Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-11-2022 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33a746f827e6ab24acfa09d3dfb0905c0c8e1ecab5d6f098a0adeaeb10ad9af4.exe

  • Size

    1.3MB

  • MD5

    b840372e8ef3a72a1859181d6d421afc

  • SHA1

    f82565a851d4febde67e928057aea802bf5a12b5

  • SHA256

    33a746f827e6ab24acfa09d3dfb0905c0c8e1ecab5d6f098a0adeaeb10ad9af4

  • SHA512

    b810ad9aa61b84164f096b25e62d89a8fcb910a13df9784685034cafaf89bef032b5ea9160be9488b17129fb0eb434504561e7c5ea08cec15ac62e35b467139d

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Process spawned unexpected child process 45 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • DCRat payload 6 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Executes dropped EXE 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in Program Files directory 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 45 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33a746f827e6ab24acfa09d3dfb0905c0c8e1ecab5d6f098a0adeaeb10ad9af4.exe
    "C:\Users\Admin\AppData\Local\Temp\33a746f827e6ab24acfa09d3dfb0905c0c8e1ecab5d6f098a0adeaeb10ad9af4.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4996
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:752
        • C:\providercommon\DllCommonsvc.exe
          "C:\providercommon\DllCommonsvc.exe"
          4⤵
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4544
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            "powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4804
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\winlogon.exe'
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4260
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Music\conhost.exe'
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3720
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\1rrT6S9XIJ.bat"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2016
            • C:\Windows\system32\w32tm.exe
              w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
              6⤵
                PID:2340
              • C:\providercommon\DllCommonsvc.exe
                "C:\providercommon\DllCommonsvc.exe"
                6⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                • Drops file in Windows directory
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:1940
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4816
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4796
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\dllhost.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1448
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Local Settings\lsass.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4756
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\odt\WmiPrvSE.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4560
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Portable Devices\WmiPrvSE.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4860
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\dllhost.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4576
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\WmiPrvSE.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4448
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\DllCommonsvc.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3312
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\taskhostw.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:160
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Portable Devices\fontdrvhost.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1020
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\smss.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4428
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\fontdrvhost.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3320
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\ja-JP\dwm.exe'
                  7⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:840
                • C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe
                  "C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe"
                  7⤵
                  • Executes dropped EXE
                  • Suspicious behavior: GetForegroundWindowSpam
                  PID:4984
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 10 /tr "'C:\Users\Admin\Music\conhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3656
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Users\Admin\Music\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4620
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 10 /tr "'C:\Users\Admin\Music\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3212
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\winlogon.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4508
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\winlogon.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4800
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\winlogon.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4080
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4140
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4768
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4992
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\providercommon\dllhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4928
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4932
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2504
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "smsss" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\smss.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2076
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\smss.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1484
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "smsss" /sc MINUTE /mo 8 /tr "'C:\Recovery\WindowsRE\smss.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2764
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Local Settings\lsass.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4368
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\Default\Local Settings\lsass.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:756
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 10 /tr "'C:\Users\Default\Local Settings\lsass.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4196
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 14 /tr "'C:\odt\WmiPrvSE.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4384
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\odt\WmiPrvSE.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2268
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 6 /tr "'C:\odt\WmiPrvSE.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2824
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Portable Devices\WmiPrvSE.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:976
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Portable Devices\WmiPrvSE.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4364
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Windows Portable Devices\WmiPrvSE.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4376
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\dllhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:5028
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\dllhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:5016
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\dllhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4552
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\providercommon\WmiPrvSE.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4564
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\providercommon\WmiPrvSE.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4572
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\providercommon\WmiPrvSE.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2124
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\DllCommonsvc.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4372
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\Users\Default User\DllCommonsvc.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3208
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\DllCommonsvc.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3256
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 5 /tr "'C:\providercommon\taskhostw.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4708
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "taskhostw" /sc ONLOGON /tr "'C:\providercommon\taskhostw.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3788
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 8 /tr "'C:\providercommon\taskhostw.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3472
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows Portable Devices\fontdrvhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1200
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Portable Devices\fontdrvhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3360
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Portable Devices\fontdrvhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:612
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 7 /tr "'C:\providercommon\fontdrvhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4028
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\providercommon\fontdrvhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4524
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 11 /tr "'C:\providercommon\fontdrvhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:5052
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 8 /tr "'C:\Windows\ja-JP\dwm.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3736
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\ja-JP\dwm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4732
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 10 /tr "'C:\Windows\ja-JP\dwm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3288

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe
      Filesize

      1.0MB

      MD5

      bd31e94b4143c4ce49c17d3af46bcad0

      SHA1

      f8c51ff3ff909531d9469d4ba1bbabae101853ff

      SHA256

      b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63

      SHA512

      f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394

      Download Submit

    • C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe
      Filesize

      1.0MB

      MD5

      bd31e94b4143c4ce49c17d3af46bcad0

      SHA1

      f8c51ff3ff909531d9469d4ba1bbabae101853ff

      SHA256

      b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63

      SHA512

      f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DllCommonsvc.exe.log
      Filesize

      1KB

      MD5

      b4268d8ae66fdd920476b97a1776bf85

      SHA1

      f920de54f7467f0970eccc053d3c6c8dd181d49a

      SHA256

      61d17affcc8d91ecb1858e710c455186f9d0ccfc4d8ae17a1145d87bc7317879

      SHA512

      03b6b90641837f9efb6065698602220d6c5ad263d51d7b7714747c2a3c3c618bd3d94add206b034d6fa2b8e43cbd1ac4a1741cfa1c2b1c1fc8589ae0b0c89516

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
      Filesize

      3KB

      MD5

      ad5cd538ca58cb28ede39c108acb5785

      SHA1

      1ae910026f3dbe90ed025e9e96ead2b5399be877

      SHA256

      c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033

      SHA512

      c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      aa2377740a81de8df69f07cfa119a18e

      SHA1

      f1fb61c4bea32596ad42fdd68d0eb808ef39dbc6

      SHA256

      c6b5bd06d4ebd64ad8c39aed8c8199ebbb665496b952d68cee68692bd3d44f45

      SHA512

      1fa2517af440f429d526a84c0f153c2852a3ae99a17ffa155afe93b3608ecb4ca25f54847b21a9c25f52a70a56c5a0aec16be72a2b794448f7fa70b89b2b5180

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      aa2377740a81de8df69f07cfa119a18e

      SHA1

      f1fb61c4bea32596ad42fdd68d0eb808ef39dbc6

      SHA256

      c6b5bd06d4ebd64ad8c39aed8c8199ebbb665496b952d68cee68692bd3d44f45

      SHA512

      1fa2517af440f429d526a84c0f153c2852a3ae99a17ffa155afe93b3608ecb4ca25f54847b21a9c25f52a70a56c5a0aec16be72a2b794448f7fa70b89b2b5180

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      65ca99f333b7c7dc320cd9029feb434d

      SHA1

      9a8e02a928642a560b55a083422a0bb255042145

      SHA256

      78dcfde067ccc7b2cc28be0b3f34e6a78b8ec044da0c30fe48dbc3ee9e49d4b7

      SHA512

      114f736c7a762e30866350c2e4ffc139b6017f88ce08b4bc7d2c62a572f42b1dff1198fd89325ede9e8bf0d369b476296351fa275d43449cd226d9b0bbaea62f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      cab2636d3c820fae485eb5f703b6ccf2

      SHA1

      e295529158d80c3b894195429d0d3ffb9259bb0a

      SHA256

      18cdbfdd7dde067742051623d4710071860ea0e3d38abbcca0ae7724d9f0788f

      SHA512

      1c0b062a5f557395ef5e26c6bc3da01b20c4743d18debca11bc69ef3fce1c7b32a738867385c4d98aa6c32385de4c25ba39ef5602f7aebaaa13da762204480f5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      01f51fc82f365ed208be193a1593e1db

      SHA1

      bb20789691e85e5689a2f59a3d979b0c138a603f

      SHA256

      55c0a3bfc1896d066584b8fe3ac40b1a04e7a616a1e9c6a148526a15bd36d156

      SHA512

      d6478a550e97dc657cf4d5a246ec0f0c7331e0125088fc5dc5a2d777fde8f9a0ddd1b864af503b37adeaf608ad71c4a47c7754f5a3c33431c33ae2eb8a40466e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      474cd085a922eccd4c8b4610588e190c

      SHA1

      4020a71e18636bf013ebfcb6a7b2deaca88c5761

      SHA256

      9da0e18b31eb29dcbc37203c25a96f5a8ecf1b85256935d6b6e6abbac42d732d

      SHA512

      b9598a9dd32334cf66ae80128873340ce96a56ce0cacd3115ce0d1066239819370e65148c569573d530a09f331d8884f5e6c86e222fe5614faddf9bf65f2c8a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      ac9b6b22e0b4681d5448a5d57dc7d059

      SHA1

      ee84c33737c317b04bba48c7a2d69a9cb5a8cede

      SHA256

      9484941caec115966b220337769a9441980797c56a8e021378ac84cd33d48673

      SHA512

      d8ae6c17572802549bae28af15809597c0aa391ab8813f02e6de5ddcc8c48e6cacd8e9a6fea4cc2ce492553962c0117510c00bae509ebc17261eaa1018233e56

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      cb0f84ea0244668e12fb3635ec90173a

      SHA1

      79c5e81f9d768f260b862c23401053e184a4ee7d

      SHA256

      b6dfce017d89192024c2a62b1cf39aaf596f7b84d2ace39f0f69e6acdbc18404

      SHA512

      454f0fd5f377859819620bd570a6dba126282266a04d0da823a546f175fd8543fa017c1f135b6b420e049225801317d5f5e6c2e63fac8e38623d866883325315

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      cb0f84ea0244668e12fb3635ec90173a

      SHA1

      79c5e81f9d768f260b862c23401053e184a4ee7d

      SHA256

      b6dfce017d89192024c2a62b1cf39aaf596f7b84d2ace39f0f69e6acdbc18404

      SHA512

      454f0fd5f377859819620bd570a6dba126282266a04d0da823a546f175fd8543fa017c1f135b6b420e049225801317d5f5e6c2e63fac8e38623d866883325315

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      1fcc1fa88096de62ff4143d5e9a5959e

      SHA1

      090ff4692e46247a5e01ba4bf8bb94f74f478085

      SHA256

      ce0f7bc277f26190b6bfea638a01c2a33669e063423fea23a9d47e2e4117e3db

      SHA512

      4266b3c4c840917713f57f928e2a512df87ad795b0d8a8ebb273a5d683f832beef9ff676948b955c4dea51aa7d1961a4746a2ab3d326d881b6fe6468921c2551

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      649ee4a50ae613ab05c612042f2f29ce

      SHA1

      4f5622dce7e105bd97d057e7a8df85dc4fff90a0

      SHA256

      8ab0fb36b6d108afb42c8f21e6c27253546d2e2313b5bad896c0be65a219006d

      SHA512

      4dc91e8776591652738c8247910016e7b6eb966b5e797ce0b247aa30821a9767806af9e9c78f7dcc836bb83ee572fcca9e75f1cb56be6447c03b38d6b7ac337f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      aea8a43bd1e97245e32021d20c057f0d

      SHA1

      e58e30c6695fbff9f0856f62c307fb0d27ae8abc

      SHA256

      ac8e467c8333777b7feaabad170d6f791956c8b137a0bda099c5d7233b757c2a

      SHA512

      72a326651f27a827344b4670528b48b69c490cdfed38e24ca760aeef0abb33043b4d4def942a2aadfe028f018dae1900e52bf85955d61915089616dd017576ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      aea8a43bd1e97245e32021d20c057f0d

      SHA1

      e58e30c6695fbff9f0856f62c307fb0d27ae8abc

      SHA256

      ac8e467c8333777b7feaabad170d6f791956c8b137a0bda099c5d7233b757c2a

      SHA512

      72a326651f27a827344b4670528b48b69c490cdfed38e24ca760aeef0abb33043b4d4def942a2aadfe028f018dae1900e52bf85955d61915089616dd017576ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      7f2b9288cd6bf5e6fe6f703955b8a8cb

      SHA1

      9d426ab0428863df611b07d3b8311c6489317d3f

      SHA256

      35f8f82096dd5cd1f7af94bdec9385a4f4783a38d6b1f47d285935ebf573990d

      SHA512

      818219ef3309486410701f6347434cf38b572c19a3cf6fb4156742f24cd8cc52dd475ae5196399ab1aeeb684ecafddbe323af82ad6c0efacbed2b28fdb5e768e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1rrT6S9XIJ.bat
      Filesize

      199B

      MD5

      6cc11e63639976c8ba8dd5d61e3254e0

      SHA1

      17548508a6d58f713c087df4e4972706e70b292a

      SHA256

      026d5b626eda6b896922be5737ee6e1e036fb5f69a8e8e2e520b335a75c672c1

      SHA512

      2023e91469486bb9cd7b32c36a9a1e6d95e11bd7c868ef41b667690b40f7b0b2c247c5097d02373f98c018174bdfe9c4c3607b99506cd589822fc6c5ad7dcf61

      Download Submit

    • C:\providercommon\1zu9dW.bat
      Filesize

      36B

      MD5

      6783c3ee07c7d151ceac57f1f9c8bed7

      SHA1

      17468f98f95bf504cc1f83c49e49a78526b3ea03

      SHA256

      8ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322

      SHA512

      c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8

      Download Submit

    • C:\providercommon\DllCommonsvc.exe
      Filesize

      1.0MB

      MD5

      bd31e94b4143c4ce49c17d3af46bcad0

      SHA1

      f8c51ff3ff909531d9469d4ba1bbabae101853ff

      SHA256

      b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63

      SHA512

      f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394

      Download Submit

    • C:\providercommon\DllCommonsvc.exe
      Filesize

      1.0MB

      MD5

      bd31e94b4143c4ce49c17d3af46bcad0

      SHA1

      f8c51ff3ff909531d9469d4ba1bbabae101853ff

      SHA256

      b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63

      SHA512

      f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394

      Download Submit

    • C:\providercommon\DllCommonsvc.exe
      Filesize

      1.0MB

      MD5

      bd31e94b4143c4ce49c17d3af46bcad0

      SHA1

      f8c51ff3ff909531d9469d4ba1bbabae101853ff

      SHA256

      b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63

      SHA512

      f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394

      Download Submit

    • C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe
      Filesize

      197B

      MD5

      8088241160261560a02c84025d107592

      SHA1

      083121f7027557570994c9fc211df61730455bb5

      SHA256

      2072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1

      SHA512

      20d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478

      Download Submit

    • memory/160-425-0x0000000000000000-mapping.dmp

      Download

    • memory/752-260-0x0000000000000000-mapping.dmp

      Download

    • memory/840-436-0x0000000000000000-mapping.dmp

      Download

    • memory/1020-427-0x0000000000000000-mapping.dmp

      Download

    • memory/1448-414-0x0000000000000000-mapping.dmp

      Download

    • memory/1940-409-0x0000000000000000-mapping.dmp

      Download

    • memory/2016-310-0x0000000000000000-mapping.dmp

      Download

    • memory/2204-151-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-152-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-155-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-156-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-157-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-158-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-159-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-160-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-161-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-162-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-163-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-164-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-165-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-166-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-167-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-168-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-169-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-170-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-171-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-173-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-172-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-174-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-175-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-176-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-177-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-178-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-179-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-180-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-181-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-182-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-183-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-121-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-122-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-123-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-153-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-138-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-120-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-125-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-150-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-149-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-126-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-128-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-129-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-154-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-130-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-131-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-139-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-140-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-137-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-148-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-141-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-147-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-136-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-146-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-145-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-144-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-143-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-142-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-132-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-133-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-134-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2204-135-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2340-335-0x0000000000000000-mapping.dmp

      Download

    • memory/3312-423-0x0000000000000000-mapping.dmp

      Download

    • memory/3320-430-0x0000000000000000-mapping.dmp

      Download

    • memory/3720-309-0x0000020C784A0000-0x0000020C784C2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3720-292-0x0000000000000000-mapping.dmp

      Download

    • memory/4260-315-0x00000179443D0000-0x0000017944446000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4260-293-0x0000000000000000-mapping.dmp

      Download

    • memory/4428-415-0x0000000000000000-mapping.dmp

      Download

    • memory/4448-420-0x0000000000000000-mapping.dmp

      Download

    • memory/4544-289-0x0000000000D90000-0x0000000000D9C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4544-283-0x0000000000000000-mapping.dmp

      Download

    • memory/4544-286-0x0000000000740000-0x0000000000850000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4544-287-0x0000000000D60000-0x0000000000D72000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4544-288-0x0000000000D70000-0x0000000000D7C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4544-290-0x0000000000DA0000-0x0000000000DAC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4560-417-0x0000000000000000-mapping.dmp

      Download

    • memory/4576-419-0x0000000000000000-mapping.dmp

      Download

    • memory/4756-416-0x0000000000000000-mapping.dmp

      Download

    • memory/4796-413-0x0000000000000000-mapping.dmp

      Download

    • memory/4804-291-0x0000000000000000-mapping.dmp

      Download

    • memory/4816-412-0x0000000000000000-mapping.dmp

      Download

    • memory/4860-418-0x0000000000000000-mapping.dmp

      Download

    • memory/4984-609-0x0000000000000000-mapping.dmp

      Download

    • memory/4996-186-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4996-185-0x00000000771D0000-0x000000007735E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4996-184-0x0000000000000000-mapping.dmp

      Download