dcrat | 2f9bf1b8e047c1fa8ec80deccb3e9b575aaf5247f23c0fea81157b8b995562c9

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 21:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c44819eb2ff2ffd7f9bf6163d5994a99.exe
Size

1.5MB
MD5

c44819eb2ff2ffd7f9bf6163d5994a99
SHA1

1af74ac1121a7704c69c934035f68df1d9205576
SHA256

2f9bf1b8e047c1fa8ec80deccb3e9b575aaf5247f23c0fea81157b8b995562c9
SHA512

0ad8b5afd6482327feba6a79cd5a7bfbbbc40bc7888783e757c5b3d4b6a9db4e2f1b6f108351b2d3390028e767e3e5fb7ac6354c0a9f66553e37d13741bb4420
SSDEEP

24576:d2G/nvxW3W9hIWg69UY2cJLejOLGz3lVPde0Aj2CQrOyRgwpqhrVcyXSIhQ:dbA3G33sRCvyRg5qt

Score

10^/10

dcrat infostealer rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

Process spawned unexpected child process 36 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2580	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2472	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2612	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2588	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2632	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2608	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2540	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1516	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2224	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2872	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2892	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2992	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2432	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2468	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1448	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1784	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1972	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1824	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2156	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2040	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2520	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1032	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1072	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	948	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2320	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2312	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	240	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1476	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1364	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	336	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	944	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2428	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1864	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1396	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1768	2920	schtasks.exe	32
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1888	2920	schtasks.exe	32

DCRat payload 3 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral1/files/0x002a0000000165c9-11.dat	dcrat
behavioral1/memory/2700-13-0x00000000000F0000-0x0000000000224000-memory.dmp	dcrat
behavioral1/memory/2396-50-0x0000000000040000-0x0000000000174000-memory.dmp	dcrat

Executes dropped EXE 2 IoCs

pid	Process
2700	chainPerfDll.exe
2396	dwm.exe

Loads dropped DLL 2 IoCs

pid	Process
2056	cmd.exe
2056	cmd.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Uninstall Information\Idle.exe	chainPerfDll.exe
File created	C:\Program Files\Uninstall Information\6ccacd8608530f	chainPerfDll.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 36 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1768	schtasks.exe
2892	schtasks.exe
1972	schtasks.exe
240	schtasks.exe
1476	schtasks.exe
336	schtasks.exe
2428	schtasks.exe
2580	schtasks.exe
2612	schtasks.exe
2588	schtasks.exe
2608	schtasks.exe
2872	schtasks.exe
2156	schtasks.exe
1032	schtasks.exe
1364	schtasks.exe
1888	schtasks.exe
944	schtasks.exe
1396	schtasks.exe
2632	schtasks.exe
1516	schtasks.exe
2224	schtasks.exe
1448	schtasks.exe
2520	schtasks.exe
948	schtasks.exe
1784	schtasks.exe
2040	schtasks.exe
2312	schtasks.exe
2992	schtasks.exe
2432	schtasks.exe
1824	schtasks.exe
1072	schtasks.exe
2320	schtasks.exe
1864	schtasks.exe
2472	schtasks.exe
2540	schtasks.exe
2468	schtasks.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2700	chainPerfDll.exe
2700	chainPerfDll.exe
2700	chainPerfDll.exe
2700	chainPerfDll.exe
2700	chainPerfDll.exe
2396	dwm.exe
2396	dwm.exe
2396	dwm.exe
2396	dwm.exe
2396	dwm.exe
2396	dwm.exe
2396	dwm.exe
2396	dwm.exe
2396	dwm.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2700	chainPerfDll.exe
Token: SeDebugPrivilege	2396	dwm.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2108	1540	c44819eb2ff2ffd7f9bf6163d5994a99.exe	28
PID 1540 wrote to memory of 2108	1540	c44819eb2ff2ffd7f9bf6163d5994a99.exe	28
PID 1540 wrote to memory of 2108	1540	c44819eb2ff2ffd7f9bf6163d5994a99.exe	28
PID 1540 wrote to memory of 2108	1540	c44819eb2ff2ffd7f9bf6163d5994a99.exe	28
PID 2108 wrote to memory of 2056	2108	WScript.exe	30
PID 2108 wrote to memory of 2056	2108	WScript.exe	30
PID 2108 wrote to memory of 2056	2108	WScript.exe	30
PID 2108 wrote to memory of 2056	2108	WScript.exe	30
PID 2056 wrote to memory of 2700	2056	cmd.exe	31
PID 2056 wrote to memory of 2700	2056	cmd.exe	31
PID 2056 wrote to memory of 2700	2056	cmd.exe	31
PID 2056 wrote to memory of 2700	2056	cmd.exe	31
PID 2700 wrote to memory of 2396	2700	chainPerfDll.exe	70
PID 2700 wrote to memory of 2396	2700	chainPerfDll.exe	70
PID 2700 wrote to memory of 2396	2700	chainPerfDll.exe	70

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\c44819eb2ff2ffd7f9bf6163d5994a99.exe
"C:\Users\Admin\AppData\Local\Temp\c44819eb2ff2ffd7f9bf6163d5994a99.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\comRefNetCommonsvc\8MgiEWoxbbYDSMA1DFyZ.vbe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\comRefNetCommonsvc\QGIh2QXQ99ka6NL.bat" "
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2056
  - - C:\comRefNetCommonsvc\chainPerfDll.exe
      "C:\comRefNetCommonsvc\chainPerfDll.exe"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2700
    - - C:\Users\All Users\Favorites\dwm.exe
        
        "C:\Users\All Users\Favorites\dwm.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2396

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\csrss.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2580

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2472

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2612

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'C:\comRefNetCommonsvc\wininit.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2588

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\comRefNetCommonsvc\wininit.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2632

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 10 /tr "'C:\comRefNetCommonsvc\wininit.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2608

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\cmd.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2540

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\MSOCache\All Users\cmd.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1516

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\cmd.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2224

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 9 /tr "'C:\Recovery\7156ad82-9b8d-11ee-a45c-bce704e297ea\sppsvc.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2872

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Recovery\7156ad82-9b8d-11ee-a45c-bce704e297ea\sppsvc.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2892

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 13 /tr "'C:\Recovery\7156ad82-9b8d-11ee-a45c-bce704e297ea\sppsvc.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2992

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 5 /tr "'C:\Users\Admin\Desktop\lsass.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2432

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\Admin\Desktop\lsass.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2468

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 11 /tr "'C:\Users\Admin\Desktop\lsass.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1448

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\Favorites\dwm.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1784

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Users\All Users\Favorites\dwm.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1972

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Favorites\dwm.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1824

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 13 /tr "'C:\comRefNetCommonsvc\spoolsv.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2156

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\comRefNetCommonsvc\spoolsv.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2040

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 13 /tr "'C:\comRefNetCommonsvc\spoolsv.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2520

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 14 /tr "'C:\comRefNetCommonsvc\csrss.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1032

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\comRefNetCommonsvc\csrss.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1072

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\comRefNetCommonsvc\csrss.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:948

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 5 /tr "'C:\comRefNetCommonsvc\audiodg.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2320

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\comRefNetCommonsvc\audiodg.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2312

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 7 /tr "'C:\comRefNetCommonsvc\audiodg.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:240

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 10 /tr "'C:\comRefNetCommonsvc\taskhost.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1476

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\comRefNetCommonsvc\taskhost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1364

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 9 /tr "'C:\comRefNetCommonsvc\taskhost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:336

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 9 /tr "'C:\comRefNetCommonsvc\taskhost.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:944

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\comRefNetCommonsvc\taskhost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2428

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\comRefNetCommonsvc\taskhost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1864

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 7 /tr "'C:\Program Files\Uninstall Information\Idle.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1396

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\Idle.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1768

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 6 /tr "'C:\Program Files\Uninstall Information\Idle.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\comRefNetCommonsvc\8MgiEWoxbbYDSMA1DFyZ.vbe

Filesize
210B

MD5
9dac29d31af393491b90673d79ff8a4b

SHA1
05b71211575fc4861dd075b11da6bd87f62f4554

SHA256
ad8055cfb3e110b7b7227c9db5071559f8b8e5d4fa8cf05892ddc3f7a45551bc

SHA512
2bff06e8702ff5ceaf401fa46644df737b55ff898db0005380f370a04ba0bd2c32fbf6f6227b9937ef6202070d3995d4a78774211c73b8c1ac2f9859e8279fcb

Download Submit
C:\comRefNetCommonsvc\QGIh2QXQ99ka6NL.bat

Filesize
40B

MD5
f3be4b07d4624cfa5a444497e00c14d2

SHA1
3edb26d22f70e32f95d506528d682de73cf0b8cf

SHA256
7a61441e265ab1772ffe1e87c7002aa1f4533313c1383905fe8d1508b2d14ed8

SHA512
182e0e08d93a1ca74524d4a1bb38ab7824115293e5fc168f6337daefc107a0835c925ea6c47ac29446539212ee270838399d6a6106f641555377c457cd0fee12

Download Submit
\comRefNetCommonsvc\chainPerfDll.exe

Filesize
1.2MB

MD5
7f0a2572a0910b3f9e08175f93ebfe22

SHA1
c62ed7ea6d001dcac8b6fdcd65b00708c6c4fbbe

SHA256
55db61ef4e149769a22b6eadd09776016263884c5fb26fc5949fad81cce7960b

SHA512
e758ac2cf3072e5e6906883a908f1b6fbfb62e05e8a9639e6bdcd18183ef15a1989c4e12a9ad33ac82f59c05333d49c84b95ab731699660fe41c2b0fc580750f

Download Submit
memory/2396-51-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

Filesize
9.9MB

Download
memory/2396-54-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/2396-53-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

Filesize
9.9MB

Download
memory/2396-52-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/2396-50-0x0000000000040000-0x0000000000174000-memory.dmp

Filesize
1.2MB

Download
memory/2700-16-0x00000000004F0000-0x000000000050C000-memory.dmp

Filesize
112KB

Download
memory/2700-49-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

Filesize
9.9MB

Download
memory/2700-18-0x0000000000530000-0x000000000053C000-memory.dmp

Filesize
48KB

Download
memory/2700-17-0x0000000000510000-0x0000000000526000-memory.dmp

Filesize
88KB

Download
memory/2700-15-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2700-14-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

Filesize
9.9MB

Download
memory/2700-13-0x00000000000F0000-0x0000000000224000-memory.dmp

Filesize
1.2MB

Download