Overview

overview

10

Static

static

10

sultan cracked.exe

windows7-x64

10

sultan cracked.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2025, 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sultan cracked.exe

  • Size

    2.0MB

  • MD5

    000142d2c4961a9715157529ee679f27

  • SHA1

    e12ef916e551260a295cad737602c897781cc656

  • SHA256

    dbe3ee56b5cc22b5309005a8624b7cc24f5f7260e9bc38d8d223875f2fb81ba4

  • SHA512

    b76fbacdc4bc8172c948d2d68b2506e4c69b43d4462765dbdab37cbc773c081132b555ed072e39e5a5666f734d62374512d9ae4a0660bc90c8e7db0218bba0dc

  • SSDEEP

    24576:Vof3ZI06UZjoiAuB2Tu6kbRTYnnk2FbMNyBo4kx929bL3Hnx1I88:a/Zsxu0zq5QnJB+kn3HnxW

Score
10/10
umbralspywarestealer

Malware Config

Signatures

  • Detect Umbral payload 2 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Umbral family
    umbral
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 24 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 24 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\sultan cracked.exe
    "C:\Users\Admin\AppData\Local\Temp\sultan cracked.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Users\Admin\AppData\Local\Temp\ERNS X!TERS.exe
      "C:\Users\Admin\AppData\Local\Temp\ERNS X!TERS.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ERNS X!TERS.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3468
        • C:\Windows\system32\certutil.exe
          certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ERNS X!TERS.exe" MD5
          4⤵
            PID:3156
          • C:\Windows\system32\find.exe
            find /i /v "md5"
            4⤵
              PID:5820
            • C:\Windows\system32\find.exe
              find /i /v "certutil"
              4⤵
                PID:1852
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            2⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:5872
            • C:\Windows\System32\Wbem\wmic.exe
              "wmic.exe" csproduct get uuid
              3⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:1564
        • C:\Windows\System32\alg.exe
          C:\Windows\System32\alg.exe
          1⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          PID:2796
        • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
          C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
          1⤵
          • Executes dropped EXE
          PID:3956
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
          1⤵
            PID:4676
          • C:\Windows\system32\fxssvc.exe
            C:\Windows\system32\fxssvc.exe
            1⤵
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Suspicious use of AdjustPrivilegeToken
            PID:5504
          • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
            "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
            1⤵
            • Executes dropped EXE
            PID:3296
          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
            1⤵
            • Executes dropped EXE
            PID:4764
          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
            1⤵
            • Executes dropped EXE
            PID:3616
          • C:\Windows\System32\msdtc.exe
            C:\Windows\System32\msdtc.exe
            1⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • Drops file in Windows directory
            PID:620
          • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
            "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
            1⤵
            • Executes dropped EXE
            PID:820
          • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
            C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
            1⤵
            • Executes dropped EXE
            PID:2292
          • C:\Windows\SysWow64\perfhost.exe
            C:\Windows\SysWow64\perfhost.exe
            1⤵
            • Executes dropped EXE
            PID:4480
          • C:\Windows\system32\locator.exe
            C:\Windows\system32\locator.exe
            1⤵
            • Executes dropped EXE
            PID:3252
          • C:\Windows\System32\SensorDataService.exe
            C:\Windows\System32\SensorDataService.exe
            1⤵
            • Executes dropped EXE
            • Checks SCSI registry key(s)
            PID:1744
          • C:\Windows\System32\snmptrap.exe
            C:\Windows\System32\snmptrap.exe
            1⤵
            • Executes dropped EXE
            PID:3068
          • C:\Windows\system32\spectrum.exe
            C:\Windows\system32\spectrum.exe
            1⤵
            • Executes dropped EXE
            • Checks SCSI registry key(s)
            PID:1116
          • C:\Windows\System32\OpenSSH\ssh-agent.exe
            C:\Windows\System32\OpenSSH\ssh-agent.exe
            1⤵
            • Executes dropped EXE
            PID:5880
          • C:\Windows\system32\TieringEngineService.exe
            C:\Windows\system32\TieringEngineService.exe
            1⤵
            • Executes dropped EXE
            • Checks processor information in registry
            • Suspicious use of AdjustPrivilegeToken
            PID:3688
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
            1⤵
              PID:1548
            • C:\Windows\system32\AgentService.exe
              C:\Windows\system32\AgentService.exe
              1⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:5380
            • C:\Windows\System32\vds.exe
              C:\Windows\System32\vds.exe
              1⤵
              • Executes dropped EXE
              PID:5444
            • C:\Windows\system32\vssvc.exe
              C:\Windows\system32\vssvc.exe
              1⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:4040
            • C:\Windows\system32\wbengine.exe
              "C:\Windows\system32\wbengine.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:4396
            • C:\Windows\system32\wbem\WmiApSrv.exe
              C:\Windows\system32\wbem\WmiApSrv.exe
              1⤵
              • Executes dropped EXE
              PID:5240
            • C:\Windows\system32\SearchIndexer.exe
              C:\Windows\system32\SearchIndexer.exe /Embedding
              1⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:5780
              • C:\Windows\system32\SearchProtocolHost.exe
                "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                2⤵
                • Modifies data under HKEY_USERS
                PID:3608
              • C:\Windows\system32\SearchFilterHost.exe
                "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                2⤵
                • Modifies data under HKEY_USERS
                PID:5492

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
              Filesize

              2.3MB

              MD5

              0b10198b0e2004492f1916eebcb15277

              SHA1

              8dfc14c121d62cf935d645a0d65fcbd776836168

              SHA256

              c4c97fc7ac49e42cc9ac56ead27da38682c35bc0851ee0dafc9e331f88d5455e

              SHA512

              65002bfb03b5528bcdd269b4a47afca573b5e6f0b12cd8a3e6db979baa28a09958653e381650d8676176fc1062802c39dadf86538ed9c6a26c336fdaebc055ba

              Download Submit

            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
              Filesize

              1.4MB

              MD5

              61b1d6782338b392627c7b10e39dcffc

              SHA1

              2198d92f67c5b28ec37f5ce7312a8084690a4b7b

              SHA256

              f92ef29d200112fd83135b1d47d22f50d9d5674ec639d68335ece122b72ae5ae

              SHA512

              1b1e381ca219b179d528de19e036eac06fba73f5abdef6363d54bc5abe241ed8c5184d3f181267290cc93fd43d8e5126e6b6dca54d87fd3c33c29af05a27ba46

              Download Submit

            • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
              Filesize

              1.4MB

              MD5

              c7c66562a195fefeb9ba7445a71e848b

              SHA1

              8201ea178cbe775c0e6ed758e06f41259277af50

              SHA256

              a1c6585cf62a98fc2b1b18a229f3c95e9ceeb4dfdf5d90d175bfbfec1780e143

              SHA512

              ee443bd7f03adf1a06e9b10a015f7ed34d00cef6eed4eb5d5ead727345b24ae508de4518692716d022e29f51aed035f309e69f58d5c765c0af44211b047ab09f

              Download Submit

            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
              Filesize

              2.3MB

              MD5

              8ab6c8a2c81c764d04add2fe31b70fd5

              SHA1

              d327dd983013bd0edb97880d133838cfe004d506

              SHA256

              6249603d32e229294b24e530f5c9f61fdeccab7f31ffeacf18d1cf641e51c611

              SHA512

              3c8a36fc0caca9261a3ce7efc31c369d6481ba5982205424636c2ecd8fb3ce826fd868ea1c0288cfb2527b6016965168f0b1a8145bb4e11e6c394fb6002a24f4

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\ERNS X!TERS.exe
              Filesize

              1.8MB

              MD5

              8c110834053f57e14ced24c9e8b135c0

              SHA1

              e244e2a297059871cb28b75b1ea755d356ae60ec

              SHA256

              63ad8f6ab5596ed4ea35936d726fdecf520d5f70d6a976c765d8c59341f1e118

              SHA512

              77c25c6f2cb8aa004760c845358074bf2995382965578048ca7be3b32a10646983dfef6dda3ccbc022b7546bd12da5eb293406c39ba44e7679879750c0ac58b7

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\svchost.exe
              Filesize

              230KB

              MD5

              e8b96113d79f611db9ef00ef0a3f9dfe

              SHA1

              2b1031c270cbb9aa3f0f60f41aca340c43540e6a

              SHA256

              4611c4fed4d9baf0bff00023a23a5e039208452da1460c4d0ea0ff90a04ec54e

              SHA512

              7121fe3982912f345ac07bbe823ccc04e5a03d9d4097ac167e3aa5544803aef31a76cc9395337b3d0f8483e626e9567f113bb89db8c60375fa84ba65a50f1f7d

              Download Submit

            • C:\Windows\SysWOW64\perfhost.exe
              Filesize

              1.2MB

              MD5

              3bd648170d5758917f107dfe34722da4

              SHA1

              c74768db970b71e13b577b233859b96fed6cdd6e

              SHA256

              d4eff2764b9efa092dbd1c86226567519541096cbdc58002ef923aeb7caf558a

              SHA512

              4eea0d717755442f4d64fdc340cf058aa4e9a4ee4ee7b8776ed6c2e7f0dfcb2f31a0a01992f22c37f47bf18ecff936387a3d22bdfad7ad1761fb56051dbcf707

              Download Submit

            • C:\Windows\System32\AgentService.exe
              Filesize

              1.7MB

              MD5

              964b62da1bdbcca697338427d21640e6

              SHA1

              573c6fc0decdf44875c819b7c238581f9bdaefea

              SHA256

              7b9ca099e90e2e0fe4f9b5856b496f02966f066d3e6748d51781cda68033865e

              SHA512

              32dff1e63d05c185aff3c5a0c56f238ccd71afc2695a7a0b714bfa13459bd4bef3724460bc7d4855530cc4d4c767e06d3ff7dac14fe49e2361c01a495c739e8d

              Download Submit

            • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
              Filesize

              1.3MB

              MD5

              2859a3788429560cc476750a91bc52e3

              SHA1

              ffa7d0e2bffbc95de50fe97482d756c0e7a1871f

              SHA256

              4b562fa98d7f141707719530989c03c8d72832d242f28e6b36720d40e508797a

              SHA512

              f8f7e151b89e44ef0d5bca309b9b6585131065a34408227bfb313cd9e0f12104ec7f8f33ed9c9661103fdfb574bab07a7e2018ce571d070243b9e28eae4a2fc9

              Download Submit

            • C:\Windows\System32\FXSSVC.exe
              Filesize

              1.2MB

              MD5

              c2c9bf591c5cb00e14c7395875955219

              SHA1

              c3fb41cf7ca597a27e034f6886d828cb7ba1b692

              SHA256

              6966eab846d9daf8077287cd56d48e090599e119b007a3bac6a6a0b53e39b5d5

              SHA512

              9616a0a2fe3c19fa5441bece77a4511a8ec9f90960a574e45cfae282f046fd59ae9b0e04942821451f5bfc0a7120487fe2b7cc2f619ba12923871c6fa7c5f43d

              Download Submit

            • C:\Windows\System32\Locator.exe
              Filesize

              1.2MB

              MD5

              257ceec2be44734cff0744e9999fd598

              SHA1

              0117da2a3d48e85b570d38dae298a499b132e8f1

              SHA256

              cef95521a3143a8b6687a25f0adb3bb5a008a0b32e6804f44dfde5985d89aaa8

              SHA512

              4adbc44ccc6e6e3cfdd03ce8f24fd6f22a98d57e2db1af73e5d1c91f387ec4b39cd9cd938aac9c8806ebbb58b6d55a5b678c968480076612f1931798da8db38b

              Download Submit

            • C:\Windows\System32\OpenSSH\ssh-agent.exe
              Filesize

              1.5MB

              MD5

              95cb7fc472c82615a08707adce3f77bc

              SHA1

              b753a4b0219496a6b7d04e308019aba230e05297

              SHA256

              7967a2edc99dff8eb0e80ac27ff5ae78ecd7796ef5207c7a7f45771dfa1fadfa

              SHA512

              63a4b6b1d202e57fe6569e15ba585694faa3d96f580ae0f5a922a4458760b2b03b44f95c32e96fcbad5ec914e913f2732d46d66b9400c53ad10c01e66eb40a66

              Download Submit

            • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
              Filesize

              1.3MB

              MD5

              e084db014a7082c346cd83d238e69e61

              SHA1

              2bb0ec6006ac48a79397f5789b00e5a8b76201ef

              SHA256

              df43bcc506369ac5d4f53f698ebc80a1aee41d4e45631bab0c5104df27216905

              SHA512

              995d447f35035a538d774d5c8327f584d77bf3c1fec6c5bcca28f532ddba03d6819e38c05989e8a6024a3bf5fcefebbc668326e74589cf6f14ea8591d0e38795

              Download Submit

            • C:\Windows\System32\SearchIndexer.exe
              Filesize

              1.4MB

              MD5

              1fe25a0ed28c1d58ce4a80a140c2c9be

              SHA1

              6d8ef2337bcc7be93e9f44f53b80f123fd098aaa

              SHA256

              4d148d8ac6e4f49e01e0a4332415ad48c400571bd660a2d1fdc249344c37299d

              SHA512

              5034525f527c2dc61065fa465a2fe78e7499c6a0274f5a09ecf76ab5ca62164212757b5ea856bcbf03a7e219a18b29253b1ee796ace8f0c3cec8d53b7b820cbf

              Download Submit

            • C:\Windows\System32\SensorDataService.exe
              Filesize

              1.8MB

              MD5

              71f9582f000c284af4d6d47782df66e8

              SHA1

              9441cba29116da3c267bd6cd06259a7406ed3f98

              SHA256

              2d812db2a6357ab8a98532ba79244976824ae3d4f2568abf3c3a3cde24c489df

              SHA512

              c3d5d5b5079e1c24cbb5912018dcb2afa2fc1afb6fb92840ac1af158631e9c3cbf792de5662c9e51d06ce64212ddcb1b9e88ad4c04407d69f93094675f68fb01

              Download Submit

            • C:\Windows\System32\Spectrum.exe
              Filesize

              1.4MB

              MD5

              2291134bc7137c6d4932c2b310dc4a2d

              SHA1

              c0fe6df71dc2ec8cc3439afc84348a3359d9319a

              SHA256

              edbbcf8a6064fd6873de23aca6de0cb30ef6c28c7c4cd1888fec579b092e6879

              SHA512

              a639c92101068260aa11df1359d6197d69a12d0e951c349671a8b4a048895391fc83761a0132a2181aa9a5a0dca96cb1fb98a2c10fc335fddbab1ab8fe998d7d

              Download Submit

            • C:\Windows\System32\TieringEngineService.exe
              Filesize

              1.5MB

              MD5

              aa5af2251305ccdce588a3fd63093df4

              SHA1

              d470a90dccb94c1dfdfa6f64563c1442a890576f

              SHA256

              a5b90ac3edd35f96e70f09511eef73aad563ccda2a9a6fc246a38ae8c7ac0d69

              SHA512

              5de7e90da5eda064a0120af85ad45d4375036b24b294d282515f54b29ae3af7036118f96f328b476d16d1af183e12c294a844359e2b1783782f57efa8fb9174a

              Download Submit

            • C:\Windows\System32\VSSVC.exe
              Filesize

              2.0MB

              MD5

              968f5e46afb0ba846566e3ef3a5f7dee

              SHA1

              db9e124aff9379f372c9fe75442e840951d8c6fc

              SHA256

              f8316b84738432519393f1272d8e94b6277759b3a61656175294685ad3c44e68

              SHA512

              35776e18c6d2e14230d7adc37ec54094976bdc3a15028a6d2bc2ac81927c31d782d277899378163925b2e3577e4dbbf80c7c8dd5eeec7c8099e581f2afcf4b13

              Download Submit

            • C:\Windows\System32\alg.exe
              Filesize

              1.3MB

              MD5

              3b1b1818145ced8dd6990a241cb84646

              SHA1

              dde7e838ce291df1988f032c670844bb84320843

              SHA256

              6d9be782680ac5ec13a1bb6fa6f371371a4b9153acdaac40e0fa4f7f20495e63

              SHA512

              17d68939af5644e21cac6da1c58b98491ce400757b9c54e1aa411fed65cde432a821ac62918df412a102d47e0c3ee9012ab59033e626d2363555b942e3f8d8c0

              Download Submit

            • C:\Windows\System32\msdtc.exe
              Filesize

              1.3MB

              MD5

              fdb9446928c3410c2d211692593656dd

              SHA1

              820bacaaf6248c3c235e82148a3b62a093a09692

              SHA256

              3ce939b61a1de1b0b9528b6a7d88d551868047e5937d2274886ca21ebcaeba1c

              SHA512

              c83a95d3774d6f568a8a97e8383dd17fdcbba5deb8fd43ad864f95c8710b2007a8834333e858165e9f9b07fc2cd17abf25a785e61fb112dd1b632a5cb36d205d

              Download Submit

            • C:\Windows\System32\snmptrap.exe
              Filesize

              1.2MB

              MD5

              6b4b1161ea49e320a84b1046c1968a1c

              SHA1

              014c9b2f307044237f708c13cd06a3080122305a

              SHA256

              d787aef2288dd83e14d2265d22f49c5db430602648d02783f1c5d6022ffe22fa

              SHA512

              33b685f2b8266ac93ada3afd96aa6dec668e410ce68cf090bcf98ab17965a5edab57c2c216406b3e4b5f0e237257b33a4856043690485732d3618a607bd009f2

              Download Submit

            • C:\Windows\System32\vds.exe
              Filesize

              1.3MB

              MD5

              861e56bfec1c4cedfe406c8a4dc5d428

              SHA1

              f2742b896e9cee9af505b9294cec5b8a1092da83

              SHA256

              31869c890005ccbc9f9280b6f5b95ee89544224552de17a1af8cc5d0e6945352

              SHA512

              2a37f6018e6456c3195ba6d74cfca977d7a482772f348c8704e2c1b05c9b356ebfc62e7bdae063bc5e3736cbd65393a9b97d137ec291891ca05b38d69906a9d0

              Download Submit

            • C:\Windows\System32\wbem\WmiApSrv.exe
              Filesize

              1.4MB

              MD5

              31c5987d133d1ac3e3d84f689546e63e

              SHA1

              0e9477c06d537951ae4cceee48983e0adf40d451

              SHA256

              22463770bfd187c3649cba9552808c917680e683eeb05034512b9ed5fc3a590c

              SHA512

              c98bb511e1c434a80af17b7626e3235fd3a19251c007cc8d33424cb47e77e6f3bbb884d009e5487eacab31d83ac609f6d22e30d5e56ea93c3a199b896bfeb1e3

              Download Submit

            • C:\Windows\System32\wbengine.exe
              Filesize

              2.1MB

              MD5

              00e93f5cca86273f9205d6e41b026112

              SHA1

              532a595708b8c33f97d651f919d93b2c2bede8d5

              SHA256

              4ad8c71e681c4fb7b927b560a18b6153845b3ba3a08747ce64da8b41970b7b2b

              SHA512

              08cca9d9dba3e53b1d9443a76e5d37a4a06c50e9524d309616aaeccafacab65443f2eb08cdcd085ce85a3b954a9bde1c8e9a83204b05e74c14c107524209e389

              Download Submit

            • memory/620-251-0x0000000140000000-0x0000000140157000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/620-126-0x0000000140000000-0x0000000140157000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/620-131-0x0000000000CF0000-0x0000000000D50000-memory.dmp

              Filesize

              384KB

              Download

            • memory/820-150-0x0000000140000000-0x000000014016E000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/820-266-0x0000000140000000-0x000000014016E000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/1116-443-0x0000000140000000-0x0000000140169000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/1116-216-0x0000000140000000-0x0000000140169000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/1744-315-0x0000000140000000-0x00000001401D7000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/1744-192-0x0000000140000000-0x00000001401D7000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/1744-547-0x0000000140000000-0x00000001401D7000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/2292-278-0x0000000140000000-0x0000000140149000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/2292-166-0x0000000140000000-0x0000000140149000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/2360-21-0x0000000001FB0000-0x0000000002010000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2360-11-0x0000000001FB0000-0x0000000002010000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2360-19-0x0000000140000000-0x00000001401CE000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/2360-163-0x0000000140000000-0x00000001401CE000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/2796-45-0x00000000006F0000-0x0000000000750000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2796-179-0x0000000140000000-0x0000000140148000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/2796-39-0x00000000006F0000-0x0000000000750000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2796-38-0x0000000140000000-0x0000000140148000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/3068-204-0x0000000140000000-0x0000000140134000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/3068-394-0x0000000140000000-0x0000000140134000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/3252-180-0x0000000140000000-0x0000000140133000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/3252-303-0x0000000140000000-0x0000000140133000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/3296-93-0x0000000140000000-0x000000014025F000-memory.dmp

              Filesize

              2.4MB

              Download

            • memory/3296-85-0x0000000000510000-0x0000000000570000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3296-215-0x0000000140000000-0x000000014025F000-memory.dmp

              Filesize

              2.4MB

              Download

            • memory/3296-91-0x0000000000510000-0x0000000000570000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3500-0-0x00007FFD4ADD5000-0x00007FFD4ADD6000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3500-2-0x00007FFD4AB20000-0x00007FFD4B4C1000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/3500-1-0x00007FFD4AB20000-0x00007FFD4B4C1000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/3500-36-0x00007FFD4AB20000-0x00007FFD4B4C1000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/3616-120-0x0000000140000000-0x0000000140174000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/3616-124-0x0000000140000000-0x0000000140174000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/3616-111-0x0000000001A20000-0x0000000001A80000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3616-117-0x0000000001A20000-0x0000000001A80000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3616-122-0x0000000001A20000-0x0000000001A80000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3688-504-0x0000000140000000-0x0000000140180000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/3688-240-0x0000000140000000-0x0000000140180000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/3956-60-0x00000000006C0000-0x0000000000720000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3956-53-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/3956-191-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/3956-54-0x00000000006C0000-0x0000000000720000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4040-279-0x0000000140000000-0x00000001401FC000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4040-511-0x0000000140000000-0x00000001401FC000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4396-544-0x0000000140000000-0x0000000140216000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4396-292-0x0000000140000000-0x0000000140216000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4480-168-0x0000000000400000-0x0000000000535000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/4480-291-0x0000000000400000-0x0000000000535000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/4764-100-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4764-228-0x0000000140000000-0x0000000140266000-memory.dmp

              Filesize

              2.4MB

              Download

            • memory/4764-99-0x0000000140000000-0x0000000140266000-memory.dmp

              Filesize

              2.4MB

              Download

            • memory/4764-106-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/5240-564-0x0000000140000000-0x0000000140164000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/5240-305-0x0000000140000000-0x0000000140164000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/5380-256-0x0000000140000000-0x00000001401C0000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/5380-252-0x0000000140000000-0x00000001401C0000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/5444-267-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/5444-510-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/5504-98-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/5504-95-0x0000000000830000-0x0000000000890000-memory.dmp

              Filesize

              384KB

              Download

            • memory/5504-74-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/5504-81-0x0000000000830000-0x0000000000890000-memory.dmp

              Filesize

              384KB

              Download

            • memory/5504-75-0x0000000000830000-0x0000000000890000-memory.dmp

              Filesize

              384KB

              Download

            • memory/5780-316-0x0000000140000000-0x0000000140179000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/5780-566-0x0000000140000000-0x0000000140179000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/5872-35-0x000001AA30650000-0x000001AA30690000-memory.dmp

              Filesize

              256KB

              Download

            • memory/5880-490-0x0000000140000000-0x00000001401A1000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/5880-229-0x0000000140000000-0x00000001401A1000-memory.dmp

              Filesize

              1.6MB

              Download