702013db8f80bdd47af9cf2dcb212bd65e924f705aca9c7196188f4d5173aebe

Analysis

max time kernel
148s
max time network
146s
platform
windows7_x64
resource
win7v20210410
submitted
14-04-2021 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dp.5.5.57.setup.full.exe
Size

155.9MB
MD5

71ffb06c52a9a6cb526695a658f2efcc
SHA1

151beead12e5e8fc779430cacd95b7f079ab1731
SHA256

702013db8f80bdd47af9cf2dcb212bd65e924f705aca9c7196188f4d5173aebe
SHA512

e5416083bda0665e9579f6beeba88004ea84c2269deadbf8c7cb3eb7b6b4143d07a5633cfcd6d265c4ecfd257b7aa89b114c2ee4e9a66af35dd5d4695b02273d

Score

9^/10

aspackv2 bootkit discovery persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\ProgramData\nCore\oe4.api	acprotect
C:\ProgramData\nCore\oe.api	acprotect
C:\ProgramData\nCore\asc4.dll	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\ProgramData\nCore\kernel40.dll	aspack_v212_v242

Drops file in Drivers directory 1 IoCs

Processes:

dp.5.5.57.setup.full.tmp

description ioc process

File created C:\Windows\system32\drivers\is-TPEAB.tmp dp.5.5.57.setup.full.tmp
Executes dropped EXE 7 IoCs

Processes:

dp.5.5.57.setup.full.tmpdpatrolu.exedpatrolu.exedpatrolu.exedpatrolu.exenfregdrv.exeDPatrolNF.exe

pid process

1188 dp.5.5.57.setup.full.tmp
1624 dpatrolu.exe
1372 dpatrolu.exe
1504 dpatrolu.exe
836 dpatrolu.exe
2020 nfregdrv.exe
1576 DPatrolNF.exe

description	ioc	process
File created	C:\Windows\system32\drivers\is-TPEAB.tmp	dp.5.5.57.setup.full.tmp

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe	upx
C:\ProgramData\nCore\oe4.api	upx
C:\ProgramData\nCore\oe.api	upx
C:\ProgramData\nCore\asc4.dll	upx

Loads dropped DLL 23 IoCs

Processes:

dp.5.5.57.setup.full.exedp.5.5.57.setup.full.tmpnfregdrv.exedpatrolu.exeDPatrolNF.exe

pid	process
1320	dp.5.5.57.setup.full.exe
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
2020	nfregdrv.exe
836	dpatrolu.exe
836	dpatrolu.exe
836	dpatrolu.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

dpatrolu.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Digital Patrol Update 5 = "C:\\Program Files (x86)\\NictaTech Software\\Digital Patrol 5\\dpatrolu.exe /autoupdate"	dpatrolu.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

DPatrolNF.exedpatrolu.exedpatrolu.exedpatrolu.exedpatrolu.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	DPatrolNF.exe
File opened for modification	\??\PhysicalDrive0	dpatrolu.exe
File opened for modification	\??\PhysicalDrive0	dpatrolu.exe
File opened for modification	\??\PhysicalDrive0	dpatrolu.exe
File opened for modification	\??\PhysicalDrive0	dpatrolu.exe

Drops file in Program Files directory 34 IoCs

Processes:

dp.5.5.57.setup.full.tmp

description	ioc	process
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-F12EF.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\PL.dll	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ProtocolFilters.dll	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-7RTTD.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-19OMD.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\activation.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ssleay32.dll	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-NR6UV.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-LQ48V.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-P5TRV.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-ASD9B.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-EG1R3.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\libeay32.dll	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\mengine.dll	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfapi.dll	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrol.chm	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-7QJ8T.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\order.url	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.msg	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-FPNV7.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-NNNJV.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-PB0E0.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-EGHDB.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolaa.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-T07NG.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-PPE36.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-RB6UT.tmp	dp.5.5.57.setup.full.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 47 IoCs

Processes:

dpatrolu.exedpatrolu.exeDPatrolNF.exedpatrolu.exedpatrolu.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\ProgID\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\FLAGS\ = "4"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\HELPDIR	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	DPatrolNF.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\0	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\FLAGS\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\Programmable	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\TypeLib\ = "{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\InprocServer32	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\ProgID	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\0\win32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\0\win32\ = "C:\\PROGRA~2\\MICROS~1\\Office14\\GROOVE.EXE\\30"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\ = "Iwatockov Apoton Agomovo Object"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\InprocServer32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\ProgID\ = "MetConv.MetAction.1"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\TypeLib	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\TypeLib\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\InprocServer32\ = "C:\\PROGRA~2\\COMMON~1\\MICROS~1\\SMARTT~1\\METCONV.DLL"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\ = "GrooveURLManagerAlpha"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\FLAGS	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\HELPDIR\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	DPatrolNF.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\VersionIndependentProgID	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\VersionIndependentProgID\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\Programmable\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\0\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A85B58E0-367E-8D0B-8B53-BC5BCAE68E9D}\1.0\0\win32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B283BB-C93C-46FF-FF81-149AC9DD2F43}\VersionIndependentProgID\ = "MetConv.MetAction"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	DPatrolNF.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

DPatrolNF.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\91F380A67ECE16F626E3BEE6D1C00EB1BAE11883	DPatrolNF.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\91F380A67ECE16F626E3BEE6D1C00EB1BAE11883\Blob = 03000000010000001400000091f380a67ece16f626e3bee6d1c00eb1bae118832000000001000000ea020000308202e6308201cea0030201020211009fed4fb9e993f3e8ac64be603de36dcb300d06092a864886f70d0101050500301b310b300906035504061302454e310c300a060355040313034954503020170d3031303431393130353232375a180f32303631303430343130353232375a301b310b300906035504061302454e310c300a0603550403130349545030820122300d06092a864886f70d01010105000382010f003082010a0282010100d102fac59471f2454e80b9ee0861ed6bc62c3adfc79948a74cab6431221d7b71df61aa005a245e6c3327cda20d5c08adb0d221feb6341439cede4d10d764e688b7eabc1894335631312cf2bb7018c589ba265131a95e54f5632f511c7f64f87025a21b0f37aaf37258301de0e6985740c2bc17b760f47b6ce2abce7c04bff132729f8d8813a4a627589f2add6ff03882c301b842988c8437cf996bac4b8052ba490037f68e5c534c9ede75ed439b281ad72ce839e02e73464b10929aa8d1b67302beb4e67d5bb38bfca987818ffe16130e77dc73b89a042671727239f9c7b1dad7e1b249c30f51a713dd9dd7f7eba4617c90ae2c806af2cec304d8759e219fe10203010001a3233021300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100940971a1b29b3063d42f8d235a9b21fd9b63673a8ed011e5cd04604cb9e363e40e6131b01235de8bf0df53830f6ec6ffea13d6bb56938cbed32c71d520156c91cafaf2e409466ac8d46f9c23445b2445be2157e760150532bae6dd40c54b34381b11993fd30e11c54fec48b1c30de6776334c519301432ee1774cd13f6f646aafd8306a2575d7a2c611d05b099af7d5bbf639886efe229f7af68d412422994ca0a8988bd40c40a8a01f62e25528ef0dd4eed9163f3c0f764825aa7cfb821df74da28abe3ae8037fcc917134e8f3b4f8473e6575d92358a3390b198cc1f3c3e00200cc0cf37adc22d1d592a9c69400212e585c2977b2ac2e540b09480f7cc6b03	DPatrolNF.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

dp.5.5.57.setup.full.tmpdpatrolu.exedpatrolu.exedpatrolu.exedpatrolu.exeDPatrolNF.exe

pid	process
1188	dp.5.5.57.setup.full.tmp
1188	dp.5.5.57.setup.full.tmp
1624	dpatrolu.exe
1624	dpatrolu.exe
1372	dpatrolu.exe
1372	dpatrolu.exe
1504	dpatrolu.exe
1504	dpatrolu.exe
836	dpatrolu.exe
836	dpatrolu.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

464
464
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DPatrolNF.exe

description pid process

Token: SeDebugPrivilege 1576 DPatrolNF.exe

pid	process
464
464

description	pid	process
Token: SeDebugPrivilege	1576	DPatrolNF.exe

Suspicious use of FindShellTrayWindow 13 IoCs

Processes:

dp.5.5.57.setup.full.tmpdpatrolu.exedpatrolu.exeDPatrolNF.exe

pid	process
1188	dp.5.5.57.setup.full.tmp
1504	dpatrolu.exe
1504	dpatrolu.exe
836	dpatrolu.exe
836	dpatrolu.exe
836	dpatrolu.exe
836	dpatrolu.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe

Suspicious use of SendNotifyMessage 11 IoCs

Processes:

dpatrolu.exedpatrolu.exeDPatrolNF.exe

pid	process
1504	dpatrolu.exe
1504	dpatrolu.exe
836	dpatrolu.exe
836	dpatrolu.exe
836	dpatrolu.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe
1576	DPatrolNF.exe

Suspicious use of WriteProcessMemory 31 IoCs

Processes:

dp.5.5.57.setup.full.exedp.5.5.57.setup.full.tmpdpatrolu.exe

description	pid	process	target process
PID 1320 wrote to memory of 1188	1320	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 1320 wrote to memory of 1188	1320	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 1320 wrote to memory of 1188	1320	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 1320 wrote to memory of 1188	1320	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 1320 wrote to memory of 1188	1320	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 1320 wrote to memory of 1188	1320	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 1320 wrote to memory of 1188	1320	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 1188 wrote to memory of 1624	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1624	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1624	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1624	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1372	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1372	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1372	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1372	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1504	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1504	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1504	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 1504	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 836	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 836	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 836	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 836	1188	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 1188 wrote to memory of 2020	1188	dp.5.5.57.setup.full.tmp	nfregdrv.exe
PID 1188 wrote to memory of 2020	1188	dp.5.5.57.setup.full.tmp	nfregdrv.exe
PID 1188 wrote to memory of 2020	1188	dp.5.5.57.setup.full.tmp	nfregdrv.exe
PID 1188 wrote to memory of 2020	1188	dp.5.5.57.setup.full.tmp	nfregdrv.exe
PID 836 wrote to memory of 1576	836	dpatrolu.exe	DPatrolNF.exe
PID 836 wrote to memory of 1576	836	dpatrolu.exe	DPatrolNF.exe
PID 836 wrote to memory of 1576	836	dpatrolu.exe	DPatrolNF.exe
PID 836 wrote to memory of 1576	836	dpatrolu.exe	DPatrolNF.exe

C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.full.exe
"C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.full.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1320

C:\Users\Admin\AppData\Local\Temp\is-AKTVD.tmp\dp.5.5.57.setup.full.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AKTVD.tmp\dp.5.5.57.setup.full.tmp" /SL5="$2015A,163122863,62976,C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.full.exe"
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1188

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_MSC
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1624

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_HIDE
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1372

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /AUTOSTART /AUTOEXIT
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1504

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /au
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:836

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1576

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe" pavnf2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2020

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\ProgramData\nCore\advware.avb
MD5
4894582671b786fab460d7878ca7cd74

SHA1
011e0946d9ab1ad3c76956e9789def6feb3e346a

SHA256
33a24cb34a43e6445cff7781a95c10960f963d00b553cb27da7b70a28e28f030

SHA512
846750916cd3cba3c9cf491b8989bb49e3b2db379d6fb68e588e32e4ed95d5cdbe2bf5988e56c18910184c9b68336095259ddd6d5d4873e6df71d20ded4ce574

Download Submit
C:\ProgramData\nCore\asc4.dll
MD5
1efca8fd4ff144ee2df2dfd531e3e91b

SHA1
2796e69436b2765bdb0b90cf5016616cb003c16b

SHA256
81d590be4c0253cad92a9febc8390e81899c5f5e3435aeb75e6916730a37adeb

SHA512
330778a26007635f7e685e3400df2792ac039dd8c7dd96a090aede7cee5ab305bced98ab6798acb536ae703ed2f3157f280148bc269c6a013fd2649d4a95cf34

Download Submit
C:\ProgramData\nCore\backdoor.avb
MD5
46babac78e3ca258da3d442630531ac9

SHA1
f6a8b85598f186dc2199e7591c17f0e64927efe7

SHA256
de65653a6e50c3198f250f8e94708d577809236b823b116b55de710978fd8e78

SHA512
700e49b98cf1c2fbb2672555d5e6491f9d6fb47af930189430957be1ff9b8c5f246b3ca147966d14ee3ef16c12bdf564ae004c2c141bc3612c218ebf41ec513d

Download Submit
C:\ProgramData\nCore\ca.avb
MD5
2fc05f51d1d3041d1cceb337e1e5010f

SHA1
67dae6b2927e6a5d5dcded104e0cc12384cc52d0

SHA256
515af6ab468405b6c1a78a26e0471085797ed4c7b6ee0e4f33506764da96a97f

SHA512
b6ea6a06b932312fa7489f1b8f5c31eb18f27e4e3f6832e3ece9884e7fd8270509990eeff44b2c24265af1d44d57ee2b41f2abe5c192ecf0f43bebcbcca1c91c

Download Submit
C:\ProgramData\nCore\daily.avb
MD5
0838264b481901310c05464e997c8e82

SHA1
2c02042e84fb0b6355e656e50fb93993f0a54484

SHA256
43615f17781bf69d6888cc9ce50b819a5a5e635581f96e3d8216331e89ba9674

SHA512
53d58e80ab2c613fd81e1fdb322c7d20b6b980c1af2ed7f7163d40d810a28a585b1b028e15a02651435e76d8bffbe3698cdc249c041eaad0e2b22bbb9870afa8

Download Submit
C:\ProgramData\nCore\kernel4.avb
MD5
7a91d0a410fe15f10abd1c5eaf6c401a

SHA1
1bddc1fb1be573fb0cd82749b0796279d9790867

SHA256
9ae0cc5815aa5f80ca005a4a388387a609371accd34bc7ad8b0c9726c795b279

SHA512
c53912628825c76e114d2ce3a6131c5eecb93169af236e6d198351b6ef12684f52844d2180d19aec29edfa1b3e825b651a2de854a265db3a3d641b8d3a03f8b2

Download Submit
C:\ProgramData\nCore\kernel40.dll
MD5
cae1d89b8f678ff87d0b7fb91657dbb6

SHA1
45ec96abbd58eb5606b3a3f8f287c86b6abd3bb0

SHA256
cf2f0ec6100f5cbadf516a34d632a0fd9a0f063bdb7694ba2c9c405c0b9c0e92

SHA512
b495b49a4ed1387c09bf70467321ef01c36184230e2f71f8c6f6d5a032228796924df00e4077a008423c78c7c3ab77ace3aec2b43cb0f22b5980e923a3754260

Download Submit
C:\ProgramData\nCore\malware01.avb
MD5
8baf10bbe3b1020303e7fe38dd066e14

SHA1
5ed9796f0d33bcdc2f50f21d4573e106beafb390

SHA256
e83c941b1b56ca148dddc56d93e31c4185570ad8429a7255606397481d263ed3

SHA512
b422e1d004fe9dc1e7e6c5eb5924aad19a73755b83f7f4fe2100ac5a0c61574b2fd4793f6e6030768386eef1eee5edd305e26e7701977e12adb1a3693f764d34

Download Submit
C:\ProgramData\nCore\malware02.avb
MD5
278df04a36c3acb3d5a74f4046b4849d

SHA1
3f9af2da5a883ff05dc4052aeb8229f5789deece

SHA256
4470048156b9b432e97456524683e39cf28201c46744287134419ea086a79c06

SHA512
709be2c02824b3928bd4863afda76035ac01a5b59b579d4c3d0c81b3601d560aa5d01a5104087f1f4eb2ae8b959079beb635874836d31525f229c472053ccbca

Download Submit
C:\ProgramData\nCore\nCore5.ini
MD5
3857d17f29865191d36f8104a6e1c050

SHA1
32e103f02714d2dd520a0d711f2003609e4aea1b

SHA256
cdf087bca80ed62df73fe8732b59f9a56f5bf07502213a5d35e3c1078334f84d

SHA512
3286cdccf37f0bd1585f1d63d0657107f3be724fc2c9b4c60f035689319774d80550e5cc52340832a9294c4032e5dfded2d72257bdd1f8c2780b4b01ed9514fc

Download Submit
C:\ProgramData\nCore\oe.api
MD5
0e3b3413b242f8fcf99bca2c6c2a2c43

SHA1
b6335ea524d542920ad2a01c784f331c6d80c2c3

SHA256
b18e178b465c8d9e37e8e1061450202ba5d52959d5202a32a6802e35bd049516

SHA512
43d3fb6a037b45d458bb160bcdec8ddee40258830a1dbabbd69a6bd303b611657eeed3e1dda61e93270c4d540bc660da12b55fb2dda4d1ee1adf3750aae6017f

Download Submit
C:\ProgramData\nCore\oe4.api
MD5
e9effa1a7209816abdaf795cf70a72c3

SHA1
e5a5beebf9eb454fb0cd4586608f2adabf59893e

SHA256
703593eb00fa56ea8cc203adae752d72e9e66332e0ec53261eb00785ae1888fe

SHA512
bdac0ddd8157d32f162c473fb0bc45932e142f33de82c7a9a589126c4429d56c49bdf113895820cf343376b0cfb83ec432aad4d42512d0b5474ed1188734ffde

Download Submit
C:\ProgramData\nCore\riskware.avb
MD5
d6308c2c01a79c3fb9d087515e60bdac

SHA1
9c055ef943735bd9183fd913624d147f9b14d810

SHA256
e0ef459d162c859adec74f0076c1c5725bfded3240347b7fab5d1e18d5da3a46

SHA512
663e1c6778f01f5b57c6e51ca68f1a7fd25a230cf6e245f8f6efc58739f076025a75a2797cd87f838e93d39cddd08d7b9174d5ffb2a1f2358e93481bb3329ff5

Download Submit
C:\ProgramData\nCore\rmdb001.avb
MD5
80e6387b6575fc4bffd7036d0c34e186

SHA1
9cd69ebf5fb65ead59af763ef170ad9dd3c981f4

SHA256
0beb8412b872ce9cf149c06620c9ecc108aca3ca43c7b0690474945cc4e1803c

SHA512
55b78b75c03bdbeb0f4e9cb5651d8d5a945773bc0fda297bad70bfa9046903d545298d2c62dcaef602691c8976f0ef41089827cbf107fa57916b700e5ce53663

Download Submit
C:\ProgramData\nCore\rmdb002.avb
MD5
e7e2aa78521d16c0e1ba2fbc659ce246

SHA1
2a97e0b1dc8048ae59aa2888b4a776879165225f

SHA256
96f1528e6df0a372da17823df66b05fa984662936592b841acb1c1f2b718196f

SHA512
eaac1e5d2785d8f6c2a0a235e2e53a7168bc0b484a1f46ea37f3bbdaf87852f08c20daf3e17a31b5588fb444b005d3c22ccac860f239ea3983b726d5a4550001

Download Submit
C:\ProgramData\nCore\rmdb003.avb
MD5
cc5ffbd574e9e50083c3bd7cbbac8ede

SHA1
746d699e08a8e37c03618ad5bd8e70a15484514c

SHA256
4a9a2f308842f44308ea48c16096de80dc80c636b929ae741fd1526b63dfe650

SHA512
ee36b1a7af2d712e141d9b3a278309cbdd9e7dd8d525300f476810f27b100cad969d74580eb4b647b129c9f94c92e36953b591b3012b1da2a0b94bbcfe9909c6

Download Submit
C:\ProgramData\nCore\rmdb004.avb
MD5
e1cb35a7dbb681fd0f5f8d8610e3a77d

SHA1
3bd97d68212f4de7e59b0c2231dfd1f31e725088

SHA256
68c117a28f0c392ea9fcfb9791356318688e7ed56126cd89028a980da7cb877c

SHA512
a70172bff7052e64f2861d19c671cd4424948ae5a702639222313c947dc6843ee1a868e094a41a4535375015b0625015482516e6acfad720472088b1a3a9d989

Download Submit
C:\ProgramData\nCore\rmdb005.avb
MD5
056e6d7360dac0a405b91c13fc7b8692

SHA1
0e04e9af1cb203a1755cf6ca300078d1a8408a9a

SHA256
b5baa84f750b09d893e494f742307465cc9393955fe08872754ef92c66e97e10

SHA512
c6f78ee7d1a43ccb0ed9a75a83521b778cb2aeca9caa01be8e91d53652441740984ac6e65d8187f57f5b5bf46b550c00780c0edcad29000f9bfddfcf5f2381ee

Download Submit
C:\ProgramData\nCore\rmdb006.avb
MD5
9bb01c5791e52aa213ac8befc2ed990a

SHA1
ac50c3866b50092e96ca94f87902a87fb4984b73

SHA256
0d878817a732b39eb69d562e878782ba2c2a89a8b75472c7692162775014e721

SHA512
edf9168d23e257e3c939d7fc655b34eac1ba21621fe9dcdd3c793bde4e5c70735bc6f92a196bda4c095f2c38ae391b1bd3c1e78cc45e6e9e35997ad90fbb14b5

Download Submit
C:\ProgramData\nCore\rmdb007.avb
MD5
26eaffb25ab8183efbf88386141b5b5d

SHA1
2bf4f2275b34011deb0101f10c36325fdf6befd9

SHA256
811d91504ec582fe85a3e667f66901e0b34d0aee4e65672a28218fe8b996cd42

SHA512
5080c45ef7832a444b353516b8f8c98e86fbb101a6e018c7e4a0939692cee0fa3797b5d10cf82fb1844f001840e790237d8f154b570704fdd91c462c2e21d5fb

Download Submit
C:\ProgramData\nCore\rmdb008.avb
MD5
6515f96e784f2079f23c32b1225bcf03

SHA1
39e90a1c6040aa91ab5585c5df69d026752fc412

SHA256
1ff3adb38b89f7df769d9f98a1defbdbfac39a51c35f1095568297286084c7a2

SHA512
099180e887b663214c7d970ba029e4ed0b396e4087fc63c1e8b5a077cdf5d33b146157b5f50b66bc93f809e737bae91128abbe1980c8d4764b2150d4ca0982c4

Download Submit
C:\ProgramData\nCore\rmdb009.avb
MD5
6c021e6e10aece5011ec5e3b35c5cdd3

SHA1
f60a8cdff01c038e535f7df24910ac6a3f29725e

SHA256
24b0a47ffc72524204d7d9ed3167a3ef0c7aebc72b0237d17da5085f56691577

SHA512
11e1b72e9bca8da4d7a2ce430fb09c9e210e7bc0ef1a54cb28c52b7fa3677438b84716a41d914c99cdcc46e49caad37a2e50cbb8b89d8b6dd66444cbcbea8ec7

Download Submit
C:\ProgramData\nCore\rmdb010.avb
MD5
7edcc00019975a434e2eda0bfba15f8b

SHA1
e8476a75c0759dde9a01da38a51e358b4e6e22a8

SHA256
55194ac4286e0afbaf7fd558c4fab27231838e8e268371aa823d2bbcaaf6a04e

SHA512
98ede5fe42aa475b1c50033146860a72aef4a46b9819c29ad115ffae5b2311ebfd9b070b8848011adf6eeb6cd9dba52755bd886c3fee2750308de1b5a6e8774f

Download Submit
C:\ProgramData\nCore\rmdb011.avb
MD5
97c5e2b444d526c95455629a37d6eb85

SHA1
ed95a74986c67bb63f39ad7ef412cd5eaf88cfca

SHA256
b92c882b293857756545486da148d9684b7e61fd14af4e1731f75da0ab5bd12e

SHA512
64a81dd58c0bc77cc008897dc4db9303fe4986adb4a1684db77712d76d3c25c26999c8f024511a74bbcf98ddcba939211c2027da58e557e509298efef73e6cfd

Download Submit
C:\ProgramData\nCore\rmdb012.avb
MD5
2b49f97ff2f14517c96267a925dfc239

SHA1
e98ea0d95958cd416f8561de1f0035810894b267

SHA256
c8bf9dbe4c38a01d2648630a7de880252f99831df3b47d58fde6c4e2716b66b5

SHA512
4d194169a3664aad1e66bb422e1ead4220c523a4db6b4d4ad6737dcb3ffb37d61a5d35fb860a88a059f997e1374dc3e6e63419c89cbe6c40fb69fec6ee82151a

Download Submit
C:\ProgramData\nCore\rmdb013.avb
MD5
2444866b4d30f269803a6912d0fd17e1

SHA1
2d919574ca2da29868723cd0a27e045d45f4e373

SHA256
5068aa8fd755dbbb982e154b523f6a9ca9720673bd1a4bcb094e3f95f0f323fc

SHA512
f1101c303497937c60ad2be3a09f5ed7009151e6dd78745e5d5d539864ac76a6e342ce28723f243a0e4b218c0640a7370cc66e47792f7cae5edfaded8da1ba6d

Download Submit
C:\ProgramData\nCore\rmdb014.avb
MD5
9d095da7ff4e5de33fe173b2b69d5b8d

SHA1
02d1d0d210262b636bd0ec0dacc1f9c3d0597266

SHA256
1cf5c11f7fd38bce8cef15fcbe8c82ac29db6de2ba4e1af13e5ca4c78dfc96a1

SHA512
a9fa6a77dd36ab2984f43be8de8055d7ad69cf79a5ec264500d2e8ca0258baf190cb158374ee22f32ebc7f31a2198a91dae04f3c9c5888497b278c5d434b73a9

Download Submit
C:\ProgramData\nCore\rmdb015.avb
MD5
e9bb94d8dc0074e02eea1b6fa933cbdf

SHA1
1008381b0283a4e1a7e347c9a9decee18b9f1116

SHA256
86635efe68f42a5a0ce6a83b3a733d11eee8abf3b7f661caf8402fe7a9848240

SHA512
c7dc8e5a9d29f758b2d9cc4608185cda83ed759d61290dc7ae4937e4be089bca1ab372e7308ef1b4fc670106fb1b9e50a88f9a29cc630a207edf3ca30c4b2ea3

Download Submit
C:\ProgramData\nCore\rmdb016.avb
MD5
4ead5ea57bd5beb45793aff0124ec562

SHA1
7621fe5bc4de5ab92596b5c8f8a0a8e7935dbd8c

SHA256
12d3892f3dc8ba8f82e0177156f70e6fba485cfc58e8c89eebe116ab38f39487

SHA512
038af1a1b5cbc1b6dff623dc541429af06d56df75415632ffeac5abd2ab57b2d75b2325d614f6113ec8c09bbba36c82b113c6eb644d7e2bc93be98853ce6850d

Download Submit
C:\ProgramData\nCore\rmdb017.avb
MD5
b8de71300ce88cbe6a03faf876bbc308

SHA1
f48aa38a5018240e2cc747f41d3ba84f6b2329aa

SHA256
a858ee619c69c6b0a1d80c9be0bf4d70475213401eea11059b1cf3392af746b6

SHA512
e4fe0f99d80dd1f793b8ab87d0d182252fbb0a0fe735e3234fd143160b937591db8f4addcab1043db03519590adcc8901baefe128eabab0557578294844cce21

Download Submit
C:\ProgramData\nCore\rmdb018.avb
MD5
8e8bb6a9d774c4a677df42f1b08485a0

SHA1
7ecc41de67b6d986b551e99c6cd966e4dabbc54b

SHA256
cef210329b31bbb031e9385a72147cec918b5a062bb928702a0110763d2b3603

SHA512
e0066c388dcc5c6c40f9a48a124ec16706fced173a9702569509167fc092de376e73855d394f24c69d8d25e8bcde02389416b4e32be8b36f737c5516b9a2294f

Download Submit
C:\ProgramData\nCore\rmdb019.avb
MD5
f9cae1f285b41c937117d9e79cd692cd

SHA1
414cdf580d6380900f3158bc9d136bf133554650

SHA256
d39279178193770d42008f1aaa21e1ad73f3013c8da566bdedba98f7c7a364f0

SHA512
18ee98947c513be9a705f0dd31552223a0bfefdd7a291a0f13a2bf4af3958e59d62c06feec946ab5ffcb3779a397bb4ed2d2be1ad0caae2a646254525e03b7dd

Download Submit
C:\ProgramData\nCore\rmdb020.avb
MD5
8f3854ea664bfcee3a42170a5536b9e9

SHA1
16ae47156ede30f736e4ad956e62dbc6ac48c3fa

SHA256
5974aa881f1f2564fefc77df47bb5db8fbc29bd35927d70b1deb6a8bb8cccc16

SHA512
e34c9b0b388ea55fc763ae376c0e94c4e1e35630c054d3658f87be426ce215865ce1bb51fc9f9d3e2175fff13c78f0d07cf94524b89ac88c509aef5645a63c81

Download Submit
C:\ProgramData\nCore\rmdb021.avb
MD5
4a802c007dc32f96d3004ead3906c305

SHA1
f914586628ddf5f70cd1c151771fbc5fe8be20dc

SHA256
42b33f878ceafb3e2521fc90d77da8624f3f696d34f79da1f00b4b5669a214af

SHA512
1b223cbb2a8995738f46771e12336f48a6939698a80089ce653056801002e17c8be3b3d5855f985c727e4aec2c7233069092fe9c0d9976cbcf9c9520ab441549

Download Submit
C:\ProgramData\nCore\rmdb022.avb
MD5
68d99bbf2b442480ca8c0a9377ec8ee5

SHA1
3a8c0eeca4170083a245f7f9a61eb91338d18e5c

SHA256
738d31901ef15d4a85f045b26c38931ea2b365da6dc8cb2ebd105b10c9cd65a6

SHA512
a2bee9d08a5543f4b90a4b0e6a1e8f3d3eaedce0eb626014f1dfd123d8a076f7bbff189b5d3857b7a0f0172178dc78a03d92d4c82b8716297f1cae6af3adec7d

Download Submit
C:\ProgramData\nCore\rmdb023.avb
MD5
f93c6a0b0674d59f9ec5d408751403a6

SHA1
8db092a2eaa3b27f19d4b0d89bfc1e4c1487808e

SHA256
de7a125cf4d8e8744e4fec48cde7b1a5d8bd4b4ad1525336887d13216b4c5210

SHA512
249838a6db70587293a3c996c2588a90e3b36148fff2c83e91b35e8b2501737798862117a3e5cb53a086d22868db709d6b6627fc1eba32322c90b9bb7ed83d75

Download Submit
C:\ProgramData\nCore\rmdb024.avb
MD5
97779e737bced2c42b72da7dfbb1c1aa

SHA1
d025829e1b34043f680f4857c1edfbd8f7e31ba3

SHA256
10ee9d7a6d0c39baf034a7abd4673472a1eedf31229c49d694f45347bfbd6910

SHA512
726bedc828efb5b634e932636e9587bbf044d584ca77c9c4e11a19c62359b2da0e662460749441d61a7f2ab8b345c915aeba51b409fe6bede9cfbe70c5fdc8be

Download Submit
C:\ProgramData\nCore\rmdb025.avb
MD5
245f368f47eaafa6b76a71d4f184ef12

SHA1
92a2ec8e741ff37d3aa8f7d584e6949712513e00

SHA256
b449387371c0185952911b2d52cd66f8ba84789d42ee1ee4c9299a847247a32f

SHA512
f24b22cc1461a4f45946192db2113aacf9d8b0225a8dbd26113a60674e85fd62e5f3af003c00d331eaa8066b188451e9f8a279f6e2b047313af61c729157c6e4

Download Submit
C:\ProgramData\nCore\rmdb026.avb
MD5
232e9d465f0b0872dacdcaaaa6cc12d7

SHA1
d77ebbeae117865ba6067b2943f1b847cad90f2b

SHA256
b78d79989e404624d211cd2a647ea143f142de735ae92a7086ee727b1c0b515a

SHA512
c9c1223caace588913c99a8a891abf6b6e4a36b5a080b1b2082b5bdec39080e2d25724021c4df8074cacf2209211289fc6c5abc7daf434da9c465e0dfd10aa9c

Download Submit
C:\ProgramData\nCore\rmdb027.avb
MD5
643874e8f54b2be6afe3c66850442980

SHA1
9bf9fa3285e24a6b540e557ea398e68cab67ab60

SHA256
5e1d8878551b2b84247b6b33f3e51f292d9ca784dc78a7c764a58371d35befb8

SHA512
c5e956280ad1448c4d0474b6dba6b78859128a0b3ec677c345d12b9b57e16078c60e533f02c12277975222933f4c5aa2d9f888853b9e461cbe3db874b0c32350

Download Submit
C:\ProgramData\nCore\rmdb028.avb
MD5
9445e14c49ac17bfdacc53a99d7ae446

SHA1
474a405c4220e6a8cb73d4aba899906aca6504a0

SHA256
a6771dfcd50cf950904fc5cbda6c65eace851fbec585455153eb76a3a6106181

SHA512
9ee104d01006621abaa4958375b11970749500a8c44e7519435448c20e002092ad405ef98334089976ae833668fe22bf3cd217336fe4b00be838997f0b6ea90e

Download Submit
C:\ProgramData\nCore\rmdb029.avb
MD5
7ee4ebb705d296cb41e67eedd3a2d5d7

SHA1
79c68825080f02e853146e5c216abfc834d922d4

SHA256
a2e74960b265eb465c662901bb9adc6dcc0d596f0ac8363f20ca77b4d3500ce2

SHA512
ebbc85de4c89d61c2c9e96625c7b285990c9a6dfb97a32cb3fdb8fa6937290d71151642bd46350ff251123352d0511fca3c68d9df512da553d1057b92c52c5c7

Download Submit
C:\ProgramData\nCore\rmdb030.avb
MD5
a481cc3a201b10fda0c11c88451e83ce

SHA1
9a46ea1a7094e8d6b1535fa0c80c62b705639104

SHA256
bd2a6b6ffaacc34938b35befb54c99a5e2edd220fb2a0a44411c90fe3cb79186

SHA512
794664ee1b461db4e9b3fe8023ad9cf245d99921dd126a3938be6e309e44ee2ebfa5fdc0dcfd9259251df7c214a0dd5c9a709fde3b40cef1b8c43e4adfa4e7b6

Download Submit
C:\ProgramData\nCore\rmdb031.avb
MD5
edd0f06d0976f780404ac8ed418aa17e

SHA1
bb60bdc3e9a9d06050be18ddb6a05307c854e334

SHA256
78f3dfd660ee59ac4c54afef060b2b4c04edc61147449b81aed79c680ec26d91

SHA512
b6225ff0d904e0898918307123817d60bfd9525658d0cd5b547858933ef7f4c0f3e24436a3881b032a7828699ae7770ef630eb4ea2d599cb433a928d9b852c61

Download Submit
C:\ProgramData\nCore\rmdb032.avb
MD5
77db13d51922ea499e85ef54a9fe3d7d

SHA1
79c02c0ddb6c80f7b111367630b8559b0c5ea7f6

SHA256
6846f5d9f0a68dc9d2a7df023580228d90a31d05b2351ec081c5a461ac629d3c

SHA512
c5941d557323c3fa8493fcc3c7a429f188fd8d7a8d8921db8e4eda9cd74ea61afa187132461ee512d8e50973b34ae8f09f68f53381bfe152ec4fc58f1ec58540

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AKTVD.tmp\dp.5.5.57.setup.full.tmp
MD5
ebfabb4e6e589e9a5de56d2a6d3614e2

SHA1
d082f902bd635fa90b4c63508b58a163bf3816cb

SHA256
88211ba518296caf01fe2ca1a4586d2428a83f97417372439b67a0f4a669934d

SHA512
710f547119b7eff3160b3b54eb4f17863fec0f99d43f52383ac291443677558598c3a38bca71e3f9c18cf459506833e4010e088a600f40120cc1029686e223c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AKTVD.tmp\dp.5.5.57.setup.full.tmp
MD5
ebfabb4e6e589e9a5de56d2a6d3614e2

SHA1
d082f902bd635fa90b4c63508b58a163bf3816cb

SHA256
88211ba518296caf01fe2ca1a4586d2428a83f97417372439b67a0f4a669934d

SHA512
710f547119b7eff3160b3b54eb4f17863fec0f99d43f52383ac291443677558598c3a38bca71e3f9c18cf459506833e4010e088a600f40120cc1029686e223c2

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
b7f4cc5ea8e4c19f0e89b89e8fa8b188

SHA1
331405b2a80b3bdf8648209121334a3fa1c9c738

SHA256
f5e808f4fe43c2fde6a96be054838f0c5a7350269507c112e1f27c988acf69bb

SHA512
1c3408c5786fe3b3aad5d050c72a5a044e90c82cbd9358fc0cdee0e0d4924d5ad94337abea9085a84cb12e9c2531f5971a3f9c87dc6f8512c9036b76cc0d0e39

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
b8411747c38fad405813a43faba7985a

SHA1
04739d3412bd721231a9038a70f1ebe1eb276054

SHA256
958a317a087f82638dfdf63ef0ba472134c85e79b63cd1694aca4faf10717cbf

SHA512
7573701ba3adea5b638533969b80867be9bef71ba3601a28263ae179eac03223b4b52a9505c89f2f5601e04579cbdc83e355af68cff4c74a8466eb286a49e16b

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe
MD5
36e4befdb5f3e155a051fd7d646b7e2c

SHA1
a6eb768815786212a137058c5fbf3b6bbb190fe5

SHA256
ea8f22ef6124eff67b03707bc407f2192bf87075c2d84d64bac2e4b99a40d895

SHA512
d4cbd3df8ab9d2d27ab9bb48d04cab904b5016f94487937880b390421de93a218f8a760f71019acba5b7c4ea5112bcbd854e02cd4cd95a6eacecdeca4c9de617

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\activation.exe
MD5
3892ffdf031d419e3eb8506e245dc15a

SHA1
667071b4dbb2a0a9e2c6e457c0be8f6a09f10a6d

SHA256
7b7c03dcd1b01fc27c7ada5b908a419eb261db56513142d07186ee704336fd07

SHA512
07efe1abd0b26493ca05a1197d966e8ab082e5ceee70ebdbcade5cddc6e8656773b93c925c1564ac5a5accb51b61f0bb19d4723cfd7f0066e42f7a733f6bf8a3

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolaa.exe
MD5
ad563c88a749a0085a33ade7f5dc2408

SHA1
ed81960320b7946686bc1847a4c3e4a9cd614617

SHA256
6d36651fe3b62eb344c7b00fee57413736773ca3fa882b68b7d8d69c9baf9f29

SHA512
2a781fc75075550c3b317659bd733ba067c9760d59e5aa5b16f3e849c0e5c00790774b7227389bd421d3e0273bfbf56998f541c7b91984f499df35110628e2de

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe
MD5
35801dfa01a3071ed7ac231b734048d7

SHA1
0f040b9974f3e269eafc9967f6c846c97edcf310

SHA256
153bee2219be78584cc59aa6c80b0a7825ccf4636fb87af9eaada0b6133dbe43

SHA512
50f18c93ff6f830a9b75a0e4c7f0a52b747c8903c8026efc7681cbce712abf305f32812d19b3edc71368ef6e537998ac9d38f32083d8ecc723882fe984827b2a

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe
MD5
35801dfa01a3071ed7ac231b734048d7

SHA1
0f040b9974f3e269eafc9967f6c846c97edcf310

SHA256
153bee2219be78584cc59aa6c80b0a7825ccf4636fb87af9eaada0b6133dbe43

SHA512
50f18c93ff6f830a9b75a0e4c7f0a52b747c8903c8026efc7681cbce712abf305f32812d19b3edc71368ef6e537998ac9d38f32083d8ecc723882fe984827b2a

Download Submit
\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.exe
MD5
ebfabb4e6e589e9a5de56d2a6d3614e2

SHA1
d082f902bd635fa90b4c63508b58a163bf3816cb

SHA256
88211ba518296caf01fe2ca1a4586d2428a83f97417372439b67a0f4a669934d

SHA512
710f547119b7eff3160b3b54eb4f17863fec0f99d43f52383ac291443677558598c3a38bca71e3f9c18cf459506833e4010e088a600f40120cc1029686e223c2

Download Submit
\Users\Admin\AppData\Local\Temp\is-AKTVD.tmp\dp.5.5.57.setup.full.tmp
MD5
ebfabb4e6e589e9a5de56d2a6d3614e2

SHA1
d082f902bd635fa90b4c63508b58a163bf3816cb

SHA256
88211ba518296caf01fe2ca1a4586d2428a83f97417372439b67a0f4a669934d

SHA512
710f547119b7eff3160b3b54eb4f17863fec0f99d43f52383ac291443677558598c3a38bca71e3f9c18cf459506833e4010e088a600f40120cc1029686e223c2

Download Submit
memory/836-199-0x0000000000000000-mapping.dmp

Download
memory/1188-63-0x0000000000000000-mapping.dmp

Download
memory/1188-67-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1188-68-0x0000000074631000-0x0000000074633000-memory.dmp

Filesize
8KB

Download
memory/1320-60-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download
memory/1320-61-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1372-90-0x0000000000000000-mapping.dmp

Download
memory/1504-95-0x0000000000000000-mapping.dmp

Download
memory/1576-202-0x0000000000000000-mapping.dmp

Download
memory/1576-204-0x0000000000AB0000-0x0000000000B1D000-memory.dmp

Filesize
436KB

Download
memory/1576-205-0x0000000000B20000-0x0000000000B77000-memory.dmp

Filesize
348KB

Download
memory/1576-206-0x0000000000B80000-0x0000000000CB8000-memory.dmp

Filesize
1.2MB

Download
memory/1624-155-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-196-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1624-82-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-144-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1624-145-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/1624-146-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1624-147-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1624-148-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1624-149-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-150-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-151-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-152-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-153-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-154-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-83-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-174-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-175-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-176-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-177-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-178-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-179-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1624-198-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-197-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1624-79-0x0000000000000000-mapping.dmp

Download
memory/1624-195-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-194-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-193-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-192-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-191-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-190-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-189-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-188-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-187-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-186-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-185-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-184-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-183-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-182-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-181-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1624-180-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1624-84-0x0000000000700000-0x0000000000703000-memory.dmp

Filesize
12KB

Download
memory/1624-88-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-85-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-86-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1624-87-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/2020-200-0x0000000000000000-mapping.dmp

Download