3873c69cccf2a31a8e178f98a0ba2ed4bdcf78985e5889d8b2dba42ffc255930

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7v20210410
submitted
14-04-2021 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dp.5.5.57.setup.exe
Size

8.6MB
MD5

e44256e244663658506a5509d9dc04b7
SHA1

76f370862a5bfc2b5d7664779c3959cf79db38a6
SHA256

3873c69cccf2a31a8e178f98a0ba2ed4bdcf78985e5889d8b2dba42ffc255930
SHA512

668fea4bd87d828d27694eddfc7a0c6ea6b5851172f964a521914be55c92409a94ae55c8b01f8f31b1233014330c002de2a481d7a5684c7cf3375e208f9eafc6

Score

9^/10

aspackv2 bootkit discovery persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 10 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\ProgramData\nCore\asc4.dll	acprotect
C:\ProgramData\nCore\StopAPI4.dll	acprotect
C:\ProgramData\nCore\unmscab.api	acprotect
C:\ProgramData\nCore\unzip.api	acprotect
C:\ProgramData\nCore\unrar.api	acprotect
C:\ProgramData\nCore\ungau.api	acprotect
C:\ProgramData\nCore\unarj.api	acprotect
C:\ProgramData\nCore\thebat.api	acprotect
C:\ProgramData\nCore\oe4.api	acprotect
C:\ProgramData\nCore\oe.api	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\ProgramData\nCore\kernel40.dll	aspack_v212_v242

Drops file in Drivers directory 1 IoCs

Processes:

dp.5.5.57.setup.tmp

description ioc process

File created C:\Windows\system32\drivers\is-DA64E.tmp dp.5.5.57.setup.tmp
Executes dropped EXE 4 IoCs

Processes:

dp.5.5.57.setup.tmpdpatrolu.exedpatrolu.exedpatrolu.exe

pid process

876 dp.5.5.57.setup.tmp
744 dpatrolu.exe
748 dpatrolu.exe
1028 dpatrolu.exe

description	ioc	process
File created	C:\Windows\system32\drivers\is-DA64E.tmp	dp.5.5.57.setup.tmp

pid	process
876	dp.5.5.57.setup.tmp
744	dpatrolu.exe
748	dpatrolu.exe
1028	dpatrolu.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe	upx
C:\ProgramData\nCore\asc4.dll	upx
C:\ProgramData\nCore\StopAPI4.dll	upx
C:\ProgramData\nCore\unmscab.api	upx
C:\ProgramData\nCore\unzip.api	upx
C:\ProgramData\nCore\unrar.api	upx
C:\ProgramData\nCore\ungau.api	upx
C:\ProgramData\nCore\unarj.api	upx
C:\ProgramData\nCore\thebat.api	upx
C:\ProgramData\nCore\oe4.api	upx
C:\ProgramData\nCore\oe.api	upx

Loads dropped DLL 12 IoCs

Processes:

dp.5.5.57.setup.exedp.5.5.57.setup.tmp

pid	process
1640	dp.5.5.57.setup.exe
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

dpatrolu.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Digital Patrol Update 5 = "C:\\Program Files (x86)\\NictaTech Software\\Digital Patrol 5\\dpatrolu.exe /autoupdate"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	dpatrolu.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

dpatrolu.exedpatrolu.exedpatrolu.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	dpatrolu.exe
File opened for modification	\??\PhysicalDrive0	dpatrolu.exe
File opened for modification	\??\PhysicalDrive0	dpatrolu.exe

Drops file in Program Files directory 34 IoCs

Processes:

dp.5.5.57.setup.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolaa.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-GN3MU.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-0QB9B.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-23R48.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-TC633.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-T8CRC.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-1FCD4.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-8K6V2.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\order.url	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\PL.dll	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-3JJTC.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.msg	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\activation.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\mengine.dll	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ssleay32.dll	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-T173C.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-G43N6.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-3H0AQ.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-9EV6M.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfapi.dll	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\libeay32.dll	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ProtocolFilters.dll	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrol.chm	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-7M5JM.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-91J5K.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-NPN7A.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-T2UA7.tmp	dp.5.5.57.setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 45 IoCs

Processes:

dpatrolu.exedpatrolu.exedpatrolu.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\InprocServer32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\LocalServer32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\0\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\FLAGS	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\FLAGS\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\Version\ = "1.0"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\ProgID	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\TypeLib	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\ProgID\ = "PLA.TraceSession.1"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\0\win32\ = "C:\\PROGRA~2\\MICROS~1\\Office14\\GROOVE.EXE\\35"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\Version\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\VersionIndependentProgID\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\VersionIndependentProgID\ = "PLA.TraceSession"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\ = "Wajagok Olewoj Oqadil object"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\0\win32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\FLAGS\ = "0"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\Version	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\ProgID\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\0	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\HELPDIR	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\HELPDIR\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\TypeLib\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\LocalServer32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\LocalServer32\ = "%SystemRoot%\\SysWow64\\plasrv.exe"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\0\win32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\TypeLib\ = "{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\VersionIndependentProgID	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\InprocServer32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E87D0F3-9186-4E0F-219C-C0ABF618C2DB}\InprocServer32\ = "%SystemRoot%\\SysWow64\\pla.dll"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62FEDF5C-40D9-4FAE-E29C-CDCE940EBE0F}\1.0\ = "Groove Components 1.0 Type Library"	dpatrolu.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

dp.5.5.57.setup.tmpdpatrolu.exedpatrolu.exedpatrolu.exe

pid process

876 dp.5.5.57.setup.tmp
876 dp.5.5.57.setup.tmp
744 dpatrolu.exe
744 dpatrolu.exe
748 dpatrolu.exe
748 dpatrolu.exe
1028 dpatrolu.exe
1028 dpatrolu.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

dp.5.5.57.setup.tmpdpatrolu.exe

pid process

876 dp.5.5.57.setup.tmp
1028 dpatrolu.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

dpatrolu.exe

pid process

1028 dpatrolu.exe

pid	process
876	dp.5.5.57.setup.tmp
876	dp.5.5.57.setup.tmp
744	dpatrolu.exe
744	dpatrolu.exe
748	dpatrolu.exe
748	dpatrolu.exe
1028	dpatrolu.exe
1028	dpatrolu.exe

pid	process
876	dp.5.5.57.setup.tmp
1028	dpatrolu.exe

pid	process
1028	dpatrolu.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

dp.5.5.57.setup.exedp.5.5.57.setup.tmp

description	pid	process	target process
PID 1640 wrote to memory of 876	1640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 1640 wrote to memory of 876	1640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 1640 wrote to memory of 876	1640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 1640 wrote to memory of 876	1640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 1640 wrote to memory of 876	1640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 1640 wrote to memory of 876	1640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 1640 wrote to memory of 876	1640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 876 wrote to memory of 744	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 744	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 744	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 744	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 748	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 748	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 748	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 748	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 1028	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 1028	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 1028	876	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 876 wrote to memory of 1028	876	dp.5.5.57.setup.tmp	dpatrolu.exe

C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.exe
"C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1640

C:\Users\Admin\AppData\Local\Temp\is-MD49J.tmp\dp.5.5.57.setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MD49J.tmp\dp.5.5.57.setup.tmp" /SL5="$40156,8757533,62976,C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.exe"
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:876

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_MSC
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:744

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_HIDE
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:748

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /AUTOSTART /AUTOEXIT
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1028

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\ProgramData\nCore\StopAPI4.dll
MD5
1d25e3e638bc4a256e18f7e8a201ae62

SHA1
2e2f00381593be010e3e9c0d3c542681079205c5

SHA256
b1ce8126934ecf65b54b00f196a483efaf557cedd19c6b924560446023e0cbf2

SHA512
b652533b6a5e6e2c4187fd60c069d2ee3ed4bbb89bfa8050cc671d9fc83698403225114f15bf4175c1dd53b46a9f66389d5f975d56d08b4de9cbf9728d6b2fed

Download Submit
C:\ProgramData\nCore\asc4.dll
MD5
1efca8fd4ff144ee2df2dfd531e3e91b

SHA1
2796e69436b2765bdb0b90cf5016616cb003c16b

SHA256
81d590be4c0253cad92a9febc8390e81899c5f5e3435aeb75e6916730a37adeb

SHA512
330778a26007635f7e685e3400df2792ac039dd8c7dd96a090aede7cee5ab305bced98ab6798acb536ae703ed2f3157f280148bc269c6a013fd2649d4a95cf34

Download Submit
C:\ProgramData\nCore\daily.avb
MD5
0838264b481901310c05464e997c8e82

SHA1
2c02042e84fb0b6355e656e50fb93993f0a54484

SHA256
43615f17781bf69d6888cc9ce50b819a5a5e635581f96e3d8216331e89ba9674

SHA512
53d58e80ab2c613fd81e1fdb322c7d20b6b980c1af2ed7f7163d40d810a28a585b1b028e15a02651435e76d8bffbe3698cdc249c041eaad0e2b22bbb9870afa8

Download Submit
C:\ProgramData\nCore\kernel40.dll
MD5
cae1d89b8f678ff87d0b7fb91657dbb6

SHA1
45ec96abbd58eb5606b3a3f8f287c86b6abd3bb0

SHA256
cf2f0ec6100f5cbadf516a34d632a0fd9a0f063bdb7694ba2c9c405c0b9c0e92

SHA512
b495b49a4ed1387c09bf70467321ef01c36184230e2f71f8c6f6d5a032228796924df00e4077a008423c78c7c3ab77ace3aec2b43cb0f22b5980e923a3754260

Download Submit
C:\ProgramData\nCore\oe.api
MD5
0e3b3413b242f8fcf99bca2c6c2a2c43

SHA1
b6335ea524d542920ad2a01c784f331c6d80c2c3

SHA256
b18e178b465c8d9e37e8e1061450202ba5d52959d5202a32a6802e35bd049516

SHA512
43d3fb6a037b45d458bb160bcdec8ddee40258830a1dbabbd69a6bd303b611657eeed3e1dda61e93270c4d540bc660da12b55fb2dda4d1ee1adf3750aae6017f

Download Submit
C:\ProgramData\nCore\oe4.api
MD5
e9effa1a7209816abdaf795cf70a72c3

SHA1
e5a5beebf9eb454fb0cd4586608f2adabf59893e

SHA256
703593eb00fa56ea8cc203adae752d72e9e66332e0ec53261eb00785ae1888fe

SHA512
bdac0ddd8157d32f162c473fb0bc45932e142f33de82c7a9a589126c4429d56c49bdf113895820cf343376b0cfb83ec432aad4d42512d0b5474ed1188734ffde

Download Submit
C:\ProgramData\nCore\stop.set
MD5
abd313d8cc23670b5caebe63bd8840f9

SHA1
21e4edcef0dbe93d5cd00c760bcf4c42072175c9

SHA256
3b1c0da820c9cfd3051a2b4f329fcda98c771147d544765174164dbe7e368f36

SHA512
34b118fc55a7463818f2a20476ed29e156dd2bee27594ba63cbfdc0b2f9c6d55b5714c937d120c036e179fd29dca69259c48df811a180baa16f6360c9c4da095

Download Submit
C:\ProgramData\nCore\thebat.api
MD5
15194c4c88b3cefbde50170043bb8b37

SHA1
1eb005399c0fea7dbfe3e8338a0c380950731be0

SHA256
2ccf5d89e668c66c37e206fa087b9f9aace38f9f13128f69362546af6aa49e95

SHA512
5b1ab617a82282b5d10fefab5e1f1a9a28f73538c3c28b5ff477ad9eca2005ea8831ce07171d7378464f945ed87d5d22856ff96fe446072afec5457214ab25de

Download Submit
C:\ProgramData\nCore\unarj.api
MD5
1baf9a140af47e4bffb608b6f145c725

SHA1
5c0479ac9610e4df6f50ca8c2d81d6d9389f540a

SHA256
1345eda988df4f3b69eea163bddfb9d0ddf04f76a87874ea32f4ac857a79b987

SHA512
0e7a0f907d5effa89e59391e6d1b3dbf9de039565568cff2a6c122554ca3c6c2882ef3a8d9e15138505038ebc33de4296048cf28f064785c15b6ad9036925b13

Download Submit
C:\ProgramData\nCore\ungau.api
MD5
aaded7506631631e16d26a80b12f0941

SHA1
7fe462225b74e3ef7d562b44eacc0a166dfeb3c0

SHA256
baf0f59a45b7533a34164fd6cc8a2b056592f46c00d41663c1cde18019ee8411

SHA512
44ca8dce0a1df70810d228be3822c53ba4c2a928113ab4bcbb0c5ea63aef81e278ce5caf362e728fea1d648489a6e3a0f10c55b001bf5b47fc8405b695de2827

Download Submit
C:\ProgramData\nCore\unmscab.api
MD5
205fabf0e1c2d986fdf3effeebb98028

SHA1
bafe59c4f55c63ed4f4aadce95b0f92363287584

SHA256
15507c2684e212aaa976fff09d5fb005a84ba22e10b8a962722c6e47260f8322

SHA512
cd51f1f2d03cd76c4d427413033cfcf9f3222aa035483a25e33352160c75eb6a39fe1961a797dece84f98f8e18957ea29f29ec67892772204dccdd8e0406eb6a

Download Submit
C:\ProgramData\nCore\unrar.api
MD5
d0faead4b21518d7461ed015cf82811b

SHA1
d51e9e5e6a8d4ef54d877b7a901779c4b78ef62d

SHA256
c127fca1c329501a38bbbc34d510ebb4558abfae61f50a0dc4e45da9ec88db51

SHA512
8500347de437ee9da33c7b9b3e998dff91ee78429b8705149f45157767f0251b42c8d5e20b5633e69f004aefccde8e76e47a4d6493c4abce10d8c0d6884032f5

Download Submit
C:\ProgramData\nCore\unzip.api
MD5
4b31d7221fa69fe70f473b6658f2b9fd

SHA1
9efb7a0987a4555c206860a2b3a3103d66e579be

SHA256
ec20b021ea0c5a2eca1d7abb5360905e18520856f9ca216f1c19bf472e0f93c9

SHA512
0e46172ccfa9348b08de9cf172a68432cd3fe4a43d7563aafa83a2879660890e6deda2f1772ac9acc7d7cfd6a6a4f2341bd911c5ff01b585ebb6d10af9cabdb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MD49J.tmp\dp.5.5.57.setup.tmp
MD5
2b3bd2ec9b2b76d19be643b247c40871

SHA1
2553635eb1d4221a05af434a537b01a799a427f6

SHA256
60ead5fd6da9a9eda0624483c48f4f612b1951b5598b38b7f7ae6cc2cc332d29

SHA512
65c398409fed4eba877268493bd5ba34adcc35e2bdf0a8227ee8e59db3939bdc9fac364160cb92300f465896825a66c73971f1f2479bb69b2aacd9018d571cea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MD49J.tmp\dp.5.5.57.setup.tmp
MD5
2b3bd2ec9b2b76d19be643b247c40871

SHA1
2553635eb1d4221a05af434a537b01a799a427f6

SHA256
60ead5fd6da9a9eda0624483c48f4f612b1951b5598b38b7f7ae6cc2cc332d29

SHA512
65c398409fed4eba877268493bd5ba34adcc35e2bdf0a8227ee8e59db3939bdc9fac364160cb92300f465896825a66c73971f1f2479bb69b2aacd9018d571cea

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
5d9495af39b46a4d4cc300aec1ff131f

SHA1
89479ef5b09641304e5cc4bf9b02eeeae88393a8

SHA256
1a99899327a0a0c71891d865d09fe6fa32b39ca37aadb82b8fc5e798f2b50e4e

SHA512
878b64d7b563c0780f5041b2bc0a4060d14117dc59a1ee1c9c12e70e15099993db6f441d18c22f7424e2e6f65ffbfd57c55ffedb04d5fa136fe6546852885137

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
bccb61f4f46392417c7af9b8e206011c

SHA1
8b0642224ac85aad8b7b0303476fb9b4da9b26de

SHA256
892045e07936bc949fe985fcfd58d6437e9f84bce2f6b7548a6cc6187f007d9f

SHA512
08cf71a4a045a867ca2dece7c101bfe3e28a6955569b4dfc7e15ce7ec92a65400bd12c9a718a567a7a524ddd7a45695148f3afad0267f4c06f0cf6c85aea02e8

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe
MD5
36e4befdb5f3e155a051fd7d646b7e2c

SHA1
a6eb768815786212a137058c5fbf3b6bbb190fe5

SHA256
ea8f22ef6124eff67b03707bc407f2192bf87075c2d84d64bac2e4b99a40d895

SHA512
d4cbd3df8ab9d2d27ab9bb48d04cab904b5016f94487937880b390421de93a218f8a760f71019acba5b7c4ea5112bcbd854e02cd4cd95a6eacecdeca4c9de617

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\activation.exe
MD5
3892ffdf031d419e3eb8506e245dc15a

SHA1
667071b4dbb2a0a9e2c6e457c0be8f6a09f10a6d

SHA256
7b7c03dcd1b01fc27c7ada5b908a419eb261db56513142d07186ee704336fd07

SHA512
07efe1abd0b26493ca05a1197d966e8ab082e5ceee70ebdbcade5cddc6e8656773b93c925c1564ac5a5accb51b61f0bb19d4723cfd7f0066e42f7a733f6bf8a3

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolaa.exe
MD5
ad563c88a749a0085a33ade7f5dc2408

SHA1
ed81960320b7946686bc1847a4c3e4a9cd614617

SHA256
6d36651fe3b62eb344c7b00fee57413736773ca3fa882b68b7d8d69c9baf9f29

SHA512
2a781fc75075550c3b317659bd733ba067c9760d59e5aa5b16f3e849c0e5c00790774b7227389bd421d3e0273bfbf56998f541c7b91984f499df35110628e2de

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe
MD5
35801dfa01a3071ed7ac231b734048d7

SHA1
0f040b9974f3e269eafc9967f6c846c97edcf310

SHA256
153bee2219be78584cc59aa6c80b0a7825ccf4636fb87af9eaada0b6133dbe43

SHA512
50f18c93ff6f830a9b75a0e4c7f0a52b747c8903c8026efc7681cbce712abf305f32812d19b3edc71368ef6e537998ac9d38f32083d8ecc723882fe984827b2a

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe
MD5
35801dfa01a3071ed7ac231b734048d7

SHA1
0f040b9974f3e269eafc9967f6c846c97edcf310

SHA256
153bee2219be78584cc59aa6c80b0a7825ccf4636fb87af9eaada0b6133dbe43

SHA512
50f18c93ff6f830a9b75a0e4c7f0a52b747c8903c8026efc7681cbce712abf305f32812d19b3edc71368ef6e537998ac9d38f32083d8ecc723882fe984827b2a

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.exe
MD5
2b3bd2ec9b2b76d19be643b247c40871

SHA1
2553635eb1d4221a05af434a537b01a799a427f6

SHA256
60ead5fd6da9a9eda0624483c48f4f612b1951b5598b38b7f7ae6cc2cc332d29

SHA512
65c398409fed4eba877268493bd5ba34adcc35e2bdf0a8227ee8e59db3939bdc9fac364160cb92300f465896825a66c73971f1f2479bb69b2aacd9018d571cea

Download Submit
\Users\Admin\AppData\Local\Temp\is-MD49J.tmp\dp.5.5.57.setup.tmp
MD5
2b3bd2ec9b2b76d19be643b247c40871

SHA1
2553635eb1d4221a05af434a537b01a799a427f6

SHA256
60ead5fd6da9a9eda0624483c48f4f612b1951b5598b38b7f7ae6cc2cc332d29

SHA512
65c398409fed4eba877268493bd5ba34adcc35e2bdf0a8227ee8e59db3939bdc9fac364160cb92300f465896825a66c73971f1f2479bb69b2aacd9018d571cea

Download Submit
memory/744-122-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/744-126-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-96-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-92-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-116-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-118-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-119-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-117-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-120-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-121-0x0000000001E30000-0x0000000001E33000-memory.dmp

Filesize
12KB

Download
memory/744-78-0x0000000000000000-mapping.dmp

Download
memory/744-124-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-123-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/744-127-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-128-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-129-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-130-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-132-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-133-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-135-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-134-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-131-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-125-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-136-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-138-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-97-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-139-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/744-140-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/744-137-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-141-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-142-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/744-95-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-82-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-94-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-93-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-91-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-81-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-90-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-88-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/744-89-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-87-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/744-85-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/744-86-0x0000000001E20000-0x0000000001E21000-memory.dmp

Filesize
4KB

Download
memory/744-84-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/744-83-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/748-144-0x0000000000000000-mapping.dmp

Download
memory/876-67-0x0000000074521000-0x0000000074523000-memory.dmp

Filesize
8KB

Download
memory/876-66-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/876-62-0x0000000000000000-mapping.dmp

Download
memory/1028-149-0x0000000000000000-mapping.dmp

Download
memory/1640-59-0x0000000075631000-0x0000000075633000-memory.dmp

Filesize
8KB

Download
memory/1640-60-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download