Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 02:38
Static task
static1
Behavioral task
behavioral1
Sample
7de35814a8b0c8ea0a9d283ff81a5bdd.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7de35814a8b0c8ea0a9d283ff81a5bdd.exe
Resource
win10v2004-20240611-en
General
-
Target
7de35814a8b0c8ea0a9d283ff81a5bdd.exe
-
Size
4.3MB
-
MD5
7de35814a8b0c8ea0a9d283ff81a5bdd
-
SHA1
3d8ab2de7b5322eeeb0972600f6e6d671657b1e4
-
SHA256
e5c93fa48764412d1deef86aa43205791607d975ccc5e27f18e513b6bf716634
-
SHA512
efc0d1cbba1377918def270866b9109acafb144926d81fe0dce6f82feb9fddf5765055269d61ae6f22780159ad18350902ffcef6110cf08dfc55396d6c872903
-
SSDEEP
98304:Vpq/d8kCB3lMyQjujDW9tBcg2jGqwwArylRG4Jwedh9y+UQbyoY+TPbLhKgXkB3n:Wc+5ujyp8jGqwwwuRNOenUQDYkLhWNtt
Malware Config
Signatures
-
Processes:
7de35814a8b0c8ea0a9d283ff81a5bdd.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 7de35814a8b0c8ea0a9d283ff81a5bdd.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
7de35814a8b0c8ea0a9d283ff81a5bdd.exedescription ioc process File opened for modification \??\PhysicalDrive0 7de35814a8b0c8ea0a9d283ff81a5bdd.exe -
Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs
Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.
Processes:
7de35814a8b0c8ea0a9d283ff81a5bdd.exedescription ioc process File opened (read-only) \??\VBoxMiniRdrDN 7de35814a8b0c8ea0a9d283ff81a5bdd.exe -
Executes dropped EXE 2 IoCs
Processes:
7de35814a8b0c8ea0a9d283ff81a5bdd.exe7de35814a8b0c8ea0a9d283ff81a5bdd.exepid process 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2052 7de35814a8b0c8ea0a9d283ff81a5bdd.exe -
Loads dropped DLL 41 IoCs
Processes:
7de35814a8b0c8ea0a9d283ff81a5bdd.exe7de35814a8b0c8ea0a9d283ff81a5bdd.exepid process 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
7de35814a8b0c8ea0a9d283ff81a5bdd.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 7de35814a8b0c8ea0a9d283ff81a5bdd.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde 7de35814a8b0c8ea0a9d283ff81a5bdd.exe -
Suspicious use of WriteProcessMemory 14 IoCs
Processes:
7de35814a8b0c8ea0a9d283ff81a5bdd.exe7de35814a8b0c8ea0a9d283ff81a5bdd.exedescription pid process target process PID 1976 wrote to memory of 2600 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 1976 wrote to memory of 2600 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 1976 wrote to memory of 2600 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 1976 wrote to memory of 2600 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 1976 wrote to memory of 2600 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 1976 wrote to memory of 2600 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 1976 wrote to memory of 2600 1976 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 2600 wrote to memory of 2052 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 2600 wrote to memory of 2052 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 2600 wrote to memory of 2052 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 2600 wrote to memory of 2052 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 2600 wrote to memory of 2052 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 2600 wrote to memory of 2052 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe PID 2600 wrote to memory of 2052 2600 7de35814a8b0c8ea0a9d283ff81a5bdd.exe 7de35814a8b0c8ea0a9d283ff81a5bdd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7de35814a8b0c8ea0a9d283ff81a5bdd.exe"C:\Users\Admin\AppData\Local\Temp\7de35814a8b0c8ea0a9d283ff81a5bdd.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\temp\054BA33D9863FE113A8F2649D922D961\7de35814a8b0c8ea0a9d283ff81a5bdd.exe"C:\Windows\temp\054BA33D9863FE113A8F2649D922D961\7de35814a8b0c8ea0a9d283ff81a5bdd.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\7de35814a8b0c8ea0a9d283ff81a5bdd.exe"2⤵
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Checks for VirtualBox DLLs, possible anti-VM trick
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
-
C:\Windows\temp\054BA33D9863FE113A8F2649D922D961\7de35814a8b0c8ea0a9d283ff81a5bdd.exe"C:\Windows\temp\054BA33D9863FE113A8F2649D922D961\7de35814a8b0c8ea0a9d283ff81a5bdd.exe" -cleanup="C:\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961;2600"3⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Cab1586.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\D352DFD1-3689-11EF-A3F8-62949D229D16\downloader_tr-TR.iniFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Local\Temp\D352DFD2-3689-11EF-A3F8-62949D229D16\custom_setup_icon.icoFilesize
363KB
MD5fcaf8389c920b5b1622fa52ac3bf4f9a
SHA1c64d607e218c7810a6ecd7e0b95a08a9be683da6
SHA2566a1c802292afeff7ad475b97a9e034d284888d186e2063228d24f8a66dc44e47
SHA5128ecd17fdbb43c37bff72f14f0224537e53b2ea9d44c44fb6f949581f54edcd76ded42380e13364cb8f6f6e5abc394d03435caa43cdf37933725a8b9a5697c858
-
C:\Users\Admin\AppData\Local\Temp\D352DFD2-3689-11EF-A3F8-62949D229D16\yandex-logo.pngFilesize
10KB
MD5466f4bbe54d76b634f1c801988323859
SHA1e02ddfb73c81e4e4fdb0eec5b8b8606d3b566a27
SHA2563b04135e2025179683213499aa09a73207c21dc4cd38152062ebb94873c47554
SHA512645e5b1a517965073961ef9fab6c92628a689c80b45ca9025f1ab7301cfdbbcd8fe6e60c40aa68944253eed565b5f7fe1d3e1fb609fc818ab0da3b67babb5e2c
-
C:\Users\Admin\AppData\Local\Temp\Tar15E8.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.setup.ui.core.dllFilesize
89KB
MD52c8f5ec07cb84d844e3fdee32b2a8e00
SHA12e27daffed27a7e6ee3adc50eef1710da318ca32
SHA2568d5bd8184fbc3f79ea9edc2c25e1a5a935514518c3fba89bde308c06722375f9
SHA512ef37109b456a68d55dee8a45340e25cb9901909b30f9f882f62060951bec20d838561dbe5ebe0480aa2feb668c6ffbb2137ed2f69cd3d6337c6f38cf395f6eca
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.setup.ui.dllFilesize
278KB
MD51bebc399a1b31eabc3361169df0316d1
SHA156091143fafa680dc65dd5f2b5d6fafa94590041
SHA256894914e74da8c8faf8bb9b34e0f9b586db3cb248c3f6edb715a7cb8c930dd66b
SHA512d0d1fb7e23391a352f6bb3d5756dbbcd5a3558e0c477b265453931940a223dfa31cafe20232a9d08fbb127158bce325dd8b769e7bb62907be89019cd3f02f1ac
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.setup.ui.interoplayer.dllFilesize
56KB
MD5baf69d3c6977161e0c2b631b3f9958d4
SHA1a1b2982c11811c4e5f6bce95f3072a855d11c369
SHA256e6392d0cf3a5984034ca0b346476d7482243550ddd0c65a8c0ff2f03a15867bc
SHA5122fb765d07638d239b666d4043f9ae75e91dc271ddf399dfe5bfd1c894bcabb95e6e965b478f5208687d9ebaa18cdafd6fc3400cd47694fd9db4ac30f3f1d5839
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.setup.ui.visuals.dllFilesize
420KB
MD56181240bc579d2dfb176a1ca260f5a90
SHA1eb13b6cd4a242c8399396795d1863954b8d79507
SHA256b07c4d99d4cbb62b31a425e60c993b809c7043518a9ef0b7b561abd180a1b768
SHA512f5bb4bdd05836c494a560dc9aa16d62d29b90df7c5854d4a97b8e274890dd1476de955637237867a666c1f08785f5dc06d571e023b124530ee87cf6fdb98689f
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.ui.framework.dllFilesize
264KB
MD52ad2ab4f8517da8e2efdfed22ad49f1e
SHA155916e3e5c4c40cf2e5644fbad07baf31459673e
SHA2566efe8efc6701c80d59ad33bd139aeca1b47a27f49d3ccc16ed01a49da9bfc2e7
SHA51212800c7d475af627c98cecb6e6c2de8247094166126978e24bd8be3f7193828781e853ee10b3133c989d625f0e2860ce4551369d864748b70db4ec220c515bbd
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.ui.framework.localization.dllFilesize
283KB
MD5079ac68d4beb2ab9602d754b09ff652b
SHA190032834cc5cffd0b00119e4e38b5f4c5f877e4c
SHA2569377c35b19c30ee75c010b1e592796daf1d3493b397ef9d61a1c63a5ab30a88e
SHA51253782adc516950888ec69b21e744fe4d7f8567223e7c067e362800c78e3621dc148d5aa19f6011962bece1ada3691ef1ef40838a8072480c54aeedb2f4e0c9b9
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.ui.framework.uikit.b2c.dllFilesize
631KB
MD5445e34aa976419cae54e13ede8d41ce5
SHA198ca3ee808f97ae16970b0fcefd3387bd07278eb
SHA256a255bb5dfaa685d7443dbc8bb7fca71417c8f0b1f617ade7077ee437a23a9b24
SHA51286b4084cf781d4efbb814fce3ed6ca48addbf4c15c5ed3630673350cf65056a80e2a9bc00581a45ae370a64f0bc720d506622eccd9d7ef170814faab1cce14c4
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\kl.ui.framework.uikit.dllFilesize
2.7MB
MD518defb1e3b7460f592a8ca61e4b40ff0
SHA18f8f7d7d1ee8a048d162603cc21a0f4c40b9036b
SHA25602a884babc5584fec80b227eb1c52dc800c516f1117ff9637617ad84c632da9d
SHA5127cbdc0c113a0c7ff9628674a8a23f4224290455d4a9a41a66889d01baf1f28b0175197c3078a791ecf6b2052c3fdfc35cf38cfae5bf5917bde80f82499d40b12
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\setup.dllFilesize
5.5MB
MD5b3b624df9130eadce041fca486e54d68
SHA17d0b03627d481ee13b894c30cefe227c811d4245
SHA25604a56c1a8a265568f578c981671f7b10be1abc7c59a79169f96823a5e909a14a
SHA512555e2e112c5491822f5550bcf7f076fdc9951aa185cb3445649f1a5dc0eadee11fe5d72321b72e2724116c24ce6cdb9caacffd6a5c1f0aacc4864f66eb9abe22
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\sharpvectorconverterswpf.dllFilesize
137KB
MD5a56a73b39703d5ff85b5cf12f9b00009
SHA1e6448c87f969e19ae4c6514d69d8286d26a2b5db
SHA256bb5966185017d904d2d7fd952bcc6d5c19fdf6bbbe34ab29c63a3784cd1074c7
SHA5127fa07a1fcc0735186ee71b3c123b1c4076f04dba5ad319588ea695ef117ab7c39918593e4ee42f18cbd3fe01d043e896981ca6f07293fc2fb0a9bce5d66992b5
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\sharpvectorcore.dllFilesize
201KB
MD524e3b7177eeabdf085a01796b49c8e55
SHA16916a0bb98892252f59692fd0405e6da62af0f8b
SHA256eab963926cf2d62b575c6f33804372fea04db328b2b3f0adfb45fee3f27e5386
SHA5125e377e609673f3d84e22d070012578b8a18fce848a3815d9da05e10043d3e9fde8070094d1841acb44a4f876d8741e371a5fbcc86cce80cdf826131370a41e64
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\sharpvectorcss.dllFilesize
109KB
MD5726d04bbe783a3510b18a491adac05c0
SHA111a01c68204dd80b32c01dcdb2e51f5b0ee34d98
SHA256639e091c9e87986eaf9fe00f0f401834e14878ebc48084697fd4307713a065ca
SHA51290592ddef83b6640cf8f28f0818098f95acc4139c7b3f5e8afa63bb873530be1613d42ee02dae12160737ee612187fc0139e19ee4a7f1abb3fec1fcaee1ae297
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\sharpvectordom.dllFilesize
55KB
MD5e4f6efef27708458ecda4ee22edf3cef
SHA107ccb5fa980dead816737ad83802cbfed18e4a4f
SHA256413e485d8dd07231d70107d86ee1a17ce705517aed8346b4701747d1fdbfdfc3
SHA5124920e508304df14041df1189938a1102e4a71e2e57ac4b9b804b6b0405c89c8292012a5ff4dae21268204ed6d9b56a279f4ce18d709074d1cba71cc9d5e11a1d
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\sharpvectormodel.dllFilesize
998KB
MD5225a73e5a0cf87453832b578db6daddb
SHA1a36717a1b2c7eb2ba160fec5fa80e48b9e57c4ac
SHA2560499708762c56b9339c980e731ffab294e9b18362af3dcb4ad4481f1c7bd60c1
SHA512565ee2105bd626650857e0e6f9c8f7d87a68c3ec41923de119a3b710038a4785e16ccf79feb4c1c4f8a308f682163089228ac4ac81295cea754ae1189311c965
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\sharpvectorrenderingwpf.dllFilesize
203KB
MD5faec58e7785c287a7c688f274207048d
SHA166c038c720035b7212a7d3733da4520e3b95d63b
SHA2564c76dd0441a8021a308be24cf0c1957bee280451abcc1467acf47f1a6f7f5dce
SHA5129269a91a5bab01f076d8e9fde2991463fb224dc6382f8cde3a118e83cb35bdf580b4ea7686f2ea767a2a9c04650222edfc3a8b2569978b734c51b7135915448e
-
\Users\Admin\AppData\Local\Temp\0DFD253D9863FE113A8F2649D922D961\sharpvectorruntimewpf.dllFilesize
69KB
MD50e203d24d04e89779638dd70d5335b39
SHA198ffc3718c6e34bd6d696bbcce605db666f99b01
SHA256f15b5199850b8ed98d2202972ada759823a17893a68d60ca3a0f76ee31aeb204
SHA512a07f54cce2add948340807b8ecf430e72c07032332046e5dd05d9da90f7d732921c0ff628592ff0710914ec9d9b7188b46377e1594a9f9809a107a022de1cfee
-
\Windows\Temp\054BA33D9863FE113A8F2649D922D961\7de35814a8b0c8ea0a9d283ff81a5bdd.exeFilesize
4.3MB
MD57de35814a8b0c8ea0a9d283ff81a5bdd
SHA13d8ab2de7b5322eeeb0972600f6e6d671657b1e4
SHA256e5c93fa48764412d1deef86aa43205791607d975ccc5e27f18e513b6bf716634
SHA512efc0d1cbba1377918def270866b9109acafb144926d81fe0dce6f82feb9fddf5765055269d61ae6f22780159ad18350902ffcef6110cf08dfc55396d6c872903
-
memory/1976-0-0x00000000771A0000-0x00000000771B0000-memory.dmpFilesize
64KB
-
memory/1976-2-0x00000000771A0000-0x00000000771B0000-memory.dmpFilesize
64KB
-
memory/1976-1-0x00000000771A0000-0x00000000771B0000-memory.dmpFilesize
64KB
-
memory/2052-422-0x0000000077180000-0x0000000077190000-memory.dmpFilesize
64KB
-
memory/2052-420-0x0000000077180000-0x0000000077190000-memory.dmpFilesize
64KB
-
memory/2052-421-0x0000000077180000-0x0000000077190000-memory.dmpFilesize
64KB
-
memory/2600-108-0x0000000007D90000-0x0000000007E2E000-memory.dmpFilesize
632KB
-
memory/2600-126-0x00000000039B0000-0x00000000039BA000-memory.dmpFilesize
40KB
-
memory/2600-131-0x0000000006110000-0x0000000006144000-memory.dmpFilesize
208KB
-
memory/2600-135-0x0000000003B60000-0x0000000003B82000-memory.dmpFilesize
136KB
-
memory/2600-127-0x00000000039B0000-0x00000000039BA000-memory.dmpFilesize
40KB
-
memory/2600-113-0x0000000007D90000-0x0000000007E2E000-memory.dmpFilesize
632KB
-
memory/2600-139-0x0000000006D00000-0x0000000006D32000-memory.dmpFilesize
200KB
-
memory/2600-97-0x0000000006EE0000-0x0000000006F4A000-memory.dmpFilesize
424KB
-
memory/2600-143-0x0000000008C40000-0x0000000008D3A000-memory.dmpFilesize
1000KB
-
memory/2600-102-0x0000000006EE0000-0x0000000006F4A000-memory.dmpFilesize
424KB
-
memory/2600-147-0x0000000005FF0000-0x000000000600C000-memory.dmpFilesize
112KB
-
memory/2600-151-0x0000000003D80000-0x0000000003D8E000-memory.dmpFilesize
56KB
-
memory/2600-93-0x0000000008320000-0x00000000085E0000-memory.dmpFilesize
2.8MB
-
memory/2600-155-0x0000000006760000-0x0000000006772000-memory.dmpFilesize
72KB
-
memory/2600-89-0x00000000066D0000-0x0000000006718000-memory.dmpFilesize
288KB
-
memory/2600-85-0x0000000003230000-0x0000000003246000-memory.dmpFilesize
88KB
-
memory/2600-81-0x0000000003AD0000-0x0000000003B12000-memory.dmpFilesize
264KB
-
memory/2600-51-0x0000000003800000-0x0000000003846000-memory.dmpFilesize
280KB
-
memory/2600-254-0x00000000039B0000-0x00000000039BA000-memory.dmpFilesize
40KB
-
memory/2600-45-0x0000000000ED0000-0x0000000000EDE000-memory.dmpFilesize
56KB
-
memory/2600-41-0x0000000000070000-0x00000000004B6000-memory.dmpFilesize
4.3MB
-
memory/2600-8-0x0000000077180000-0x0000000077190000-memory.dmpFilesize
64KB
-
memory/2600-9-0x0000000077180000-0x0000000077190000-memory.dmpFilesize
64KB
-
memory/2600-10-0x0000000077180000-0x0000000077190000-memory.dmpFilesize
64KB
-
memory/2600-423-0x0000000000070000-0x00000000004B6000-memory.dmpFilesize
4.3MB