3d5b5be07939390fbfaf99686610df55d7c6eae7395c02a523f5028bd68fdb9e

Analysis

max time kernel
132s
max time network
137s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-04-2023 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriverEasy.5.7.0.exe
Size

3.9MB
MD5

69a34500bdb95a4e6a408d859d86accd
SHA1

ac6db3f7a982e9edb7d0c669ce0c43c37d6a5933
SHA256

3d5b5be07939390fbfaf99686610df55d7c6eae7395c02a523f5028bd68fdb9e
SHA512

a436250dbab821bba6c179a40d711f2c0d47b8fd675b249694837bfca9050eba2aee7e6d9ba902b26113cb960c2bdeee98dadcb840c0ff7473358ab0efaa5030
SSDEEP

98304:1diPuVIBxzPqWFvZio5q8rKN+bEs1rpXlJROah:uuVI3zPquximq8FNN1x

Score

7^/10

bootkit persistence

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

DriverEasyPortable.exe

pid process

2024 DriverEasyPortable.exe
Executes dropped EXE 3 IoCs

Processes:

DriverEasy.5.7.0.tmpDriverEasyPortable.exeDriverEasy.exe

pid process

856 DriverEasy.5.7.0.tmp
2024 DriverEasyPortable.exe
1612 DriverEasy.exe

pid	process
2024	DriverEasyPortable.exe

pid	process
856	DriverEasy.5.7.0.tmp
2024	DriverEasyPortable.exe
1612	DriverEasy.exe

Loads dropped DLL 11 IoCs

Processes:

DriverEasy.5.7.0.exeDriverEasy.5.7.0.tmpDriverEasyPortable.exeDriverEasy.exe

pid	process
932	DriverEasy.5.7.0.exe
856	DriverEasy.5.7.0.tmp
856	DriverEasy.5.7.0.tmp
856	DriverEasy.5.7.0.tmp
856	DriverEasy.5.7.0.tmp
856	DriverEasy.5.7.0.tmp
2024	DriverEasyPortable.exe
2024	DriverEasyPortable.exe
2024	DriverEasyPortable.exe
1612	DriverEasy.exe
2024	DriverEasyPortable.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

DriverEasy.exe

description ioc process

File opened for modification \??\PhysicalDrive0 DriverEasy.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	DriverEasy.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DriverEasy.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_Dell&Prod_THINAIR_DISK	DriverEasy.exe

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

DriverEasy.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate DriverEasy.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate	DriverEasy.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

DriverEasy.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	DriverEasy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverEasy.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

DriverEasy.5.7.0.tmpDriverEasyPortable.exe

pid process

856 DriverEasy.5.7.0.tmp
856 DriverEasy.5.7.0.tmp
856 DriverEasy.5.7.0.tmp
2024 DriverEasyPortable.exe
2024 DriverEasyPortable.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

468

pid	process
856	DriverEasy.5.7.0.tmp
856	DriverEasy.5.7.0.tmp
856	DriverEasy.5.7.0.tmp
2024	DriverEasyPortable.exe
2024	DriverEasyPortable.exe

pid	process
468

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

DriverEasy.exeDriverEasyPortable.exe

description	pid	process
Token: SeDebugPrivilege	1612	DriverEasy.exe
Token: SeLoadDriverPrivilege	1612	DriverEasy.exe
Token: SeDebugPrivilege	2024	DriverEasyPortable.exe
Token: SeDebugPrivilege	2024	DriverEasyPortable.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

DriverEasy.5.7.0.tmp

pid process

856 DriverEasy.5.7.0.tmp

pid	process
856	DriverEasy.5.7.0.tmp

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

DriverEasy.5.7.0.exeDriverEasyPortable.exe

description	pid	process	target process
PID 932 wrote to memory of 856	932	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 932 wrote to memory of 856	932	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 932 wrote to memory of 856	932	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 932 wrote to memory of 856	932	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 932 wrote to memory of 856	932	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 932 wrote to memory of 856	932	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 932 wrote to memory of 856	932	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 2024 wrote to memory of 1612	2024	DriverEasyPortable.exe	DriverEasy.exe
PID 2024 wrote to memory of 1612	2024	DriverEasyPortable.exe	DriverEasy.exe
PID 2024 wrote to memory of 1612	2024	DriverEasyPortable.exe	DriverEasy.exe
PID 2024 wrote to memory of 1612	2024	DriverEasyPortable.exe	DriverEasy.exe

C:\Users\Admin\AppData\Local\Temp\DriverEasy.5.7.0.exe
"C:\Users\Admin\AppData\Local\Temp\DriverEasy.5.7.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:932
- C:\Users\Admin\AppData\Local\Temp\is-HMPM5.tmp\DriverEasy.5.7.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HMPM5.tmp\DriverEasy.5.7.0.tmp" /SL5="$70126,3724160,330752,C:\Users\Admin\AppData\Local\Temp\DriverEasy.5.7.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:856

C:\Users\Admin\Desktop\DriverEasyPortable\DriverEasyPortable.exe
"C:\Users\Admin\Desktop\DriverEasyPortable\DriverEasyPortable.exe"
1⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\DriverEasy.exe
  C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\DriverEasy.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Checks SCSI registry key(s)
  - Enumerates system info in registry
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:1612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fd6b14a7a83339144dbe22f21f07aed

SHA1
844257bd1d42a07d53a9eba62e322f90db7944de

SHA256
d803a8740b334b38263ca5ae152fcafdf0cc06cb41731a5f9fbe5a754b2538bf

SHA512
d3469413681c0a51e56bd964fbf164f2ca0d7ff307e8eb283270e84356288bfeef7c40a2fdcdb5f4f65816178f64c90ff227d13fd8235d218b6e632cd3259c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD839.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD92C.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HMPM5.tmp\DriverEasy.5.7.0.tmp

Filesize
1.1MB

MD5
bf61f7e7761c80a27b13f82014f5687b

SHA1
1894fac2a9e8adcfb74a864e92155f9a4506a9d5

SHA256
26f877e0e715507e37f2ca323e0e5897d4246478ee55b8b779eb0b4e92ef7244

SHA512
df0dc8a6db13218b4a4e1c47b13f791d10fff5649d0fda5bf40636a22128abd83d57a7dd695e8cd4ddb0e09d050eff033eaa2aa242fa7e1b20cf61f36e49b54a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7D3E.tmp\CRCCheck.dll

Filesize
4KB

MD5
1003c060ec11402db650554e73d5cc29

SHA1
6254d6a53d3d98f630faf1221e8708559bfae4d2

SHA256
134b970a955c94c24e61ea2cbf545f282e205f98c48afce40b91fa567916e4a5

SHA512
5b28509c18bd6dcb26982da8795284edb2d1b700ec524ea7995719ecd7641159ba60dfb0f0a2b075bc14682d364a4fd17b7a0fe325f2f6d4bb00406a21154b8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7D3E.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7D3E.tmp\registry.dll

Filesize
29KB

MD5
2880bf3bbbc8dcaeb4367df8a30f01a8

SHA1
cb5c65eae4ae923514a67c95ada2d33b0c3f2118

SHA256
acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

SHA512
ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverEasy\drivers\Drivers.data

Filesize
15KB

MD5
27263d504ea9090dc5e1d062e18769e7

SHA1
a57a684c83ec8f72a5781ceb52705b7cf31759f6

SHA256
af13dccf94be0c07764cbc23dfbd4c9e84322a4023b197c20c4be9ef7fdd8d62

SHA512
2426a613caad5d1c2da51e77735584b455e282e9cc6993cf9060f765ae5a9032b86e42fccf1e9a554a249263d5f8bc3d02aaeed8aa5f91d94e44ad375d866464

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverEasy\license.dat

Filesize
290B

MD5
a712ae94693c47fcb913ae20ae5e897e

SHA1
92f3e59f5359af2286783248e68130148fa728dc

SHA256
19424198ea735dd58179b99a532d83f3b2b7d32091d387b6cb9d2816f83cddab

SHA512
7a41a2377ef02b5b2a114596a826f0f17d7864eca617c227b6edd2a849ceedd26863dc79f0453ce13d2f9d67081e75eb1819b175a782b85843702063c82ac35c

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverEasy\settings.dat

Filesize
872B

MD5
cdffd4cbe404ecdef9d6ad02033af431

SHA1
55f998d9869f2ebe33122b3ed160114c8b0a9436

SHA256
823127f33ccee1b413bebf021edf4accaba216564e42eec8bb6873b3d7272356

SHA512
2611daad039925ba1dbedaaf9edeae650f708e79861503761d62d4cbd8e505593bd86eab85a8532ea630c18aeae9cba3229f980c83d0c269e46e5d02bfa3142f

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DefaultData\license.dat

Filesize
290B

MD5
a712ae94693c47fcb913ae20ae5e897e

SHA1
92f3e59f5359af2286783248e68130148fa728dc

SHA256
19424198ea735dd58179b99a532d83f3b2b7d32091d387b6cb9d2816f83cddab

SHA512
7a41a2377ef02b5b2a114596a826f0f17d7864eca617c227b6edd2a849ceedd26863dc79f0453ce13d2f9d67081e75eb1819b175a782b85843702063c82ac35c

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DefaultData\settings.dat

Filesize
872B

MD5
cdffd4cbe404ecdef9d6ad02033af431

SHA1
55f998d9869f2ebe33122b3ed160114c8b0a9436

SHA256
823127f33ccee1b413bebf021edf4accaba216564e42eec8bb6873b3d7272356

SHA512
2611daad039925ba1dbedaaf9edeae650f708e79861503761d62d4cbd8e505593bd86eab85a8532ea630c18aeae9cba3229f980c83d0c269e46e5d02bfa3142f

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\DriverEasy.exe

Filesize
3.8MB

MD5
f8eda29963dc44bf64b903dd85572bd5

SHA1
cf15730ec84f8de925bb3ac8b19cff38bd39d9d9

SHA256
3751375fb6838cb6899c8b696941703fa21fd633ca9184b640043b180062f779

SHA512
9fb541a96e9f9350f64aed73d99bf4d4a7b66df8ad1e44f36da1556c4dfcc7132e3875e118ade99b4414518eaa0126f1b4f68e2d55f8ebd3cbcbf39df1197cc5

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\DriverEasy.exe

Filesize
3.8MB

MD5
f8eda29963dc44bf64b903dd85572bd5

SHA1
cf15730ec84f8de925bb3ac8b19cff38bd39d9d9

SHA256
3751375fb6838cb6899c8b696941703fa21fd633ca9184b640043b180062f779

SHA512
9fb541a96e9f9350f64aed73d99bf4d4a7b66df8ad1e44f36da1556c4dfcc7132e3875e118ade99b4414518eaa0126f1b4f68e2d55f8ebd3cbcbf39df1197cc5

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\DriverEasy.exe.config

Filesize
263B

MD5
0550e282f7d6d76a0b757916257599e6

SHA1
795f1f6e4e93a5d5281a27839b4995ad817e7ac4

SHA256
6847509084814f51bde2f3bfd9b689a52451b4d976c0850b057026f65c47d445

SHA512
a6b81da11748745bdccf0a4683837d3c9c52be648698b155581fabb23c39814f276c145a91c2c25a3aeb28389fa56763f7119e74a878cb7fbd4c25c8deac3f73

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\Easeware.CheckScheduledScan.exe

Filesize
38KB

MD5
99d92dfc4a701b713455f367d1657283

SHA1
39ecb336804170acbf4f919e591afea8eb9cdc97

SHA256
f4b9b34777840a0663093953fb16b27c6847e2e601a9725a032e8400fb90a58c

SHA512
e05be88586777b7ea4dcc3dd5970ce9964c1e15bd97231f4b6eb97aede29e980df3f30a77318dccca760e6ee3b41b3e9020b305ef90c360e2c81ff0097c29844

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\Easeware.Driver.Backup.dll

Filesize
55KB

MD5
3d3b616d1bc41ead07ce8492f6e36778

SHA1
01760c6b9761ace8646c0e49fd35cc560f462f14

SHA256
c0bebcbd9e3ad247ba1669c59f746a4d473d60429a8a1e7f4ba5d6814e80ddb8

SHA512
ec7e76f40886806ba63be76334757eb51f8263b9c9c90d46cfbf9860f30be1c09adb1c6496c95ebc2e7c5b55b6536b77d4a0a330ad1cd6eaf508f3c197c88197

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\Easeware.Driver.Core.dll

Filesize
281KB

MD5
efdef902a4f2a2f70e9bfdddb0f0868d

SHA1
932643594b6c1a43e1a9031eac3c79df576a04b2

SHA256
bf8764023e6396c8386f339ed8ba3f071da07412e1e06b809aac1d43adfffc06

SHA512
b6c626a7e5862f13ba1c8e4145a783c65d917f163f8c93d4914a3f6a2eef263574863ae78e79102a7c4873500af24acc4ff4abc0f4904e4ad591b9b3743ce288

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\HardwareInfo\HardwareInfo64.dll

Filesize
1.2MB

MD5
e396d2a1948c7914a76e096feba039dc

SHA1
1f49360424e22d7298e8f987211a537cbb4f2ae9

SHA256
f0756d391d2567dfb47657140c5c42713b598df84adf863c0245d0737c651ac4

SHA512
a86a28df1dc4f2a17699bb99bf426799c1b40714f960bf68d64f114cf1ce5823c115816218b2dd61490157fa221c69d2141fc5206977b1037a9ae333a108bf6b

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\App\Portable by TryRooM.txt

Filesize
19B

MD5
5d9257139aeb819f9406b8128e0aa9f0

SHA1
1e9a70e769bc5adbbefa2a9ab9b8d92e08d2990d

SHA256
864540e32b8e80fe98b38fd9547dfeec97205a1c298e1fa28ec0294c92653396

SHA512
71f51c5501f2da9332d55047af1ab6211babbcf46f55caf78d56886264b208a385fc7b3cc579c9c2db53a566dc08c8c758bc9c6ea6f337ae016492577fbcb70f

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\Data\DriverEasy\drivers\Drivers.data

Filesize
15KB

MD5
27263d504ea9090dc5e1d062e18769e7

SHA1
a57a684c83ec8f72a5781ceb52705b7cf31759f6

SHA256
af13dccf94be0c07764cbc23dfbd4c9e84322a4023b197c20c4be9ef7fdd8d62

SHA512
2426a613caad5d1c2da51e77735584b455e282e9cc6993cf9060f765ae5a9032b86e42fccf1e9a554a249263d5f8bc3d02aaeed8aa5f91d94e44ad375d866464

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\Data\DriverEasy\license.dat

Filesize
290B

MD5
a712ae94693c47fcb913ae20ae5e897e

SHA1
92f3e59f5359af2286783248e68130148fa728dc

SHA256
19424198ea735dd58179b99a532d83f3b2b7d32091d387b6cb9d2816f83cddab

SHA512
7a41a2377ef02b5b2a114596a826f0f17d7864eca617c227b6edd2a849ceedd26863dc79f0453ce13d2f9d67081e75eb1819b175a782b85843702063c82ac35c

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\Data\DriverEasy\settings.dat

Filesize
872B

MD5
cdffd4cbe404ecdef9d6ad02033af431

SHA1
55f998d9869f2ebe33122b3ed160114c8b0a9436

SHA256
823127f33ccee1b413bebf021edf4accaba216564e42eec8bb6873b3d7272356

SHA512
2611daad039925ba1dbedaaf9edeae650f708e79861503761d62d4cbd8e505593bd86eab85a8532ea630c18aeae9cba3229f980c83d0c269e46e5d02bfa3142f

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\DriverEasyPortable.exe

Filesize
343KB

MD5
e766b4ecdc52cfba570afc2c51f50d00

SHA1
9249911f892b4d147cbc242844a7471ba5a8be6a

SHA256
4182dd0f3b2053a41b94ffb13cdf18a9959024f2280c7c8d2538486e4e6237a2

SHA512
aa26e847f0133cf3b1ad5a32695d893ab3d2d3b91db195a602eebc59b7152ed5c39702a98733a77eba1b9a5818005d3e6fa2bcb212433c38abd727e857d08f18

Download Submit
C:\Users\Admin\Desktop\DriverEasyPortable\DriverEasyPortable.exe

Filesize
343KB

MD5
e766b4ecdc52cfba570afc2c51f50d00

SHA1
9249911f892b4d147cbc242844a7471ba5a8be6a

SHA256
4182dd0f3b2053a41b94ffb13cdf18a9959024f2280c7c8d2538486e4e6237a2

SHA512
aa26e847f0133cf3b1ad5a32695d893ab3d2d3b91db195a602eebc59b7152ed5c39702a98733a77eba1b9a5818005d3e6fa2bcb212433c38abd727e857d08f18

Download Submit
\Users\Admin\AppData\Local\Temp\is-HMPM5.tmp\DriverEasy.5.7.0.tmp

Filesize
1.1MB

MD5
bf61f7e7761c80a27b13f82014f5687b

SHA1
1894fac2a9e8adcfb74a864e92155f9a4506a9d5

SHA256
26f877e0e715507e37f2ca323e0e5897d4246478ee55b8b779eb0b4e92ef7244

SHA512
df0dc8a6db13218b4a4e1c47b13f791d10fff5649d0fda5bf40636a22128abd83d57a7dd695e8cd4ddb0e09d050eff033eaa2aa242fa7e1b20cf61f36e49b54a

Download Submit
\Users\Admin\AppData\Local\Temp\is-MTKVH.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-MTKVH.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-MTKVH.tmp\b2p.dll

Filesize
22KB

MD5
ab35386487b343e3e82dbd2671ff9dab

SHA1
03591d07aea3309b631a7d3a6e20a92653e199b8

SHA256
c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

SHA512
b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

Download Submit
\Users\Admin\AppData\Local\Temp\is-MTKVH.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-MTKVH.tmp\iswin7logo.dll

Filesize
39KB

MD5
1ea948aad25ddd347d9b80bef6df9779

SHA1
0be971e67a6c3b1297e572d97c14f74b05dafed3

SHA256
30eb67bdd71d3a359819a72990029269672d52f597a2d1084d838caae91a6488

SHA512
f2cc5dce9754622f5a40c1ca20b4f00ac01197b8401fd4bd888bfdd296a43ca91a3ca261d0e9e01ee51591666d2852e34cee80badadcb77511b8a7ae72630545

Download Submit
\Users\Admin\AppData\Local\Temp\nso7D3E.tmp\CRCCheck.dll

Filesize
4KB

MD5
1003c060ec11402db650554e73d5cc29

SHA1
6254d6a53d3d98f630faf1221e8708559bfae4d2

SHA256
134b970a955c94c24e61ea2cbf545f282e205f98c48afce40b91fa567916e4a5

SHA512
5b28509c18bd6dcb26982da8795284edb2d1b700ec524ea7995719ecd7641159ba60dfb0f0a2b075bc14682d364a4fd17b7a0fe325f2f6d4bb00406a21154b8e

Download Submit
\Users\Admin\AppData\Local\Temp\nso7D3E.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nso7D3E.tmp\registry.dll

Filesize
29KB

MD5
2880bf3bbbc8dcaeb4367df8a30f01a8

SHA1
cb5c65eae4ae923514a67c95ada2d33b0c3f2118

SHA256
acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

SHA512
ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

Download Submit
\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\DriverEasy.exe

Filesize
3.8MB

MD5
f8eda29963dc44bf64b903dd85572bd5

SHA1
cf15730ec84f8de925bb3ac8b19cff38bd39d9d9

SHA256
3751375fb6838cb6899c8b696941703fa21fd633ca9184b640043b180062f779

SHA512
9fb541a96e9f9350f64aed73d99bf4d4a7b66df8ad1e44f36da1556c4dfcc7132e3875e118ade99b4414518eaa0126f1b4f68e2d55f8ebd3cbcbf39df1197cc5

Download Submit
\Users\Admin\Desktop\DriverEasyPortable\App\DriverEasy\HardwareInfo\HardwareInfo64.dll

Filesize
1.2MB

MD5
e396d2a1948c7914a76e096feba039dc

SHA1
1f49360424e22d7298e8f987211a537cbb4f2ae9

SHA256
f0756d391d2567dfb47657140c5c42713b598df84adf863c0245d0737c651ac4

SHA512
a86a28df1dc4f2a17699bb99bf426799c1b40714f960bf68d64f114cf1ce5823c115816218b2dd61490157fa221c69d2141fc5206977b1037a9ae333a108bf6b

Download Submit
memory/856-97-0x0000000002110000-0x000000000211F000-memory.dmp

Filesize
60KB

Download
memory/856-95-0x00000000749F0000-0x0000000074A0B000-memory.dmp

Filesize
108KB

Download
memory/856-80-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/856-81-0x00000000749F0000-0x0000000074A0B000-memory.dmp

Filesize
108KB

Download
memory/856-82-0x0000000001F10000-0x0000000001F30000-memory.dmp

Filesize
128KB

Download
memory/856-86-0x0000000002110000-0x000000000211F000-memory.dmp

Filesize
60KB

Download
memory/856-91-0x00000000747E0000-0x00000000747F1000-memory.dmp

Filesize
68KB

Download
memory/856-99-0x0000000001F10000-0x0000000001F30000-memory.dmp

Filesize
128KB

Download
memory/856-92-0x0000000002100000-0x0000000002102000-memory.dmp

Filesize
8KB

Download
memory/856-156-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/856-98-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/856-101-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/856-94-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/932-158-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/932-54-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/932-93-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1612-203-0x0000000000820000-0x0000000000832000-memory.dmp

Filesize
72KB

Download
memory/1612-211-0x0000000000810000-0x000000000081A000-memory.dmp

Filesize
40KB

Download
memory/1612-210-0x0000000000810000-0x000000000081A000-memory.dmp

Filesize
40KB

Download
memory/1612-209-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download
memory/1612-208-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download
memory/1612-207-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/1612-206-0x0000000002340000-0x000000000234E000-memory.dmp

Filesize
56KB

Download
memory/1612-314-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download
memory/1612-317-0x0000000000810000-0x0000000000812000-memory.dmp

Filesize
8KB

Download
memory/1612-196-0x00000000022F0000-0x000000000233C000-memory.dmp

Filesize
304KB

Download
memory/1612-194-0x00000000001E0000-0x00000000005AE000-memory.dmp

Filesize
3.8MB

Download
memory/1612-200-0x0000000000810000-0x000000000081A000-memory.dmp

Filesize
40KB

Download
memory/1612-199-0x0000000000810000-0x000000000081A000-memory.dmp

Filesize
40KB

Download
memory/1612-198-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download
memory/1612-197-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download