E80FC000-memory.dmp	upx
behavioral1/memory/4748-1403-0x00007FF9E8750000-0x00007FF9E8776000-memory.dmp	upx
behavioral1/memory/4748-1409-0x00007FF9E8710000-0x00007FF9E8747000-memory.dmp	upx
behavioral1/memory/4748-1408-0x00007FF9E80B0000-0x00007FF9E80BC000-memory.dmp	upx
behavioral1/memory/4748-1407-0x00007FF9E7B50000-0x00007FF9E7B62000-memory.dmp	upx
behavioral1/memory/4748-1406-0x00007FF9E80E0000-0x00007FF9E80ED000-memory.dmp	upx
behavioral1/memory/4748-1405-0x00007FF9E2740000-0x00007FF9E285C000-memory.dmp	upx
behavioral1/memory/4748-1410-0x00007FF9E3840000-0x00007FF9E3855000-memory.dmp	upx
behavioral1/memory/4748-1411-0x00007FF9E3820000-0x00007FF9E3832000-memory.dmp	upx
behavioral1/memory/4748-1413-0x00007FF9E2720000-0x00007FF9E2734000-memory.dmp	upx
behavioral1/memory/4748-1412-0x00007FF9F03B0000-0x00007FF9F03BC000-memory.dmp	upx
behavioral1/memory/4748-1414-0x00007FF9E2700000-0x00007FF9E2717000-memory.dmp	upx
behavioral1/memory/4748-1415-0x00007FF9E8110000-0x00007FF9E811B000-memory.dmp	upx
behavioral1/memory/4748-1416-0x00007FF9E26D0000-0x00007FF9E26F2000-memory.dmp	upx
behavioral1/memory/4748-1417-0x00007FF9E26B0000-0x00007FF9E26C6000-memory.dmp	upx
behavioral1/memory/4748-1419-0x00007FF9E2690000-0x00007FF9E26A9000-memory.dmp	upx
behavioral1/memory/4748-1418-0x00007FF9E8100000-0x00007FF9E810C000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
8032	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823328355290144"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
4748	Patch.exe
2452	powershell.exe
2452	powershell.exe
6944	chrome.exe
6944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeDebugPrivilege	4748	Patch.exe
Token: SeDebugPrivilege	2452	powershell.exe
Token: SeIncreaseQuotaPrivilege	2452	powershell.exe
Token: SeSecurityPrivilege	2452	powershell.exe
Token: SeTakeOwnershipPrivilege	2452	powershell.exe
Token: SeLoadDriverPrivilege	2452	powershell.exe
Token: SeSystemProfilePrivilege	2452	powershell.exe
Token: SeSystemtimePrivilege	2452	powershell.exe
Token: SeProfSingleProcessPrivilege	2452	powershell.exe
Token: SeIncBasePriorityPrivilege	2452	powershell.exe
Token: SeCreatePagefilePrivilege	2452	powershell.exe
Token: SeBackupPrivilege	2452	powershell.exe
Token: SeRestorePrivilege	2452	powershell.exe
Token: SeShutdownPrivilege	2452	powershell.exe
Token: SeDebugPrivilege	2452	powershell.exe
Token: SeSystemEnvironmentPrivilege	2452	powershell.exe
Token: SeRemoteShutdownPrivilege	2452	powershell.exe
Token: SeUndockPrivilege	2452	powershell.exe
Token: SeManageVolumePrivilege	2452	powershell.exe
Token: 33	2452	powershell.exe
Token: 34	2452	powershell.exe
Token: 35	2452	powershell.exe
Token: 36	2452	powershell.exe
Token: SeDebugPrivilege	8032	taskkill.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe
Token: SeShutdownPrivilege	6944	chrome.exe
Token: SeCreatePagefilePrivilege	6944	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe
6944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4748	3324	Patch.exe	85
PID 3324 wrote to memory of 4748	3324	Patch.exe	85
PID 4748 wrote to memory of 2408	4748	Patch.exe	88
PID 4748 wrote to memory of 2408	4748	Patch.exe	88
PID 4748 wrote to memory of 2452	4748	Patch.exe	93
PID 4748 wrote to memory of 2452	4748	Patch.exe	93
PID 4748 wrote to memory of 3296	4748	Patch.exe	96
PID 4748 wrote to memory of 3296	4748	Patch.exe	96
PID 3296 wrote to memory of 3776	3296	cmd.exe	98
PID 3296 wrote to memory of 3776	3296	cmd.exe	98
PID 3296 wrote to memory of 4076	3296	cmd.exe	100
PID 3296 wrote to memory of 4076	3296	cmd.exe	100
PID 3296 wrote to memory of 8032	3296	cmd.exe	101
PID 3296 wrote to memory of 8032	3296	cmd.exe	101
PID 6944 wrote to memory of 6872	6944	chrome.exe	107
PID 6944 wrote to memory of 6872	6944	chrome.exe	107
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6676	6944	chrome.exe	108
PID 6944 wrote to memory of 6636	6944	chrome.exe	109
PID 6944 wrote to memory of 6636	6944	chrome.exe	109
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110
PID 6944 wrote to memory of 6596	6944	chrome.exe	110

Views/modifies file attributes 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3776	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Patch.exe
"C:\Users\Admin\AppData\Local\Temp\Patch.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Users\Admin\AppData\Local\Temp\Patch.exe
  "C:\Users\Admin\AppData\Local\Temp\Patch.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2408
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Patch\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\Patch\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3296
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:3776
  - - C:\Users\Admin\Patch\Patch.exe
      "Patch.exe"
      4⤵
      Executes dropped EXE
      PID:4076
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "Patch.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:8032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x480
1⤵
PID:504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff9e19ecc40,0x7ff9e19ecc4c,0x7ff9e19ecc58
  2⤵
  PID:6872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1560,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:6636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3888,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,11205013799607499165,6728545754807360744,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1180

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6264

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3ebf10a19c55b74cceb8c3267c4ab84b

SHA1
3a49ff4d85fedd1560e40f5de2d4f12ebb73863a

SHA256
17bd8429acd663b09cd8ea9de108269f6d4c60812f407026dcb8700f8258382d

SHA512
16a6cf8f16467b1440c3f5cfda682e238b4578f6177225ae4c9d7e84a943a9e60d55d60f238f36681c977ef9162421da555ebb36edef307db7c40bfb99f713f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ae1451b3e9d0d3f1abbfa85931fa042a

SHA1
1373954f41d2c3a3141d99e7c43313a714a688a0

SHA256
21a5e727561475c45e9fb2e3dc2bc11e190cfade21f1541f8c43753a69ff054a

SHA512
93e58341eb385c88efb55587a20e1d80692f5b007928d2a9685776472771fd5f088ad9c1abe23dad6c488e5a9b7412adc21afafe514e09af7a893df8b5acd57e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
50ac5c09113c9cc6aa87c7c227c8c3f3

SHA1
c1e02db81d35ac004de54e30939965722d2d2628

SHA256
9074a103c1ec8869c3f25d389d23d5c6de99a6f2db26dd977470c02c65abfacc

SHA512
454daa00499acf5e7d5c3608d7a7bc4ee1712b38e7d3957b03e07882f210b6349bcaa98898dded0b2f6d44d0e3d32bd152d0ca325ff6ee1c722e0b4d1a8a5115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
518cd120a9dab2eccb2934bad14899a9

SHA1
b14397d2cdac4d54f1ca47c6b648793cb42854f0

SHA256
ee84cb31a8c27c2b350a73796e028b7d2630a1b85c4e0fed7a8a375aaff36a2a

SHA512
981743a5c31ce2cc92fc2928ded5b2451253cbd68b97b52049f3bd8bfb379bede0a67b7e29eb73d0443da2a462c22fb993f3f3489b5d5ac414803fbd07e89bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a41f467cd8bd5e07cb0d9e3c5dbc71bf

SHA1
3ec827f527de580b058640db39303fdd3ff6a4db

SHA256
9b034cd7e2877d01657c732242adec8d3b74fb683e30b757c0874a9faca7878c

SHA512
9db485cce56b63379469e5b2d0b93ac65082d1ff8685375b316e8bab0617bf7e1ee027d65bf7565f6d6e2a780d9c1539cf5df5b28d18ca78696465a4b170aa6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
643c7fd61a89a1f5f27c1e968d5201a6

SHA1
90a53f3b5ab4d8ffac1feeed5bff86282e60bb83

SHA256
524685bd132c90ded8184b307582e7ef3ce581084cd74bb605d6cd34f1229efd

SHA512
cc9c978549548860b3b05cbc1299f52f67b325109948a410322e35dfff0255a527dff0c463219e8b5e72b96edd5a179323375eb3b95173382ffda61f9c4f5f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
8358620f8b98ed24d7b5f11f788d624b

SHA1
ff3565a83d4ca8b3f38903d9045a511dc7cfc549

SHA256
98588ad133767214020ddd6836db1e6323f76c70d9b8ef22323d4e336aa448c0

SHA512
148f197cf365c0dfe0fda07ed7e88152cb662e64c64b209a3742c561b80171514b3916763bcc20b37c9b0bf651d4579941e499fac938891e11e2a9e5217c7071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
d395fbbc3dc21b9edb2b387864d0d9f8

SHA1
206efdc86aec68ebff75a41d95d0592ffc81be37

SHA256
2691ddc44c0362a50190cc936e4355468c9ff6db983b3e2425008edbd61067f6

SHA512
575bab18ab5c68798d8910cc4e497fd335e9f8df9e51ae9d329026fddea112c913954253b1ad7d7498e2ef8af74455ff8f49733a3537c006640f850a820fb10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\_bz2.pyd

Filesize
46KB

MD5
0c13627f114f346604b0e8cbc03baf29

SHA1
bf77611d924df2c80aabcc3f70520d78408587a2

SHA256
df1e666b55aae6ede59ef672d173bd0d64ef3e824a64918e081082b8626a5861

SHA512
c97fa0f0988581eae5194bd6111c1d9c0e5b1411bab47df5aa7c39aad69bfbeca383514d6aaa45439bb46eacf6552d7b7ed08876b5e6864c8507eaa0a72d4334

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\_ctypes.pyd

Filesize
57KB

MD5
38fb83bd4febed211bd25e19e1cae555

SHA1
4541df6b69d0d52687edb12a878ae2cd44f82db6

SHA256
cd31af70cbcfe81b01a75ebeb2de86079f4cbe767b75c3b5799ef8b9f0392d65

SHA512
f703b231b675c45accb1f05cd34319b5b3b7583d85bf2d54194f9e7c704fbcd82ef2a2cd286e6a50234f02c43616fbeccfd635aefd73424c1834f5dca52c0931

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\_lzma.pyd

Filesize
84KB

MD5
8d9e1bb65a192c8446155a723c23d4c5

SHA1
ea02b1bf175b7ef89ba092720b3daa0c11bef0f0

SHA256
1549fe64b710818950aa9bf45d43fe278ce59f3b87b3497d2106ff793efa6cf7

SHA512
4d67306fe8334f772fe9d463cb4f874a8b56d1a4ad3825cff53cae4e22fa3e1adba982f4ea24785312b73d84a52d224dfb4577c1132613aa3ae050a990e4abdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-console-l1-1-0.dll

Filesize
13KB

MD5
71405f0ba5d7da5a5f915f33667786de

SHA1
bb5cdf9c12fe500251cf98f0970a47b78c2f8b52

SHA256
0099f17128d1551a47cbd39ce702d4acc4b49be1bb1cfe974fe5a42da01d88eb

SHA512
b2c6438541c4fa7af3f8a9606f64eeef5d77ddbc0689e7501074bb72b7cc907a8461a75089e5b70b881bc3b1be009888ff25ea866faaf1c49dd521027041295a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-datetime-l1-1-0.dll

Filesize
12KB

MD5
a17d27e01478c17b88794fd0f79782fc

SHA1
2b8393e7b37fb990be2cdc82803ca49b4cef8546

SHA256
ac227773908836d54c8fc06c4b115f3bdfc82e4d63c7f84e1f8e6e70cd066339

SHA512
ddc6dda49d588f22c934026f55914b31e53079e044dec7b4f1409668dbfe8885b887cc64a411d44f83bc670ac8a8b6d3ad030d4774ef7bf522f1d3bc00e07485

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-debug-l1-1-0.dll

Filesize
12KB

MD5
e485c1c5f33ad10eec96e2cdbddff3c7

SHA1
31f6ba9beca535f2fb7ffb755b7c5c87ac8d226c

SHA256
c734022b165b3ba6f8e28670c4190a65c66ec7ecc961811a6bdcd9c7745cac20

SHA512
599036d8fa2e916491bedb5bb49b94458a09dddd2908cf770e94bb0059730598ec5a9b0507e6a21209e2dcae4d74027313df87c9ab51fad66b1d07903bae0b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
12KB

MD5
0ffb34c0c2cdec47e063c5e0c96b9c3f

SHA1
9716643f727149b953f64b3e1eb6a9f2013eac9c

SHA256
863a07d702717cf818a842af0b4e1dfd6e723f712e49bf8c3af3589434a0ae80

SHA512
4311d582856d9c3cac2cdc6a9da2137df913bcf69041015fd272c2780f6ab850895deb69279a076376a2e6401c907cb23a3052960478a6cf4b566a20cce61bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-file-l1-1-0.dll

Filesize
16KB

MD5
792c2b83bc4e0272785aa4f5f252ff07

SHA1
6868b82df48e2315e6235989185c8e13d039a87b

SHA256
d26d433f86223b10ccc55837c3e587fa374cd81efc24b6959435a6770addbf24

SHA512
72c99cff7fd5a762524e19abee5729dc8857f3ee3c8f78587625ec74f2ad96af7dee03aba54b441cda44b04721706bed70f3ad88453a341cbb51aac9afd9559e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-file-l1-2-0.dll

Filesize
12KB

MD5
49e3260ae3f973608f4d4701eb97eb95

SHA1
097e7d56c3514a3c7dc17a9c54a8782c6d6c0a27

SHA256
476fbad616e20312efc943927ade1a830438a6bebb1dd1f83d2370e5343ea7af

SHA512
df22cf16490faa0dc809129ca32eaf1a16ec665f9c5411503ce0153270de038e5d3be1e0e49879a67043a688f6c42bdb5a9a6b3cea43bf533eba087e999be653

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-file-l2-1-0.dll

Filesize
12KB

MD5
7f14fd0436c066a8b40e66386ceb55d0

SHA1
288c020fb12a4d8c65ed22a364b5eb8f4126a958

SHA256
c78eab8e057bddd55f998e72d8fdf5b53d9e9c8f67c8b404258e198eb2cdcf24

SHA512
d04adc52ee0ceed4131eb1d133bfe9a66cbc0f88900270b596116064480afe6ae6ca42feb0eaed54cb141987f2d7716bb2dae947a025014d05d7aa0b0821dc50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-handle-l1-1-0.dll

Filesize
12KB

MD5
10f0c22c19d5bee226845cd4380b4791

SHA1
1e976a8256508452c59310ca5987db3027545f3d

SHA256
154ef0bf9b9b9daa08101e090aa9716f0fa25464c4ef5f49bc642619c7c16f0e

SHA512
3a5d3dc6448f65e1613e1a92e74f0934dd849433ceca593e7f974310cd96bf6ad6ccc3b0cb96bdb2dcc35514bc142c48cb1fd20fee0d8fa236999ad155fc518b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-heap-l1-1-0.dll

Filesize
13KB

MD5
405038fb22cd8f725c2867c9b4345b65

SHA1
385f0eb610fce082b56a90f1b10346c37c19d485

SHA256
1c1b88d403e2cde510741a840afa445603f76e542391547e6e4cc48958c02076

SHA512
b52752ac5d907dc442ec7c318998fd54ad9ad659bde4350493fe5ca95286ecefcbbbf82d718d4bf4e813b4d20a62cd1f7ba11ee7c68c49ec39307b7746968d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
12KB

MD5
aff9165cff0fb1e49c64b9e1eaefdd86

SHA1
cdef56ab5734d10a08bc373c843abc144fe782cb

SHA256
159ecb50f14e3c247faec480a3e6e0cf498ec13039c988f962280187cee1391d

SHA512
64ddf8965defaf5e5ae336d37bdb3868538638bad927e2e76e06ace51a2bca60aefaab18c300bb7e705f470a937ad978edd0338091ad6bcc45564c41071eeb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
13KB

MD5
4334f1a7b180998473dc828d9a31e736

SHA1
4c0c14b5c52ab5cf43a170364c4eb20afc9b5dd4

SHA256
820e3acd26ad7a6177e732019492b33342bc9200fc3c0af812ebd41fb4f376cb

SHA512
7f2a12f9d41f3c55c4aff2c75eb6f327d9434269ebff3fbcc706d4961da10530c069720e81b1573faf919411f929304e4aaf2159205cf9a434b8833eea867aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
71457fd15de9e0b3ad83b4656cad2870

SHA1
c9c2caf4f9e87d32a93a52508561b4595617f09f

SHA256
db970725b36cc78ef2e756ff4b42db7b5b771bfd9d106486322cf037115bd911

SHA512
a10fcf1d7637effff0ae3e3b4291d54cc7444d985491e82b3f4e559fbb0dbb3b6231a8c689ff240a5036a7acae47421cda58aaa6938374d4b84893cce0077bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-memory-l1-1-0.dll

Filesize
13KB

MD5
d39fbbeac429109849ec7e0dc1ec6b90

SHA1
2825c7aba7f3e88f7b3d3bc651bbc4772bb44ad0

SHA256
aeec3d48068137870e6e40bad9c9f38377aa06c6ea1ac288e9e02af9e8c28e6b

SHA512
b4197a4d19535e20ed2aff4f83aced44e56abbb99ce64e2f257d7f9b13882cbdb16d8d864f4923499241b8f7d504d78ff93f22b95f7b02996b15bb3da1a0ef42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
12KB

MD5
0e5cd808e9f407e75f98bbb602a8df48

SHA1
285e1295a1cf91ef2306be5392190d8217b7a331

SHA256
1846947c10b57876239d8cb74923902454f50b347385277f5313d2a6a4e05a96

SHA512
7d8e35cabe7c3b963e6031cd73dc5ad5edf8b227df735888b28d8efb5744b531f0c84130e47624e4fea8ef700eabde20a4e2290a1688a6acffb6a09ca20d7085

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
13KB

MD5
cc52cd91b1cbd20725080f1a5c215fcc

SHA1
2ce6a32a5bd6fa9096352d3d73e7b19b98e0cc49

SHA256
990dc7898fd7b442d50bc88fec624290d69f96030a1256385391b05658952508

SHA512
d262f62adde8a3d265650a4b56c866bdd2b660001fb2ca679d48ee389254e9ffa6ce9d69f2aaa619d22a155a5523dce5f7cfdd7638c0e9df1fe524b09520d5a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
14KB

MD5
2dd711ea0f97cb7c5ab98ae6f57b9439

SHA1
cba11e3eebe7b3d007eb16362785f5d1d1251acd

SHA256
a958fd20c06c90112e9e720047d84531b2bd0c77174660dc7e1f093a2ed3cc68

SHA512
d8d39ca07fdfed6a4e5686eae766022941c19bfbceb5972edd109b453fd130b627e3e2880f8580a8a41601493d0c800e64a76e8590070aa13c1abd550bd1a1ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
e93816c04327730d41224e7a1ba6dc51

SHA1
3f83b9fc6291146e58afce5b5447cd6d2f32f749

SHA256
ca06ccf12927ca52d8827b3a36b23b6389c4c6d4706345e2d70b895b79ff2ec8

SHA512
beaab5a12bfc4498cdf67d8b560ef0b0e2451c5f4634b6c5780a857666fd14f8a379f42e38be1beefa1c3578b2df913d901b271719ac6794bfaab0731bb77bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-profile-l1-1-0.dll

Filesize
12KB

MD5
051847e7aa7a40a1b081ff4b79410b5b

SHA1
4ca24e1da7c5bb0f2e9f5f8ce98be744ea38309e

SHA256
752542f72af04b3837939f0113bfcb99858e86698998398b6cd0e4e5c3182fd5

SHA512
1bfb96d15df1cd3dcefc933aeca3ce59bef90e4575a66eaab92386f8e93652906626308886dd9b82c0863d1544331bbf99be8e781fa71d8c4c1f5fff294056dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
13KB

MD5
2aa1f0c20dfb4586b28faf2aa16b7b00

SHA1
3c4e9c8fca6f24891430a29b155876a41f91f937

SHA256
d2c9ee6b1698dfe99465af4b7358a2f4c199c907a6001110edbea2d71b63cd3f

SHA512
ae05338075972e258bcf1465e444c0a267ad6f03fbb499f653d9d63422a59ac28f2cb83ec25f1181699e59ecbaac33996883e0b998cbade1cc011bc166d126d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-string-l1-1-0.dll

Filesize
12KB

MD5
6e5da9819bd53dcb55abde1da67f3493

SHA1
8562859ebf3ce95f7ecb4e2c785f43ad7aaaf151

SHA256
30dc0deb0faf0434732f2158ad24f2199def8dd04520b9daabbc5f0b3b6ddf40

SHA512
75eb227ca60ff8e873dac7fa3316b476b967069e8f0ac31469b2de5a9b21044db004353febf2b53069392be10a8bf40563bb5d6d4be774d37d12cf6fbeced175

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-synch-l1-1-0.dll

Filesize
14KB

MD5
f378455fb81488f5bfd3617e3c5a75c0

SHA1
312fa1343498e99565b1fbf92e6e1e05351cbc99

SHA256
91e50f94a951aa4e48a9059ad222bbe132b02e83d4a7df94a35ea73248e84800

SHA512
11d80d4f58da3827a317a3c1ed501432050e123eb992ed58c7765c68ddd2fc49b04398149e73fdb9fb3aa4494b440333aa26861b796e7ae8c7ad730f4faf99f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-synch-l1-2-0.dll

Filesize
13KB

MD5
5e393142274d7589ad3df926a529228c

SHA1
b9ca32fcc7959cb6342a1165b681ad4589c83991

SHA256
219cc445c1ad44f109219a3bb6900ab965cb6357504fc8110433b14f6a9b57be

SHA512
5eb31be9bce51a475c18267d89ee7b045af37b9f0722baaa85764114326c7a8d0a1662135e102d7ac074c24a6035232a527fc8745139a26cb62f33913ace3178

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
13KB

MD5
7b997bd96cb7fa92dee640d5030f8bea

SHA1
ee258d5f6731778363aa030a6bc372ca9a34383c

SHA256
4bcd366eaf0bde99b472fa2bf4e0dda1d860b3f404019fb41bbb8ad3a6d4d8f2

SHA512
92b9f4dd0b8cc66a92553418a1e18bbbee775f4051cd49af20505151be20b41db11d42c7f2436a6fa57e4c55f55a0519a1960e378f216ba4d7801e2efb859b2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
acf40d5e6799231cf7e4026bad0c50a0

SHA1
8f0395b7e7d2aac02130f47b23b50d1eab87466b

SHA256
64b5b95fe56b6df4c2d47d771bec32bd89267605df736e08c1249b802d6d48d1

SHA512
f66a61e89231b6dc95b26d97f5647da42400bc809f70789b9afc00a42b94ea3487913860b69a1b0ee59ed5eb62c3a0cade9e21f95da35fdd42d8ce51c5507632

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-core-util-l1-1-0.dll

Filesize
12KB

MD5
7a75bc355ca9f0995c2c27977fa8067e

SHA1
1c98833fd87f903b31d295f83754bca0f9792024

SHA256
52226dc5f1e8cd6a22c6a30406ed478e020ac8e3871a1a0c097eb56c97467870

SHA512
ba96fdd840a56c39aaa448a2cff5a2ee3955b5623f1b82362cb1d8d0ec5fbb51037bdc9f55fe7b6c9f57932267e151e167e7f8d0cb70e907d03a48e0c2617b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-conio-l1-1-0.dll

Filesize
13KB

MD5
19876c0a273c626f0e7bd28988ea290e

SHA1
8e7dd4807fe30786dd38dbb0daca63256178b77c

SHA256
07fda71f93c21a43d836d87fee199ac2572801993f00d6628dba9b52fcb25535

SHA512
cdd405f40ac1c0c27e281c4932fbbd6cc84471029d7f179ecf2e797b32bf208b3cd0ca6f702bb26f070f8cdd06b773c7beb84862e4c01794938932146e74f1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-convert-l1-1-0.dll

Filesize
16KB

MD5
d66741472c891692054e0bac6dde100b

SHA1
4d7927e5bea5cac77a26dc36b09d22711d532c61

SHA256
252b14d09b0ea162166c50e41aea9c6f6ad8038b36701981e48edff615d3ed4b

SHA512
c5af302f237c436ac8fe42e0e017d9ed039b4c6a25c3772059f0a6929cba3633d690d1f84ab0460beb24a0704e2e1fe022e0e113780c6f92e3d38d1afa8cee95

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-environment-l1-1-0.dll

Filesize
13KB

MD5
0eeb09c06c6926279484c3f0fbef85e7

SHA1
d074721738a1e9bb21b9a706a6097ec152e36a98

SHA256
10eb78864ebff85efc91cc91804f03fcd1b44d3a149877a9fa66261286348882

SHA512
3ceb44c0ca86928d2fdd75bf6442febafaca4de79108561e233030635f428539c44faae5bcf12ff6aa756c413ab7558ccc37eef8008c8aa5b37062d91f9d3613

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
14KB

MD5
a5dce38bc9a149abe5d2f61db8d6cec0

SHA1
05b6620f7d59d727299de77abe517210adea7fe0

SHA256
a5b66647ee6794b7ee79f7a2a4a69dec304daea45a11f09100a1ab092495b14b

SHA512
252f7f841907c30ff34aa63c6f996514eb962fc6e1908645da8bbde137699fe056740520fee6ad9728d1310261e6e3a212e1b69a7334832ce95da599d7742450

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-heap-l1-1-0.dll

Filesize
13KB

MD5
841cb7c4ba59f43b5b659dd3dfe02cd2

SHA1
5f81d14c98a7372191eceb65427f0c6e9f4ed5fa

SHA256
2eafce6ff69a237b17ae004f1c14241c3144be9eaeb4302fdc10dd1cb07b7673

SHA512
f446acb304960ba0d262d8519e1da6fe9263cc5a9da9ac9b92b0ac2ce8b3b90a4fd9d1fdfe7918b6a97afe62586a36abd8e8e18076d3ad4ad77763e901065914

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-locale-l1-1-0.dll

Filesize
13KB

MD5
a404e8ecee800e8beda84e8733a40170

SHA1
97a583e8b4bbcdaa98bae17db43b96123c4f7a6a

SHA256
80c291e9fcee694f03d105ba903799c79a546f2b5389ecd6349539c323c883aa

SHA512
66b99f5f2dcb698137ecbc5e76e5cf9fe39b786ea760926836598cabbfa6d7a27e2876ec3bf424a8cbb37e475834af55ef83abb2ed3c9d72c6a774c207cff0e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
ccf0a6129a16068a7c9aa3b0b7eeb425

SHA1
ea2461ab0b86c81520002ab6c3b5bf44205e070c

SHA256
80c09eb650cf3a913c093e46c7b382e2d7486fe43372c4bc00c991d2c8f07a05

SHA512
d4f2285c248ace34ea9192e23b3e82766346856501508a7a7fc3e6d07ee05b1e57ad033b060fe0cc24ee8dc61f97757b001f5261da8e063ab21ee80e323a306e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
20KB

MD5
fdb5b8009b3a2dda351ccd2e40c7a953

SHA1
245ad27902852929bcb826902f69aec24f8d9318

SHA256
0bd96e91a0aa1e1a967f08d778026e7ea922feb898757f19a58db59eae6d312b

SHA512
d104c7c8501020accff5e18e3da1be734fb1dbd0579c1ed553e6ab605cf2137fa8312d9b5015e9b6831deae3e1cc0ea72b1ee4131943723fa8e8105fbc24e794

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-private-l1-1-0.dll

Filesize
64KB

MD5
c034fea829b3f287e08d9857b74c5570

SHA1
4f48a54e42d11a628e3c3e3e42eb1322dbc51340

SHA256
dfb080ff0f9460bf3b57da71e58bff93f8cbbb5f53e3f6d2a65f5264809f90ab

SHA512
2d6232c60b79cad68ec9d1626b692f95e32d2555299d161f70018243f834a1dc18de13d483a5f8799ef3829fa92bcdbe96871d9bfb33aefb3a85c4f13792d9de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-process-l1-1-0.dll

Filesize
13KB

MD5
e62a28c67a222b5af736b6c3d68b7c82

SHA1
2214b0229f5ffc17e65db03b085b085f4af9d830

SHA256
bd475e0c63ae3f59ea747632ab3d3a17dd66f957379fa1d67fa279718e9cd0f4

SHA512
2f3590d061492650ee55a7ce8e9f1d836b7bb6976ae31d674b5acf66c30a86a5c92619d28165a4a6c9c3d158bb57d764ee292440a3643b4e23cffcdb16de5097

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
17KB

MD5
83433288a21ff0417c5ba56c2b410ce8

SHA1
b94a4ab62449bca8507d70d7fb5cbc5f5dfbf02c

SHA256
301c5418d2aee12b6b7c53dd9332926ce204a8351b69a84f8e7b8a1344fa7ea1

SHA512
f20de6248d391f537dcc06e80174734cdd1a47dc67e47f903284d48fb7d8082af4eed06436365fce3079aac5b4e07bbd9c1a1a5eb635c8fe082a59f566980310

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
18KB

MD5
844e18709c2deda41f2228068a8d2ced

SHA1
871bf94a33fa6bb36fa1332f8ec98d8d3e6fe3b6

SHA256
799e9174163f5878bea68ca9a6d05c0edf375518e7cc6cc69300c2335f3b5ea2

SHA512
3bbb82d79f54d85dcbe6ee85a9909c999b760a09e8925d704a13ba18c0a610a97054ac8bd4c66c1d52ab08a474eda78542d5d79ae036f2c8e1f1e584f5122945

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-string-l1-1-0.dll

Filesize
18KB

MD5
5a82c7858065335cad14fb06f0465c7e

SHA1
c5804404d016f64f3f959973eaefb7820edc97ad

SHA256
3bf407f8386989aa5f8c82525c400b249e6f8d946a32f28c469c996569d5b2e3

SHA512
88a06e823f90ef32d62794dafe6c3e92755f1f1275c8192a50e982013a56cf58a3ba39e2d80b0dd5b56986f2a7d4c5b047a75f8d8f4b5b241cdf2d00beebd0d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-time-l1-1-0.dll

Filesize
15KB

MD5
b64b9e13c90f84d0b522cd0645c2100c

SHA1
39822cb8f0914a282773e4218877168909fdc18d

SHA256
2f6b0f89f4d680a9a9994d08aa5cd514794be584a379487906071756ac644bd6

SHA512
9cb03d1120de577bdb9ed720c4ec8a0b89db85969b74fbd900dcdc00cf85a78d9469290a5a5d39be3691cb99d49cf6b84569ac7669a798b1e9b6c71047b350de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\api-ms-win-crt-utility-l1-1-0.dll

Filesize
13KB

MD5
26f020c0e210bce7c7428ac049a3c5da

SHA1
7bf44874b3ba7b5ba4b20bb81d3908e4cde2819c

SHA256
dfad88b5d54c597d81250b8569f6d381f7016f935742ac2138ba2a9ae514c601

SHA512
7da07143cab0a26b974fa90e3692d073b2e46e39875b2dd360648382d0bfca986338697600c4bc9fe54fc3826daa8fc8f2fec987de75480354c83aba612afa5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\libcrypto-1_1.dll

Filesize
1.1MB

MD5
daa2eed9dceafaef826557ff8a754204

SHA1
27d668af7015843104aa5c20ec6bbd30f673e901

SHA256
4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914

SHA512
7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\libffi-8.dll

Filesize
24KB

MD5
90a6b0264a81bb8436419517c9c232fa

SHA1
17b1047158287eb6471416c5df262b50d6fe1aed

SHA256
5c4a0d4910987a38a3cd31eae5f1c909029f7762d1a5faf4a2e2a7e9b1abab79

SHA512
1988dd58d291ee04ebfec89836bb14fcaafb9d1d71a93e57bd06fe592feace96cdde6fcce46ff8747339659a9a44cdd6cf6ac57ff495d0c15375221bf9b1666e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33242\ucrtbase.dll

Filesize
994KB

MD5
8e7680a8d07c3c4159241d31caaf369c

SHA1
62fe2d4ae788ee3d19e041d81696555a6262f575

SHA256
36cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80

SHA512
9509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p2xzdueb.rbg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/4748-1398-0x00007FF9EA6E0000-0x00007FF9EA6EC000-memory.dmp

Filesize
48KB

Download
memory/4748-1433-0x00007FF9E1280000-0x00007FF9E13F3000-memory.dmp

Filesize
1.4MB

Download
memory/4748-1380-0x00007FF9F5420000-0x00007FF9F542B000-memory.dmp

Filesize
44KB

Download
memory/4748-1378-0x00007FF9F13D0000-0x00007FF9F13F4000-memory.dmp

Filesize
144KB

Download
memory/4748-1381-0x00007FF9E8750000-0x00007FF9E8776000-memory.dmp

Filesize
152KB

Download
memory/4748-1383-0x00007FF9E2740000-0x00007FF9E285C000-memory.dmp

Filesize
1.1MB

Download
memory/4748-1382-0x00007FF9F0A60000-0x00007FF9F0A8D000-memory.dmp

Filesize
180KB

Download
memory/4748-1384-0x00007FF9F0730000-0x00007FF9F0744000-memory.dmp

Filesize
80KB

Download
memory/4748-1385-0x00007FF9E8710000-0x00007FF9E8747000-memory.dmp

Filesize
220KB

Download
memory/4748-1395-0x00007FF9F0340000-0x00007FF9F036E000-memory.dmp

Filesize
184KB

Download
memory/4748-1394-0x00007FF9F03B0000-0x00007FF9F03BC000-memory.dmp

Filesize
48KB

Download
memory/4748-1393-0x00007FF9F03D0000-0x00007FF9F03E9000-memory.dmp

Filesize
100KB

Download
memory/4748-1392-0x00007FF9F0720000-0x00007FF9F072B000-memory.dmp

Filesize
44KB

Download
memory/4748-1391-0x00007FF9F03C0000-0x00007FF9F03CB000-memory.dmp

Filesize
44KB

Download
memory/4748-1390-0x00007FF9F0710000-0x00007FF9F071C000-memory.dmp

Filesize
48KB

Download
memory/4748-1389-0x00007FF9F0C30000-0x00007FF9F0C3C000-memory.dmp

Filesize
48KB

Download
memory/4748-1388-0x00007FF9F0D40000-0x00007FF9F0D4B000-memory.dmp

Filesize
44KB

Download
memory/4748-1387-0x00007FF9F12F0000-0x00007FF9F12FB000-memory.dmp

Filesize
44KB

Download
memory/4748-1386-0x00007FF9E1540000-0x00007FF9E18B5000-memory.dmp

Filesize
3.5MB

Download
memory/4748-1401-0x00007FF9E8110000-0x00007FF9E811B000-memory.dmp

Filesize
44KB

Download
memory/4748-1400-0x00007FF9E2BE0000-0x00007FF9E2C98000-memory.dmp

Filesize
736KB

Download
memory/4748-1399-0x00007FF9E8700000-0x00007FF9E870B000-memory.dmp

Filesize
44KB

Download
memory/4748-1375-0x00007FF9F0340000-0x00007FF9F036E000-memory.dmp

Filesize
184KB

Download
memory/4748-1397-0x00007FF9F02D0000-0x00007FF9F02DE000-memory.dmp

Filesize
56KB

Download
memory/4748-1396-0x00007FF9F0380000-0x00007FF9F038C000-memory.dmp

Filesize
48KB

Download
memory/4748-1402-0x00007FF9E8100000-0x00007FF9E810C000-memory.dmp

Filesize
48KB

Download
memory/4748-1404-0x00007FF9E80F0000-0x00007FF9E80FC000-memory.dmp

Filesize
48KB

Download
memory/4748-1403-0x00007FF9E8750000-0x00007FF9E8776000-memory.dmp

Filesize
152KB

Download
memory/4748-1409-0x00007FF9E8710000-0x00007FF9E8747000-memory.dmp

Filesize
220KB

Download
memory/4748-1408-0x00007FF9E80B0000-0x00007FF9E80BC000-memory.dmp

Filesize
48KB

Download
memory/4748-1407-0x00007FF9E7B50000-0x00007FF9E7B62000-memory.dmp

Filesize
72KB

Download
memory/4748-1406-0x00007FF9E80E0000-0x00007FF9E80ED000-memory.dmp

Filesize
52KB

Download
memory/4748-1405-0x00007FF9E2740000-0x00007FF9E285C000-memory.dmp

Filesize
1.1MB

Download
memory/4748-1410-0x00007FF9E3840000-0x00007FF9E3855000-memory.dmp

Filesize
84KB

Download
memory/4748-1411-0x00007FF9E3820000-0x00007FF9E3832000-memory.dmp

Filesize
72KB

Download
memory/4748-1413-0x00007FF9E2720000-0x00007FF9E2734000-memory.dmp

Filesize
80KB

Download
memory/4748-1412-0x00007FF9F03B0000-0x00007FF9F03BC000-memory.dmp

Filesize
48KB

Download
memory/4748-1414-0x00007FF9E2700000-0x00007FF9E2717000-memory.dmp

Filesize
92KB

Download
memory/4748-1415-0x00007FF9E8110000-0x00007FF9E811B000-memory.dmp

Filesize
44KB

Download
memory/4748-1416-0x00007FF9E26D0000-0x00007FF9E26F2000-memory.dmp

Filesize
136KB

Download
memory/4748-1417-0x00007FF9E26B0000-0x00007FF9E26C6000-memory.dmp

Filesize
88KB

Download
memory/4748-1419-0x00007FF9E2690000-0x00007FF9E26A9000-memory.dmp

Filesize
100KB

Download
memory/4748-1418-0x00007FF9E8100000-0x00007FF9E810C000-memory.dmp

Filesize
48KB

Download
memory/4748-1420-0x00007FF9E2640000-0x00007FF9E268D000-memory.dmp

Filesize
308KB

Download
memory/4748-1421-0x00007FF9E1520000-0x00007FF9E1531000-memory.dmp

Filesize
68KB

Download
memory/4748-1422-0x00007FF9E3810000-0x00007FF9E381A000-memory.dmp

Filesize
40KB

Download
memory/4748-1424-0x00007FF9E1500000-0x00007FF9E151E000-memory.dmp

Filesize
120KB

Download
memory/4748-1423-0x00007FF9E3840000-0x00007FF9E3855000-memory.dmp

Filesize
84KB

Download
memory/4748-1425-0x00007FF9E14A0000-0x00007FF9E14FD000-memory.dmp

Filesize
372KB

Download
memory/4748-1426-0x00007FF9E2720000-0x00007FF9E2734000-memory.dmp

Filesize
80KB

Download
memory/4748-1427-0x00007FF9E1470000-0x00007FF9E1499000-memory.dmp

Filesize
164KB

Download
memory/4748-1429-0x00007FF9E1430000-0x00007FF9E145E000-memory.dmp

Filesize
184KB

Download
memory/4748-1428-0x00007FF9E2700000-0x00007FF9E2717000-memory.dmp

Filesize
92KB

Download
memory/4748-1430-0x00007FF9E26D0000-0x00007FF9E26F2000-memory.dmp

Filesize
136KB

Download
memory/4748-1431-0x00007FF9E1400000-0x00007FF9E1423000-memory.dmp

Filesize
140KB

Download
memory/4748-1379-0x00007FF9F5500000-0x00007FF9F550D000-memory.dmp

Filesize
52KB

Download
memory/4748-1432-0x00007FF9E26B0000-0x00007FF9E26C6000-memory.dmp

Filesize
88KB

Download
memory/4748-1434-0x00007FF9E2690000-0x00007FF9E26A9000-memory.dmp

Filesize
100KB

Download
memory/4748-1435-0x00007FF9E1260000-0x00007FF9E1278000-memory.dmp

Filesize
96KB

Download
memory/4748-1437-0x00007FF9E1250000-0x00007FF9E125B000-memory.dmp

Filesize
44KB

Download
memory/4748-1436-0x00007FF9E2640000-0x00007FF9E268D000-memory.dmp

Filesize
308KB

Download
memory/4748-1440-0x00007FF9E1230000-0x00007FF9E123C000-memory.dmp

Filesize
48KB

Download
memory/4748-1444-0x00007FF9E11F0000-0x00007FF9E11FC000-memory.dmp

Filesize
48KB

Download
memory/4748-1445-0x00007FF9E3810000-0x00007FF9E381A000-memory.dmp

Filesize
40KB

Download
memory/4748-1450-0x00007FF9E1470000-0x00007FF9E1499000-memory.dmp

Filesize
164KB

Download
memory/4748-1449-0x00007FF9E11C0000-0x00007FF9E11CC000-memory.dmp

Filesize
48KB

Download
memory/4748-1448-0x00007FF9E14A0000-0x00007FF9E14FD000-memory.dmp

Filesize
372KB

Download
memory/4748-1447-0x00007FF9E11D0000-0x00007FF9E11DE000-memory.dmp

Filesize
56KB

Download
memory/4748-1446-0x00007FF9E11E0000-0x00007FF9E11EC000-memory.dmp

Filesize
48KB

Download
memory/4748-1443-0x00007FF9E1200000-0x00007FF9E120B000-memory.dmp

Filesize
44KB

Download
memory/4748-1442-0x00007FF9E1210000-0x00007FF9E121C000-memory.dmp

Filesize
48KB

Download
memory/4748-1441-0x00007FF9E1220000-0x00007FF9E122B000-memory.dmp

Filesize
44KB

Download
memory/4748-1439-0x00007FF9E1240000-0x00007FF9E124B000-memory.dmp

Filesize
44KB

Download
memory/4748-1438-0x00007FF9E1520000-0x00007FF9E1531000-memory.dmp

Filesize
68KB

Download
memory/4748-1456-0x00007FF9E1400000-0x00007FF9E1423000-memory.dmp

Filesize
140KB

Download
memory/4748-1455-0x00007FF9E1180000-0x00007FF9E118C000-memory.dmp

Filesize
48KB

Download
memory/4748-1454-0x00007FF9E1190000-0x00007FF9E119C000-memory.dmp

Filesize
48KB

Download
memory/4748-1453-0x00007FF9E11A0000-0x00007FF9E11AB000-memory.dmp

Filesize
44KB

Download
memory/4748-1452-0x00007FF9E11B0000-0x00007FF9E11BB000-memory.dmp

Filesize
44KB

Download
memory/4748-1451-0x00007FF9E1430000-0x00007FF9E145E000-memory.dmp

Filesize
184KB

Download
memory/4748-1461-0x00007FF9E1260000-0x00007FF9E1278000-memory.dmp

Filesize
96KB

Download
memory/4748-1460-0x00007FF9E1150000-0x00007FF9E1162000-memory.dmp

Filesize
72KB

Download
memory/4748-1459-0x00007FF9E1140000-0x00007FF9E114C000-memory.dmp

Filesize
48KB

Download
memory/4748-1458-0x00007FF9E1170000-0x00007FF9E117D000-memory.dmp

Filesize
52KB

Download
memory/4748-1457-0x00007FF9E1280000-0x00007FF9E13F3000-memory.dmp

Filesize
1.4MB

Download
memory/4748-1377-0x00007FF9E2BE0000-0x00007FF9E2C98000-memory.dmp

Filesize
736KB

Download
memory/4748-1511-0x00007FF9E18C0000-0x00007FF9E1EA8000-memory.dmp

Filesize
5.9MB

Download
memory/4748-1534-0x00007FF9E2640000-0x00007FF9E268D000-memory.dmp

Filesize
308KB

Download
memory/4748-1533-0x00007FF9E2690000-0x00007FF9E26A9000-memory.dmp

Filesize
100KB

Download
memory/4748-1532-0x00007FF9E26B0000-0x00007FF9E26C6000-memory.dmp

Filesize
88KB

Download
memory/4748-1531-0x00007FF9E26D0000-0x00007FF9E26F2000-memory.dmp

Filesize
136KB

Download
memory/4748-1530-0x00007FF9E2700000-0x00007FF9E2717000-memory.dmp

Filesize
92KB

Download
memory/4748-1529-0x00007FF9E2720000-0x00007FF9E2734000-memory.dmp

Filesize
80KB

Download
memory/4748-1528-0x00007FF9E3820000-0x00007FF9E3832000-memory.dmp

Filesize
72KB

Download
memory/4748-1527-0x00007FF9E3840000-0x00007FF9E3855000-memory.dmp

Filesize
84KB

Download
memory/4748-1526-0x00007FF9E8710000-0x00007FF9E8747000-memory.dmp

Filesize
220KB

Download
memory/4748-1525-0x00007FF9E2740000-0x00007FF9E285C000-memory.dmp

Filesize
1.1MB

Download
memory/4748-1524-0x00007FF9E8750000-0x00007FF9E8776000-memory.dmp

Filesize
152KB

Download
memory/4748-1523-0x00007FF9F5420000-0x00007FF9F542B000-memory.dmp

Filesize
44KB

Download
memory/4748-1522-0x00007FF9F5500000-0x00007FF9F550D000-memory.dmp

Filesize
52KB

Download
memory/4748-1520-0x00007FF9F0340000-0x00007FF9F036E000-memory.dmp

Filesize
184KB

Download
memory/4748-1517-0x00007FF9E1540000-0x00007FF9E18B5000-memory.dmp

Filesize
3.5MB

Download
memory/4748-1376-0x00007FF9E18C0000-0x00007FF9E1EA8000-memory.dmp

Filesize
5.9MB

Download
memory/4748-1374-0x00007FF9F5820000-0x00007FF9F582D000-memory.dmp

Filesize
52KB

Download
memory/4748-1373-0x00007FF9F03D0000-0x00007FF9F03E9000-memory.dmp

Filesize
100KB

Download
memory/4748-1372-0x00007FF9E1540000-0x00007FF9E18B5000-memory.dmp

Filesize
3.5MB

Download
memory/4748-1371-0x00007FF9F0730000-0x00007FF9F0744000-memory.dmp

Filesize
80KB

Download
memory/4748-1324-0x00007FF9F0A60000-0x00007FF9F0A8D000-memory.dmp

Filesize
180KB

Download
memory/4748-1321-0x00007FF9F13B0000-0x00007FF9F13C9000-memory.dmp

Filesize
100KB

Download
memory/4748-1318-0x00007FF9FA000000-0x00007FF9FA00F000-memory.dmp

Filesize
60KB

Download
memory/4748-1316-0x00007FF9F13D0000-0x00007FF9F13F4000-memory.dmp

Filesize
144KB

Download
memory/4748-1308-0x00007FF9E18C0000-0x00007FF9E1EA8000-memory.dmp

Filesize
5.9MB

Download