33404548b77479ba69c3007ab280cda78d854095317e4e3d1e359150c7da1830

Analysis

max time kernel
199s
max time network
47s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GOSTH.exe
Size

12.0MB
MD5

8a6621ef2a40bdf4c3e709348025dd75
SHA1

4669cb3d48201caf2ec4d886c9d6484d8c159806
SHA256

33404548b77479ba69c3007ab280cda78d854095317e4e3d1e359150c7da1830
SHA512

9c6efd76533fe44d51ed5f26b86a12f978945e78bfdaa39feaba98adda67b53baf7a91acd023cf79d595e6107e28ad23d3b25404617ac743927dd355b023c763
SSDEEP

196608:wz08t3q6WAqF8GlSUtG1Dj4mK6Cv5IKvQFYMr4z6d9LtPvaXvD/2QRV1DMx:wI8tGF8sStjHK6+50Yaoi1NvAvDOQRvu

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	svchost.exe

Executes dropped EXE 6 IoCs

pid	Process
2488	gosth.exe
2972	icsys.icn.exe
268	explorer.exe
2276	spoolsv.exe
1208	svchost.exe
320	spoolsv.exe

Loads dropped DLL 9 IoCs

pid	Process
2772	GOSTH.exe
2772	GOSTH.exe
2972	icsys.icn.exe
2488	gosth.exe
2488	gosth.exe
268	explorer.exe
2276	spoolsv.exe
1208	svchost.exe
1416	Process not Found

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	explorer.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\System32\d3dx11_43.dll	gosth.exe
File created	C:\Windows\System32\d3dcompiler_43.dll	gosth.exe
File created	C:\Windows\System32\d3dx9_43.dll	gosth.exe
File opened for modification	C:\Windows\SysWOW64\explorer.exe	svchost.exe
File opened for modification	C:\Windows\SysWOW64\explorer.exe	explorer.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2488	gosth.exe
2488	gosth.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Resources\Themes\icsys.icn.exe	GOSTH.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	icsys.icn.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\svchost.exe	spoolsv.exe
File opened for modification	C:\Windows\Resources\tjud.exe	explorer.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2744	schtasks.exe
1476	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2772	GOSTH.exe
2488	gosth.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
268	explorer.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
268	explorer.exe
1208	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2488	gosth.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2772	GOSTH.exe
2772	GOSTH.exe
2972	icsys.icn.exe
2972	icsys.icn.exe
268	explorer.exe
268	explorer.exe
2276	spoolsv.exe
2276	spoolsv.exe
1208	svchost.exe
1208	svchost.exe
320	spoolsv.exe
320	spoolsv.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2488	2772	GOSTH.exe	29
PID 2772 wrote to memory of 2488	2772	GOSTH.exe	29
PID 2772 wrote to memory of 2488	2772	GOSTH.exe	29
PID 2772 wrote to memory of 2488	2772	GOSTH.exe	29
PID 2772 wrote to memory of 2972	2772	GOSTH.exe	30
PID 2772 wrote to memory of 2972	2772	GOSTH.exe	30
PID 2772 wrote to memory of 2972	2772	GOSTH.exe	30
PID 2772 wrote to memory of 2972	2772	GOSTH.exe	30
PID 2972 wrote to memory of 268	2972	icsys.icn.exe	31
PID 2972 wrote to memory of 268	2972	icsys.icn.exe	31
PID 2972 wrote to memory of 268	2972	icsys.icn.exe	31
PID 2972 wrote to memory of 268	2972	icsys.icn.exe	31
PID 268 wrote to memory of 2276	268	explorer.exe	32
PID 268 wrote to memory of 2276	268	explorer.exe	32
PID 268 wrote to memory of 2276	268	explorer.exe	32
PID 268 wrote to memory of 2276	268	explorer.exe	32
PID 2276 wrote to memory of 1208	2276	spoolsv.exe	33
PID 2276 wrote to memory of 1208	2276	spoolsv.exe	33
PID 2276 wrote to memory of 1208	2276	spoolsv.exe	33
PID 2276 wrote to memory of 1208	2276	spoolsv.exe	33
PID 1208 wrote to memory of 320	1208	svchost.exe	34
PID 1208 wrote to memory of 320	1208	svchost.exe	34
PID 1208 wrote to memory of 320	1208	svchost.exe	34
PID 1208 wrote to memory of 320	1208	svchost.exe	34
PID 268 wrote to memory of 2160	268	explorer.exe	35
PID 268 wrote to memory of 2160	268	explorer.exe	35
PID 268 wrote to memory of 2160	268	explorer.exe	35
PID 268 wrote to memory of 2160	268	explorer.exe	35
PID 1208 wrote to memory of 2744	1208	svchost.exe	36
PID 1208 wrote to memory of 2744	1208	svchost.exe	36
PID 1208 wrote to memory of 2744	1208	svchost.exe	36
PID 1208 wrote to memory of 2744	1208	svchost.exe	36
PID 1208 wrote to memory of 1476	1208	svchost.exe	39
PID 1208 wrote to memory of 1476	1208	svchost.exe	39
PID 1208 wrote to memory of 1476	1208	svchost.exe	39
PID 1208 wrote to memory of 1476	1208	svchost.exe	39

C:\Users\Admin\AppData\Local\Temp\GOSTH.exe
"C:\Users\Admin\AppData\Local\Temp\GOSTH.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772
- \??\c:\users\admin\appdata\local\temp\gosth.exe
  c:\users\admin\appdata\local\temp\gosth.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2488
- C:\Windows\Resources\Themes\icsys.icn.exe
  C:\Windows\Resources\Themes\icsys.icn.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - \??\c:\windows\resources\themes\explorer.exe
    c:\windows\resources\themes\explorer.exe
    3⤵
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:268
  - - \??\c:\windows\resources\spoolsv.exe
      c:\windows\resources\spoolsv.exe SE
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2276
    - - \??\c:\windows\resources\svchost.exe
        
        c:\windows\resources\svchost.exe
        5⤵
        Modifies visiblity of hidden/system files in Explorer
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1208
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe PR
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 23:35 /f
        6⤵
        Creates scheduled task(s)
        
        PID:2744
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 23:36 /f
        6⤵
        Creates scheduled task(s)
        
        PID:1476
  - - C:\Windows\Explorer.exe
      C:\Windows\Explorer.exe
      4⤵
      PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gosth.exe

Filesize
11.8MB

MD5
1294281dbfd0bca99e5e696b24427532

SHA1
e6bf82ae428bf2c34a9269e59b5db515c10f7bbd

SHA256
bc8ff526ced651295f1394f5b994df93cc390f8e13e5d4b2ffbea5c7530114f4

SHA512
6c15af4a3c864b067dab85e8ca67016739a8c41eed79f9c30ff056ec3bfd5600c71f72b32532fc7f52eb1118a3591d0570d40ea8b54be55c39653bdb98ec6d5a

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
135KB

MD5
bf27c9265bc77f830ea2fac812cb7ef9

SHA1
173e3c0d487f08a7a7c625acf0486405cabbe347

SHA256
d9bae8cd250ce78fea7f3652c8c24ae7a1743666b48cfb14f6b88a558a5af827

SHA512
72a4ac32df8323084635c6d2d39b945c7607c0e6665f262b590449649f91aa67f1d1576f59bec8326de5986fc917f8c00a8334f60736f17e1c34cd7d5239bbba

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
135KB

MD5
bf27c9265bc77f830ea2fac812cb7ef9

SHA1
173e3c0d487f08a7a7c625acf0486405cabbe347

SHA256
d9bae8cd250ce78fea7f3652c8c24ae7a1743666b48cfb14f6b88a558a5af827

SHA512
72a4ac32df8323084635c6d2d39b945c7607c0e6665f262b590449649f91aa67f1d1576f59bec8326de5986fc917f8c00a8334f60736f17e1c34cd7d5239bbba

Download Submit
C:\Windows\Resources\Themes\icsys.icn.exe

Filesize
135KB

MD5
d6317b6f27ee2e6e557a7cd8fbc78bef

SHA1
f757c1c6618fd8c577dc3c313b7194fe544806c7

SHA256
a7c833583c989ae5f7ed05f47c8c3735cb44a4c3bec9623bd1f795c6ac56ad29

SHA512
95a8e745e477b3aa51a2787d953d4e4c32e52156f89c2b537576dda5a90bbf80c0f34d636e061dc0f2c8db7f9a3df5f0a86c3134f6fec41e1b13b6fd66f2ab0e

Download Submit
C:\Windows\Resources\spoolsv.exe

Filesize
135KB

MD5
9246579ddbafb35a5c84d38ab322ec2b

SHA1
c9c11c33d111039558ca24acdb749c2464807f7d

SHA256
907a40b426ca95133fc2430ca8b8d27f5a5373614583587d6bd6b86d374025d8

SHA512
f2d62377c950acfc3a40972979803c100e337931812fd4de205b6381e5deb673bcf66164ebd32bd153f6abb69497a4dbf59550de3e8f7b113bda98c1cf4c86f9

Download Submit
C:\Windows\Resources\spoolsv.exe

Filesize
135KB

MD5
9246579ddbafb35a5c84d38ab322ec2b

SHA1
c9c11c33d111039558ca24acdb749c2464807f7d

SHA256
907a40b426ca95133fc2430ca8b8d27f5a5373614583587d6bd6b86d374025d8

SHA512
f2d62377c950acfc3a40972979803c100e337931812fd4de205b6381e5deb673bcf66164ebd32bd153f6abb69497a4dbf59550de3e8f7b113bda98c1cf4c86f9

Download Submit
C:\Windows\Resources\svchost.exe

Filesize
135KB

MD5
98dde6902d4c037d0656cc06abf6e907

SHA1
b2703edd739e2a91fede221cff0058c4fe96668c

SHA256
5c401f93d7e8685850f22d96966514dfebd6b89faa3a7efa2253ebaf80cdcefc

SHA512
72c846a3e3942fb805779fbf548cd158631828f95e696a51ef348d909852bda9f5697468a802e09f9632df0b5bd43340caf443f8fe5179660740916ab248d989

Download Submit
\??\c:\users\admin\appdata\local\temp\gosth.exe

Filesize
11.8MB

MD5
1294281dbfd0bca99e5e696b24427532

SHA1
e6bf82ae428bf2c34a9269e59b5db515c10f7bbd

SHA256
bc8ff526ced651295f1394f5b994df93cc390f8e13e5d4b2ffbea5c7530114f4

SHA512
6c15af4a3c864b067dab85e8ca67016739a8c41eed79f9c30ff056ec3bfd5600c71f72b32532fc7f52eb1118a3591d0570d40ea8b54be55c39653bdb98ec6d5a

Download Submit
\??\c:\windows\resources\spoolsv.exe

Filesize
135KB

MD5
9246579ddbafb35a5c84d38ab322ec2b

SHA1
c9c11c33d111039558ca24acdb749c2464807f7d

SHA256
907a40b426ca95133fc2430ca8b8d27f5a5373614583587d6bd6b86d374025d8

SHA512
f2d62377c950acfc3a40972979803c100e337931812fd4de205b6381e5deb673bcf66164ebd32bd153f6abb69497a4dbf59550de3e8f7b113bda98c1cf4c86f9

Download Submit
\??\c:\windows\resources\svchost.exe

Filesize
135KB

MD5
98dde6902d4c037d0656cc06abf6e907

SHA1
b2703edd739e2a91fede221cff0058c4fe96668c

SHA256
5c401f93d7e8685850f22d96966514dfebd6b89faa3a7efa2253ebaf80cdcefc

SHA512
72c846a3e3942fb805779fbf548cd158631828f95e696a51ef348d909852bda9f5697468a802e09f9632df0b5bd43340caf443f8fe5179660740916ab248d989

Download Submit
\??\c:\windows\resources\themes\explorer.exe

Filesize
135KB

MD5
bf27c9265bc77f830ea2fac812cb7ef9

SHA1
173e3c0d487f08a7a7c625acf0486405cabbe347

SHA256
d9bae8cd250ce78fea7f3652c8c24ae7a1743666b48cfb14f6b88a558a5af827

SHA512
72a4ac32df8323084635c6d2d39b945c7607c0e6665f262b590449649f91aa67f1d1576f59bec8326de5986fc917f8c00a8334f60736f17e1c34cd7d5239bbba

Download Submit
\??\c:\windows\resources\themes\icsys.icn.exe

Filesize
135KB

MD5
d6317b6f27ee2e6e557a7cd8fbc78bef

SHA1
f757c1c6618fd8c577dc3c313b7194fe544806c7

SHA256
a7c833583c989ae5f7ed05f47c8c3735cb44a4c3bec9623bd1f795c6ac56ad29

SHA512
95a8e745e477b3aa51a2787d953d4e4c32e52156f89c2b537576dda5a90bbf80c0f34d636e061dc0f2c8db7f9a3df5f0a86c3134f6fec41e1b13b6fd66f2ab0e

Download Submit
\Users\Admin\AppData\Local\Temp\gosth.exe

Filesize
11.8MB

MD5
1294281dbfd0bca99e5e696b24427532

SHA1
e6bf82ae428bf2c34a9269e59b5db515c10f7bbd

SHA256
bc8ff526ced651295f1394f5b994df93cc390f8e13e5d4b2ffbea5c7530114f4

SHA512
6c15af4a3c864b067dab85e8ca67016739a8c41eed79f9c30ff056ec3bfd5600c71f72b32532fc7f52eb1118a3591d0570d40ea8b54be55c39653bdb98ec6d5a

Download Submit
\Users\Admin\AppData\Local\Temp\gosth.exe

Filesize
11.8MB

MD5
1294281dbfd0bca99e5e696b24427532

SHA1
e6bf82ae428bf2c34a9269e59b5db515c10f7bbd

SHA256
bc8ff526ced651295f1394f5b994df93cc390f8e13e5d4b2ffbea5c7530114f4

SHA512
6c15af4a3c864b067dab85e8ca67016739a8c41eed79f9c30ff056ec3bfd5600c71f72b32532fc7f52eb1118a3591d0570d40ea8b54be55c39653bdb98ec6d5a

Download Submit
\Windows\Resources\Themes\explorer.exe

Filesize
135KB

MD5
bf27c9265bc77f830ea2fac812cb7ef9

SHA1
173e3c0d487f08a7a7c625acf0486405cabbe347

SHA256
d9bae8cd250ce78fea7f3652c8c24ae7a1743666b48cfb14f6b88a558a5af827

SHA512
72a4ac32df8323084635c6d2d39b945c7607c0e6665f262b590449649f91aa67f1d1576f59bec8326de5986fc917f8c00a8334f60736f17e1c34cd7d5239bbba

Download Submit
\Windows\Resources\Themes\icsys.icn.exe

Filesize
135KB

MD5
d6317b6f27ee2e6e557a7cd8fbc78bef

SHA1
f757c1c6618fd8c577dc3c313b7194fe544806c7

SHA256
a7c833583c989ae5f7ed05f47c8c3735cb44a4c3bec9623bd1f795c6ac56ad29

SHA512
95a8e745e477b3aa51a2787d953d4e4c32e52156f89c2b537576dda5a90bbf80c0f34d636e061dc0f2c8db7f9a3df5f0a86c3134f6fec41e1b13b6fd66f2ab0e

Download Submit
\Windows\Resources\spoolsv.exe

Filesize
135KB

MD5
9246579ddbafb35a5c84d38ab322ec2b

SHA1
c9c11c33d111039558ca24acdb749c2464807f7d

SHA256
907a40b426ca95133fc2430ca8b8d27f5a5373614583587d6bd6b86d374025d8

SHA512
f2d62377c950acfc3a40972979803c100e337931812fd4de205b6381e5deb673bcf66164ebd32bd153f6abb69497a4dbf59550de3e8f7b113bda98c1cf4c86f9

Download Submit
\Windows\Resources\spoolsv.exe

Filesize
135KB

MD5
9246579ddbafb35a5c84d38ab322ec2b

SHA1
c9c11c33d111039558ca24acdb749c2464807f7d

SHA256
907a40b426ca95133fc2430ca8b8d27f5a5373614583587d6bd6b86d374025d8

SHA512
f2d62377c950acfc3a40972979803c100e337931812fd4de205b6381e5deb673bcf66164ebd32bd153f6abb69497a4dbf59550de3e8f7b113bda98c1cf4c86f9

Download Submit
\Windows\Resources\svchost.exe

Filesize
135KB

MD5
98dde6902d4c037d0656cc06abf6e907

SHA1
b2703edd739e2a91fede221cff0058c4fe96668c

SHA256
5c401f93d7e8685850f22d96966514dfebd6b89faa3a7efa2253ebaf80cdcefc

SHA512
72c846a3e3942fb805779fbf548cd158631828f95e696a51ef348d909852bda9f5697468a802e09f9632df0b5bd43340caf443f8fe5179660740916ab248d989

Download Submit
\Windows\System32\d3dcompiler_43.dll

Filesize
2.4MB

MD5
ada0c39d4eacdc81fd84163a95d62079

SHA1
207321f1b449985b2d06ed50b989fa6259e4eb8e

SHA256
44c3a7e330b54a35a9efa015831392593aa02e7da1460be429d17c3644850e8a

SHA512
1afc63db5d2030b76abc19094fc9fef28cc6250bd265294647e65db81f13749c867722924460f7a6021c739f4057f95501f0322cdec28a2101bf94164557a1a5

Download Submit
\Windows\System32\d3dx11_43.dll

Filesize
270KB

MD5
9d6429f410597750b2dc2579b2347303

SHA1
e35acb15ea52f6cd0587b4ca8da0486b859fd048

SHA256
981e42629df751217406e7150477cddc853b79abd6a8568a1566298ed8f7bd59

SHA512
46cbfb1e22c3f469bdc80515560448f6f83607fd6974bb68b9c7f86ca10c69878f1312b32c81c0f57b931c43bad80bd46bdf26ab4ffb999abb0b73de27ad7c56

Download Submit
memory/268-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/268-94-0x0000000000270000-0x000000000028F000-memory.dmp

Filesize
124KB

Download
memory/320-81-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1208-76-0x0000000000340000-0x000000000035F000-memory.dmp

Filesize
124KB

Download
memory/1208-95-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2276-82-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2276-68-0x0000000000280000-0x000000000029F000-memory.dmp

Filesize
124KB

Download
memory/2488-22-0x0000000140000000-0x0000000141AE4000-memory.dmp

Filesize
26.9MB

Download
memory/2488-14-0x0000000076EE0000-0x0000000076EE2000-memory.dmp

Filesize
8KB

Download
memory/2488-10-0x0000000076EE0000-0x0000000076EE2000-memory.dmp

Filesize
8KB

Download
memory/2488-31-0x0000000076D30000-0x0000000076ED9000-memory.dmp

Filesize
1.7MB

Download
memory/2488-29-0x0000000140000000-0x0000000141AE4000-memory.dmp

Filesize
26.9MB

Download
memory/2488-12-0x0000000076EE0000-0x0000000076EE2000-memory.dmp

Filesize
8KB

Download
memory/2488-18-0x0000000076D30000-0x0000000076ED9000-memory.dmp

Filesize
1.7MB

Download
memory/2488-21-0x0000000076EF0000-0x0000000076EF2000-memory.dmp

Filesize
8KB

Download
memory/2488-19-0x0000000076EF0000-0x0000000076EF2000-memory.dmp

Filesize
8KB

Download
memory/2488-16-0x0000000076EF0000-0x0000000076EF2000-memory.dmp

Filesize
8KB

Download
memory/2488-83-0x0000000180000000-0x00000001807F3000-memory.dmp

Filesize
7.9MB

Download
memory/2488-87-0x0000000180000000-0x00000001807F3000-memory.dmp

Filesize
7.9MB

Download
memory/2488-15-0x0000000140000000-0x0000000141AE4000-memory.dmp

Filesize
26.9MB

Download
memory/2488-51-0x0000000180000000-0x00000001807F3000-memory.dmp

Filesize
7.9MB

Download
memory/2488-90-0x0000000180000000-0x00000001807F3000-memory.dmp

Filesize
7.9MB

Download
memory/2488-91-0x0000000076D30000-0x0000000076ED9000-memory.dmp

Filesize
1.7MB

Download
memory/2488-92-0x0000000140000000-0x0000000141AE4000-memory.dmp

Filesize
26.9MB

Download
memory/2772-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2772-42-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2972-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download