74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829

Resubmissions

29-07-2024 20:42

240729-zhgrrszamp 10

29-07-2024 20:40

240729-zfvwlstepd 10

Analysis

max time kernel
59s
max time network
60s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
29-07-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x360ce.exe
Size

14.7MB
MD5

be80f3348b240bcee1aa96d33fe0e768
SHA1

40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed
SHA256

74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829
SHA512

dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a
SSDEEP

196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 4 IoCs

Processes:

DrvInst.exeDrvInst.exe

description	ioc	process
File created	C:\Windows\System32\drivers\SET369B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\ViGEmBus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\xusb22.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\SET369B.tmp	DrvInst.exe

Drops file in System32 directory 27 IoCs

Processes:

DrvInst.exedevcon.x64.exeDrvInst.exeDrvInst.exe

description	ioc	process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\SET3555.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\vigembus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_dc012c700833063e\x64\WdfCoInstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\SET3576.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_dc012c700833063e\ViGEmBus.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_dc012c700833063e\x64\ViGEmBus.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_dc012c700833063e\vigembus.PNF	devcon.x64.exe
File created	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\x64\SET3524.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\x64\SET3525.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\x64\SET3525.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\x64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\x64\SET3524.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\SET3555.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\SET369C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_495dad3cbfbbe7a5\xusb22.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_495dad3cbfbbe7a5\xusb22.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\x64\ViGEmBus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\SET3576.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\x64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{76d4e073-5468-da44-9a8b-31d541067aee}\ViGEmBus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_dc012c700833063e\vigembus.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_dc012c700833063e\vigembus.PNF	DrvInst.exe
File created	C:\Windows\System32\SET369C.tmp	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 32 IoCs

Processes:

x360ce.exe

description	ioc	process
File created	C:\Program Files\ViGEm ViGEmBus\Win10\x64\WdfCoinstaller01009.dll	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\devcon.x86.exe	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\WinVS\x86\ViGEmBus.sys	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\Win10\ViGEmBus.inf	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\Win10\x86\ViGEmBus.sys	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\Win10\x86\WdfCoinstaller01009.dll	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\WinVS\ViGEmBus.cat	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\WinVS\ViGEmBus.inf	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\WinVS\x64\ViGEmBus.sys	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\Win10\x64\ViGEmBus.sys	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\WinVS\ViGEmBus.cat	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\devcon.x86.exe	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\ViGEmBus_GitHub.url	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\ViGEmBus_Setup.bat	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\WinVS\x64\ViGEmBus.sys	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\WinVS\x86\WdfCoinstaller01009.dll	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\WinVS\x86\WdfCoinstaller01009.dll	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\Win10\ViGEmBus.cat	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\Win10\ViGEmBus.cat	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\Win10\x64\WdfCoinstaller01009.dll	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\Win10\x86\ViGEmBus.sys	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\WinVS\ViGEmBus.inf	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\devcon.x64.exe	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\ViGEmBus_GitHub.url	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\Win10\x64\ViGEmBus.sys	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\WinVS\x86\ViGEmBus.sys	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\Win10\ViGEmBus.inf	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\devcon.x64.exe	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\ViGEmBus_Setup.bat	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\Win10\x86\WdfCoinstaller01009.dll	x360ce.exe
File created	C:\Program Files\ViGEm ViGEmBus\WinVS\x64\WdfCoinstaller01009.dll	x360ce.exe
File opened for modification	C:\Program Files\ViGEm ViGEmBus\WinVS\x64\WdfCoinstaller01009.dll	x360ce.exe

Drops file in Windows directory 51 IoCs

Processes:

x360ce.exeDrvInst.exeDrvInst.exedevcon.x64.exeDrvInst.exesvchost.exe

description	ioc	process
File opened for modification	C:\Windows\INF\cdrom.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\c_swdevice.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\rdpbus.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\INF\c_volume.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\volmgr.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\monitor.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\basicrender.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\hdaudio.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.x64.exe
File opened for modification	C:\Windows\INF\ksfilter.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\machine.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\basicdisplay.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\pci.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\mssmbios.PNF	x360ce.exe
File created	C:\Windows\INF\oem3.PNF	DrvInst.exe
File opened for modification	C:\Windows\INF\printqueue.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\vdrvroot.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\disk.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\input.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\audioendpoint.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\vhdmp.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\swenum.PNF	x360ce.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\oem3.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\hal.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\keyboard.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\hdaudbus.PNF	x360ce.exe
File created	C:\Windows\INF\xusb22.PNF	DrvInst.exe
File opened for modification	C:\Windows\INF\ndisvirtualbus.PNF	x360ce.exe
File created	C:\Windows\INF\c_processor.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\volume.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\volsnap.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\usbport.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\display.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\umbus.PNF	x360ce.exe
File created	C:\Windows\INF\c_diskdrive.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\cpu.PNF	x360ce.exe
File created	C:\Windows\INF\c_monitor.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\compositebus.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\spaceport.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\mshdc.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\acpi.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\msmouse.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\netrtl64.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\kdnic.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\wdmaudio.PNF	x360ce.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe

Executes dropped EXE 1 IoCs

Processes:

devcon.x64.exe

pid process

856 devcon.x64.exe
Loads dropped DLL 1 IoCs

Processes:

x360ce.exe

pid process

3412 x360ce.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
856	devcon.x64.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DrvInst.exex360ce.exeDrvInst.exedevcon.x64.exeDrvInst.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	devcon.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	devcon.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	devcon.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	devcon.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	devcon.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	devcon.x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	DrvInst.exe

Modifies data under HKEY_USERS 42 IoCs

Processes:

DrvInst.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

x360ce.exe

pid	process
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe
3412	x360ce.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

x360ce.exesvchost.exedevcon.x64.exeDrvInst.exeDrvInst.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	3412	x360ce.exe
Token: SeAuditPrivilege	428	svchost.exe
Token: SeSecurityPrivilege	428	svchost.exe
Token: SeLoadDriverPrivilege	856	devcon.x64.exe
Token: SeRestorePrivilege	3280	DrvInst.exe
Token: SeBackupPrivilege	3280	DrvInst.exe
Token: SeRestorePrivilege	3280	DrvInst.exe
Token: SeBackupPrivilege	3280	DrvInst.exe
Token: SeLoadDriverPrivilege	3280	DrvInst.exe
Token: SeLoadDriverPrivilege	3280	DrvInst.exe
Token: SeLoadDriverPrivilege	3280	DrvInst.exe
Token: SeRestorePrivilege	2736	DrvInst.exe
Token: SeBackupPrivilege	2736	DrvInst.exe
Token: SeLoadDriverPrivilege	2736	DrvInst.exe
Token: 33	584	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	584	AUDIODG.EXE
Token: SeLoadDriverPrivilege	2736	DrvInst.exe
Token: SeLoadDriverPrivilege	2736	DrvInst.exe
Token: SeLoadDriverPrivilege	2736	DrvInst.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

x360ce.exe

pid process

3412 x360ce.exe
3412 x360ce.exe
3412 x360ce.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

x360ce.exe

pid process

3412 x360ce.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

x360ce.exe

pid process

3412 x360ce.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

x360ce.exesvchost.exe

description	pid	process	target process
PID 3412 wrote to memory of 856	3412	x360ce.exe	devcon.x64.exe
PID 3412 wrote to memory of 856	3412	x360ce.exe	devcon.x64.exe
PID 428 wrote to memory of 4156	428	svchost.exe	DrvInst.exe
PID 428 wrote to memory of 4156	428	svchost.exe	DrvInst.exe
PID 428 wrote to memory of 3280	428	svchost.exe	DrvInst.exe
PID 428 wrote to memory of 3280	428	svchost.exe	DrvInst.exe
PID 428 wrote to memory of 2736	428	svchost.exe	DrvInst.exe
PID 428 wrote to memory of 2736	428	svchost.exe	DrvInst.exe

C:\Users\Admin\AppData\Local\Temp\x360ce.exe
"C:\Users\Admin\AppData\Local\Temp\x360ce.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3412

C:\Program Files\ViGEm ViGEmBus\devcon.x64.exe
"C:\Program Files\ViGEm ViGEmBus\devcon.x64.exe" install Win10\ViGEmBus.inf Nefarius\ViGEmBus\Gen1
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:856

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:428

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{fe986c27-173b-e44b-9fb7-afdc11c3477c}\vigembus.inf" "9" "429a86e87" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files\vigem vigembus\win10"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4156

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem3.inf" "vigembus.inf:c14ce88408607219:ViGEmBus_Device:1.16.112.0:nefarius\vigembus\gen1," "429a86e87" "0000000000000180"
2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3280

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "0" "USB\VID_045E&PID_028E\1&79f5d87&0&01" "" "" "496aa072b" "0000000000000000"
2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:584

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ViGEm ViGEmBus\WinVS\ViGEmBus.inf
Filesize
2KB

MD5
c75c1a401eba37e59c4477b22f8ced9b

SHA1
5e845664f66e4d005fa2b041db4c9f6bf0d564a9

SHA256
63774d6149f036c0d9faf98b062fea6b97debed559a9522099e46b54fe58da40

SHA512
1a12908961361eeea00b98174434e931f5d575a9cf72858a21536c2900c7c55107b5d34952cc149119572d3ea93e3c7d2fca018dd3535660dfb008c82eff8bb2

Download Submit
C:\Program Files\ViGEm ViGEmBus\devcon.x64.exe
Filesize
86KB

MD5
8327506d5ab1b2011a1bac74103757b6

SHA1
c4516d08af8602d4a66283b6c0654908d301bb6a

SHA256
2216d9f6017a9a117a8508967c9436732716db98e24fe4853557fa0f9cbbd93d

SHA512
1c5fac0d552e9700c3ecd4fe75c679f4da364f1efc4389c12e48f94b4398ec4e8fb06b58fd8ac0b381277679dffb00d1d718d55a3fd32ae20c24f6a0ea4d7f06

Download Submit
C:\Windows\INF\acpi.PNF
Filesize
10KB

MD5
24a22935730acfc0da4fa0f222b08105

SHA1
d5dce1bdd36a4edecf400a6dc655bddc82ba840c

SHA256
e6e6cda9d2c2e802d8587d4adab06f035fe5e2a1ba5ca5d84c7b394b367d21a1

SHA512
9a44b6e8dec15d2954ed7d3e617cf15a9e7f47d4f6f6e94cfa205fd22bb1bec7e2f676a5485f7be253e3395351acf9b06b491880cc4dfdcb93059c9e8b3877f1

Download Submit
C:\Windows\INF\audioendpoint.PNF
Filesize
5KB

MD5
9f44ae1bdac14b51c5cb9349d2f73519

SHA1
3828fcf83bbbd43acc81eac77b1c5061ee756f68

SHA256
f47bc6957322c29076cf101e798b765d577059bcc1f5ba50ce83af8af85a6ade

SHA512
f0b4ec9148855fb7bef94d3fe80b49ea9d513dfb865ca0ac08e7a285ac4cfff5a3ad9c7e50dcfc9931a010cb0e841ff8adced9dfca9cd534c558eea01911baa0

Download Submit
C:\Windows\INF\basicdisplay.PNF
Filesize
7KB

MD5
ad490bfd9bee33e512fa22fab8f4496b

SHA1
41e2ab2b76a1d8b12c75a968930b1f3061b6f4e1

SHA256
d2b5bfe0c78614d948fecbbd613ea15bfaba5df889d1eda2f404e79030fe4dcc

SHA512
0a41d1e6539bea6be906b3d74d062f70406f78a689aff370d4d2afbaeec5ede1fcc8039c6007d2391a0f86b2fa97b34ba67519e7c76cba918ef2e830d2aac26b

Download Submit
C:\Windows\INF\basicrender.PNF
Filesize
7KB

MD5
2b85d696842a65b97a70fe8052b5e980

SHA1
2cbe297212bfadb3cddd34b00dd10c416b3a41b1

SHA256
14884f37e4a2ddbc32e4a76b8412d4d233b65d46a1dde220253667b515db9698

SHA512
1ca2c4d75ae64080a6444b9801ea8a626049b817f8b0f29cdb60898bff9855bd8776f78d86f5fa17c97badf3206eb400469777ab1b446d48d2f86d78fa480734

Download Submit
C:\Windows\INF\c_diskdrive.PNF
Filesize
6KB

MD5
c672b29fb4f8b1fec9861a43e70ffc8d

SHA1
83df67c2955d48b968c5e7be0510b300db5170a7

SHA256
8090a494ba3989ec6eef039d37b9b6efd2ed4788740611b9e9b9be80423e92d4

SHA512
dbb93b002a5b89b38d4d61d0259faa96194afe8fd37ae3c409f0960a008048e12b5772cd1531dc5a2b649050c1aff886ae589fa315463699b1c5f31577efc41c

Download Submit
C:\Windows\INF\c_monitor.PNF
Filesize
6KB

MD5
07b0950639f75333a135026e534852dd

SHA1
06bcc95e6f0d6b263e55b5f054bdf91000cbd4f2

SHA256
44e2075bc68f65cf1caf8f8fa32749a898b342a924a7eb3686f3152801fa803e

SHA512
e8e7ec1c7831676326461fa0a555b92235292f2805671bfb60d887cfe3f29169fbb5cd08439646e6ca59fcdb30e650617b7fb5891920f157ba4312d83175fd52

Download Submit
C:\Windows\INF\c_processor.PNF
Filesize
5KB

MD5
e4a5d03d0d1cecafad118bdc2e462056

SHA1
572ead390913905381f54c6147ec12bf2bfa0c1c

SHA256
f79f110497488e3202df9fd4c51ffa7e811e0b7a3aaa0ffa6a026cf5cf50e431

SHA512
70782c7328fd611565f84f5fe5e0113997b82e8d7cc5938a51797cc202c69229c0822ab9255ce5c607bee776568ffd83f4dcd4e3f1c8753cd46d77f78237bb4b

Download Submit
C:\Windows\INF\c_swdevice.PNF
Filesize
6KB

MD5
969afdd21be1091f51131b2e6e3b084a

SHA1
749fa89710b89f5aefb5671b6cd8b026b4934f4e

SHA256
9c1493633508a7883c62e6333d928e0ff686c283516f61d5268cd558e93ba3b7

SHA512
10122b5ddc16b4eba1e3330c0b157582e4d1dfe8fdbd81613d0c76f1fd866c0c30485e5a4f0592d7450aa98223457a110017495417db93ae625569c76b6b60b6

Download Submit
C:\Windows\INF\c_volume.PNF
Filesize
4KB

MD5
eb2e07fcac998223c3e3fa0cd5549e43

SHA1
fc4d0c3bc8f78619c37cd80fac0e4941fe7ad611

SHA256
21c82b8e8a16f6dc8db9d30d803e08551ad5ad517db9aa0609449e038ed02772

SHA512
e2942836db20fb17ec4f142608ba1767c0c05cd58286e4652e2e2966172b4e249542e7fca2ec572d3329c7a55f53d4728f93ceca9653346c9b0d45b95df4231c

Download Submit
C:\Windows\INF\cdrom.PNF
Filesize
11KB

MD5
851790ed2b8e5a872da6e118350db3a4

SHA1
fbae6e3d161c4acd6e238e28513edbafe7f8632a

SHA256
46ea6fe2cc9b2a326470b21c9cec953682ce45f35abebd1cca12e070199762ae

SHA512
836e5a9aa31faef88b7c80641c010c329fe2139f5a267a6f2c68019f66fa245cd3f9fd2fc568f7cdf1eb65ab83cd4ca03d2a9eacf5313226ed30a0dd2a6f3821

Download Submit
C:\Windows\INF\compositebus.PNF
Filesize
7KB

MD5
28a483edb757326f61073dd6846b2815

SHA1
43825d3dc0425daa495bf6dc6310c1b2920b163a

SHA256
bab8d8a5d289d1cb8834bcf55bb81836a66d11c821ce43c98e2cc51cb085586d

SHA512
d0ef57e5807494f03118a331e84a40758ebeed7af827bf6c57f892a2a30bc98e4247d3e538abd8d2b1715bbef2b9df40fae46b7d63c29e9ac60fa0697db67859

Download Submit
C:\Windows\INF\cpu.PNF
Filesize
19KB

MD5
a28723cb5a418d827216d26fa386d49c

SHA1
120219605f8c689a787fb1aacfe4c8fd8b9a71a5

SHA256
91f58b372b794c60ce01f2cf423c08fc677699d5894f83bc3ce3b8f0b4131145

SHA512
3d6c9d697081be2af9c8cd283816ed66c06db7205cdd84ffbfed2724a4e82af41d08b21a78c1a0f63d663186479349e7913785e282f13de7bf1fe5e2228fe873

Download Submit
C:\Windows\INF\disk.PNF
Filesize
16KB

MD5
198e7ae3585c69f68e58c904a941e7a4

SHA1
b8e24281d1ce1ee74b5fd078b7a56b5188370c59

SHA256
e67d0af64682fdae1438669e5a0026e0a836ba3e2b758795caf14fab7ef53f54

SHA512
75c3a3afbeb9a0d4f10d78a36f65664ba30cb98c0a63e67340f3b602a3df20a4f92890116fad641412dfe43236863cc52c2e6c95241c7eb9bce1d1bc1bee5479

Download Submit
C:\Windows\INF\display.PNF
Filesize
7KB

MD5
1ff0d56f76c2f4a3b2b27d13e3ae614f

SHA1
5ca04ded25176e5961d5cb944702c9254481e8d9

SHA256
061136201a3791ab7ba4f4c627567b4de9ed3951112cf42e9811199787d1c58b

SHA512
109fbb12217b5faf8c08a6f6504d502a277593b26f70fa3099abb683106e73d2421bea7152d59ef6accd3ba852fe8cb9ef7a6c81cfcd131ffe55576cc2b87d04

Download Submit
C:\Windows\INF\hal.PNF
Filesize
5KB

MD5
307326f96a4e601b183579f22c234062

SHA1
493126a64cdcd1fd82f08855fcdcdd842331bfd5

SHA256
e37e0c37db7932dfe66ee1b1109d68a8dd179a11d7879263e4a9bbb3d68ec5ff

SHA512
ffbc31af683a190ca45f7b01b325a412140ab396a0e9689110f34c2d88fd503898321d248c0d286b7dbe8d86316b74b026e00c5935154232fe99ec1953312145

Download Submit
C:\Windows\INF\hdaudbus.PNF
Filesize
10KB

MD5
3ebe573b84a994528ebde028e1a1b9e3

SHA1
3435577a7a033ab35b30098285ac9e8560fbb156

SHA256
577cfc58964a2b7ef6c7e46411cb97985ce0a6d84f66a89b2f767a06b6205901

SHA512
e45724546f2ae049dac975ad409a43aeea02658793319c90d4087e48ba7b38325f11acdb4d574c0ce003960d0fbcf67fa606f3cb7aa28d88ae6a0f53016c298f

Download Submit
C:\Windows\INF\hdaudio.PNF
Filesize
102KB

MD5
714c58cc9b701a95227e63f5a88fd8b2

SHA1
717c87debfe349bde418aebc44d3911c828e01a8

SHA256
276430fe46ab5f1d28072c21f8f215fc0b4b3d928ede173c43c68026f09ad677

SHA512
c4b99e1a143fd28ccd01bc7d85e837b3bcd717bf23178a987108e70e088783edba77c73da7a21be66d5c2a5d42f19cde578e2ea9907e38c5ad17a0717a7ba5b4

Download Submit
C:\Windows\INF\input.PNF
Filesize
148KB

MD5
d3e41f0f890d4e6fddcfe40a9b505acc

SHA1
f88380d20be4998b616601f8395871ee9f5c56f4

SHA256
4e927e737d9cedf2d89df8599689f8c29384fe5597eea703ad0b69a79a325e68

SHA512
fb079dcfb68cf9b1c8c5848585b8c1a8c4995b27787c7629ca6ddb3fee52b5b5aecc24bc0c4647bf04488113598b440214bf6d22126cfc2d96dbd567a5d722b8

Download Submit
C:\Windows\INF\kdnic.PNF
Filesize
9KB

MD5
00e65e161a6737f7269623b55c31e782

SHA1
be9203674f327f07e960597b6d40cd33368851d0

SHA256
773daeb4117c7ed764fd9c3f2d2673ab115f7b325039d160288dd1b4e3aa288b

SHA512
422f58bf8b805b1623f02451a5518e12ae0c0b51c9021cfd6fb1b00237e88caadb181ddf971720b4edd139af21077927182c5373c0d2372f8dfca95b742ee8e2

Download Submit
C:\Windows\INF\keyboard.PNF
Filesize
117KB

MD5
6b7c27070fbe613a857ea021cf5737e6

SHA1
ec8a52b8145b7425b76c8b6b55a861de32fc9d59

SHA256
40b6ec7006ea282b8556eb41d2eb8976ffbccf29fcfcf9235531d3e187f28a74

SHA512
5248a87b0eeb864de7f8a3aef5ce9848e96d0bc68dd389cbbafc604163722c93ca57c955a240de9ce894f5880de43bea6b1a03d9e7c1de05d26539042b592fb7

Download Submit
C:\Windows\INF\ksfilter.PNF
Filesize
18KB

MD5
2cab82cf585382def58924ebf94adfa1

SHA1
6d80349e47a43debd6799d9913f38ad0dbe50066

SHA256
6e88e1d439537616519595e3e5860bae1b65430c0274bf1ba412d87898412405

SHA512
c177379bb929cce3a87046f18c3b821b48b84c0f8996b19b5e947947b65f267d984dd3b63ef0dd367e1b7b88e078b3a48b3854defe1669bf81474f0eb5b137c1

Download Submit
C:\Windows\INF\machine.PNF
Filesize
154KB

MD5
e78ee07b75aab800f993576de4a0337d

SHA1
2ef7f37a2f55e9bfb1f1e56db978fdd50f7d5cd3

SHA256
1f5a18ca265758d81ecd125348733bb8247619a5adb392ebde5a635889efb4e9

SHA512
476d1ad8e8d5a7fc4d5a4b0e2777e2a532cecce073acf93279b29532806b1937b4f3c1f1d92a4d5ed84167c19f7e961820c1de56caaf78806e517ec3cbc361ee

Download Submit
C:\Windows\INF\monitor.PNF
Filesize
1.1MB

MD5
de2a198eb7725939c105315a92a79d30

SHA1
43d0b59889a73b5f2089b26be9952d383e2c8d32

SHA256
d3780b9980ea8d517a8740ec35c204e2fb7667e421efeae0c23c278b27ba786a

SHA512
7d9114a9224c9cce02f457e9a977b756a92548214c2d9716f2f1e148824533acbb124d0890668a1f46da258d2756292f1cc2a375c355fb146200c01dc80806b9

Download Submit
C:\Windows\INF\mshdc.PNF
Filesize
68KB

MD5
f991a4388f3684d3f272850cae7d45df

SHA1
8b4a0aeba27b97166289a98df86f41a8f1020e68

SHA256
4718911ca619ac3f4754be71bb5aa0f82a1db72e723f64f09cd6d1fafe2e3f06

SHA512
cfbb25cd3011e252ff1447ff51227c1956c3df23df9a9da9c0bcdd270638a9c0f631208cd3137898c36c7a9b2985f72631b294eb905260c7b5f5cb14b8c1ffe6

Download Submit
C:\Windows\INF\msmouse.PNF
Filesize
94KB

MD5
b88d3cab65777afdf9d9c7b8cb190cea

SHA1
435ef6f0ec97f975660b72626a5df4fcd523d47e

SHA256
9001f3496061971ea79442afd59925ddba3ede734cbb6fa10970d510e547b707

SHA512
f8983babc6158fad96d0c30e2c476e562e50e4e34ed890e1eea9f4a6d17b044349a7a1ddc0f993068ccd3f75ec614ec7796883616010a73e30728c012b1b686f

Download Submit
C:\Windows\INF\mssmbios.PNF
Filesize
7KB

MD5
fb64f3b3091fbf29289ffb162c06fc53

SHA1
1bddb7fd5d991949f9fbc27fb6c6cd07a7245f94

SHA256
25be2e83c5a946aa61b0eb964483663f89758dbc8135b93dcc3ea481e86ce20f

SHA512
1261e97d926d618b5e9b952a5abc5be7cb4af30a3607dfe2f3e18302ad460f9d1759634c697f12c9e06e674c2f483377d1db12a1e764db3cb47116e8f2292cc2

Download Submit
C:\Windows\INF\ndisvirtualbus.PNF
Filesize
6KB

MD5
e05f165d7db805e8b3a4f608d0346b96

SHA1
1500e6427f97addceace7b9a067c67c8cf78a0a1

SHA256
b8310be1538766858b08fc97d149b9b8b9cc37b7c33cb802e24ac7e36d0b1787

SHA512
4a8ef2cea809b9cbfc3fd1505ed5c68115dd0905cad48a11ab9385620ef54f26a74276978c77eee5f0c3a914c28b309aa355bf424495697787bdb5c244183d49

Download Submit
C:\Windows\INF\netrtl64.PNF
Filesize
41KB

MD5
d0ca04a8ee7e80a392825837559cfbd1

SHA1
77bc44155e2ca43f37cb8e37e0424437345464b2

SHA256
0f6d3b0865884675e07ea6955957f533c33462f6fc0fb4fdf9e0d2fdfcbfffd1

SHA512
8f900bd814bf39296b3fe071aea6f7e49320217315be113479f43ed8e417b3b22de86ad56009c49535e540d1c0ce2399cc2541ad8c8b6e099a83c7f0ec03b6fc

Download Submit
C:\Windows\INF\oem3.PNF
Filesize
8KB

MD5
a23ee519739cfe8416a6c91f66b2176d

SHA1
0e28d7003a2ad2c026ef912fdfd19ac7d09bfaf4

SHA256
5b30c0eb2af9d899b013af3355665ab249978fbcb9aae8cf0833121909c2e905

SHA512
1eb89dd847fcaaa846ae01a55b7a05d0041fea281cd1c6abb044490b8625255c8192198562a091b5d7295bab734a9b9ddb51a464c2b3a1b2ce0bea351f63a937

Download Submit
C:\Windows\INF\pci.PNF
Filesize
20KB

MD5
efa41a4d0384a5ca7551fa21c0717fd1

SHA1
cf3585fa59e30b91cac8d74aa819ea6d1dc2b39a

SHA256
6157512eec97ae3893c484e7d55f13bb80cfc4f6ca01c26d93e54d5eac11f34b

SHA512
d72cebc0fac1902f4217fc2f7f5c84f5877c1b49ee0933a34b950e1b9bbceb78eb33a8aadc157f89b312e21d7b01d32a87fca23725580f99ce3963617377d5e0

Download Submit
C:\Windows\INF\printqueue.PNF
Filesize
7KB

MD5
9be93b0383d98b06ddb2104dd429a1f5

SHA1
b4080a7c2a108a7219ac9289715b0e18b07cd372

SHA256
3e8b22a2b0cb6b418be06ae4de52962f9b668693147d484ed76da3aa4762eb27

SHA512
b8c83a6a798611c50926a04fffe8d71c425505289c8830bdf7def4c90ebbebc083bb8a8b236ebd2d22607c3d4fe87c57c1efb15816eecb0405d6eac2552f83a6

Download Submit
C:\Windows\INF\rdpbus.PNF
Filesize
6KB

MD5
b6a870fb48aed8b257dbe325adc52405

SHA1
eb0d308f285bcd27a4c468c9c40c8c1d441015a6

SHA256
1098fd5a686c44842a69ceeec5e3580047a7b7f14b32320fd90638e9c6ce614f

SHA512
c2b3f726ebe63277171072c327c6883f6e2fbf05f85c60774a60d150b079d63509be6bc98eee56de31acfb05e70ddc00fa04886c2be4ac7a5d2d97fdbf035506

Download Submit
C:\Windows\INF\spaceport.PNF
Filesize
7KB

MD5
c330a4ea2ab826bf1d775e66a0145c02

SHA1
75077933fc2d6545245de54754adf18c812f9e56

SHA256
fd016d40b860195a82a418663e477e9e1efe1df3eb9637045a6b20980cbea53b

SHA512
55b95eeac9fc220bbc3d677727dd121f4692d46d524cdcf891a49612d1a4bae1d9ceb2881cf17301b393cfc426007f5c052094ee3a54ff238cd797e43e003074

Download Submit
C:\Windows\INF\swenum.PNF
Filesize
7KB

MD5
714ca406f565bb78f378cdb82a6489a4

SHA1
cc47b98061d2d24d5dc5adf215fe2d2774421ecb

SHA256
a6f179036bb21b9da833595dd92905cd8cc7fa679c96ccca9f4054153b976194

SHA512
0bb0a1bc162d3f11e436bca4f426d2ef6c517a57ac3e9392610e0dcda85875a0840479a21c8da277d245790b14d9bb53132edbaa3abc392210c2a3a84c07a117

Download Submit
C:\Windows\INF\umbus.PNF
Filesize
9KB

MD5
1a188613edd476e90ae9480ea90f13b3

SHA1
e5f71525d59094d070b9bb96fdb7c6123e713ccf

SHA256
8cb7b31cc51191b632e0db79e4ec6a9c5c234e04b3d3832b7cb1e1f9bb77ec60

SHA512
f4a22e419f2348f185c19cd84c138faf5e44d6a756acf6e561692a80669ccf1ba290a9d776737d7a17c5b4031e31a4ba97d84437f91616441e878b248b4b067d

Download Submit
C:\Windows\INF\usbport.PNF
Filesize
153KB

MD5
c2603b8d3ac2e0a75d451029beae6b67

SHA1
992c1b6d69bc2775e3de00c2365879a618513d6a

SHA256
5826e0a8758cbd4480f3e0aaa3c3c3a5c935cd0af0a4fa6a213f691e493ebc03

SHA512
f386d234ed01be2a73cb5fb499cd02bd28fd53649c9ebf94fc95a29a1e8a9ae3baf8e66004cd9d3e5199379ae784db735f33bd14ac8ba182cae8611b2d41ca86

Download Submit
C:\Windows\INF\vdrvroot.PNF
Filesize
7KB

MD5
bf083e14b261c2ed425e2a1a4c32bc23

SHA1
1bd698fe5d67b3ad4e602a6c0f166b11bf46a488

SHA256
9dbc64bfd9d9c71b9070c2d29a9f385254f70f45adf32b7f8ee2f09f810fb67d

SHA512
7fbc64f2befdbabaa3fd76e886ce6b9b526609da6a864a9c1d6d76767e2092814ac1fb0175c793ece0b350d10b9269e2235748b9cabfd42759fb34501e1f85df

Download Submit
C:\Windows\INF\vhdmp.PNF
Filesize
7KB

MD5
3e17ee3de5725b3ee93f8c3d638922f9

SHA1
1d672f8d54a40b666c1c8504527f6ea789a14a66

SHA256
1d5bc965c2f774b57184c13371b815452df6f41235c1dec84e572baa781ba918

SHA512
4f33f1ea6fe3c094955d92871d4278de3ed7cfdf8274ec2bf51dc9cdab06b51f65b6db8d88d09633d96d12c1f5d8f1c7b14a4e934b641459288c2aedf650a90b

Download Submit
C:\Windows\INF\volmgr.PNF
Filesize
8KB

MD5
2f8a748799881670076e2b9d36cb6df1

SHA1
ee0dbee0b3baa1e54a405a102f6a9fdb60bca1a3

SHA256
d579cb87058cbd163859a0165435de51d07a9d861e21ef3911894218518a4772

SHA512
67e4e9108f83b88ab7ac3764a52dffa0b472c2046369e85e8512a59c7d612f955fa6e90837621214ac7ab26b9ce48f16f83b113398d31453bb577efb1b2c8dde

Download Submit
C:\Windows\INF\volsnap.PNF
Filesize
5KB

MD5
a195e6c7be394e4fcf4a7634becbc6e3

SHA1
269f3df2901c966d74b6d992c60bc5f7ea0e92f7

SHA256
49b0c46be8f805120ff25b2910e36e2a752205fa750bb3884d997e979600fa00

SHA512
9490450b0b4c78eaca2fbecd31a52287c5d87c5ca70fd3cf67b8e595a906f8669c96bc9033bb448188f0403878fafaa77a5a25d61c1b9434db2c860a10ae23e9

Download Submit
C:\Windows\INF\volume.PNF
Filesize
5KB

MD5
ec9f693826caa12d8f2ff681120a1705

SHA1
ba2f29924d9afd9d736705c5273f5a1c44b390a7

SHA256
cfc6b2886f171482623deeca32f8d9d879bc5a77247be0299ee903a40baf9b64

SHA512
22f48d604d2135b405c97a1e4264bfe04d9377f2079dc41e774eb8c78cdca1c2d54533dfaa52eea83ff4a79a94538775c0929f6c3455e786334c801ab308c3b0

Download Submit
C:\Windows\INF\wdmaudio.PNF
Filesize
26KB

MD5
9078c21b7c80d50741ec83c6cace0fb6

SHA1
e9945a6cd9fd0d712e40fa99ace7be455809b1ad

SHA256
5ae4afff6b1cdb8740c247542e627c9651b1912113cefee384f6099d84341ae0

SHA512
e808977c331c84d25ef5146a035e7c8238aed8af92de1408529f650188a13e0529a5aacd6dec5440d376759dead3e93ef31c07d6e6c899ebdeabf6821c87254d

Download Submit
C:\Windows\INF\xusb22.PNF
Filesize
9KB

MD5
0308395766257571395fd0906d08406a

SHA1
3d31f08389cb60d41e37e629ed35fa46fb165432

SHA256
3660499805cf5b9a11fea0e9d07001b74c9e220ca6463953e2db6297cd479030

SHA512
54312394101ca94132a3517c70cff08f0728afd7fb3686a344517e387855c5c3c242d583a62b8eac25e0b849dbecf02d49f6d6e0b0ce5248dbfd24d0ec88fd3e

Download Submit
C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_dc012c700833063e\vigembus.PNF
Filesize
8KB

MD5
487150163e82a50b7bc58903ef9f9aab

SHA1
32cd3a4420dfe1218e4228f9b4c691896ed55721

SHA256
cc97eb8ff06926f760ea6292590e534e82ed43fba8d19c86070ff76e108cc12c

SHA512
3f16ab80ac6f573d8a86743cc74513e73388fc4d01757f93f5b80dae3ff7c4573ed74333d5dc4b7da1fa0e433b97fb9bb829f8607a52e46c6f6098c0df15ec94

Download Submit
\??\c:\PROGRA~1\VIGEMV~1\win10\x64\ViGEmBus.sys
Filesize
67KB

MD5
129165f67ccbb25be6be8ae2f0c15dda

SHA1
499865e046dc1d70edbf2a31ef06c03b6c6ea855

SHA256
1a1e57cb0dd7ca08d96bbb1b6ce667e3273702c13a7ecf86839b7642ef8255e0

SHA512
4666cf73ef77b0e7b86822fdc18743d41496c46686a91535ed7757dbdb8e0354489383aa4a27ab943e26360e8e1c8aed5600724034e0e6c38163faea24344ca2

Download Submit
\??\c:\PROGRA~1\VIGEMV~1\win10\x64\WdfCoInstaller01009.dll
Filesize
1.7MB

MD5
f279d3e406114192148dd976de222138

SHA1
0567e9073c46c40e60e2ecd0a509579f029efd8e

SHA256
1a7627c11aecf24e8e0c9a519498e8456f0457bd89f0ffe649bd8fb53a194f89

SHA512
e72d1011bd3c4208c3733228aac45a6ae00c3979ffb49130d4141293764db1b91551edf9340b5cc5c987b848e3ffc661b8084923c2032b175fcf55321f42dc25

Download Submit
\??\c:\program files\vigem vigembus\win10\ViGEmBus.cat
Filesize
9KB

MD5
e67c26e6c46015f05da50046aacf8581

SHA1
32dfcee6d080e1b0c8012f8a6198f1e7d2afa3a0

SHA256
5b03a642a52d5ee895931c8fad98b2a67f20331c313aec42aa96d76c9c3ff928

SHA512
dd197b897c71f11abb9eefbad70691ed0b2b2ad0636616276d08d2c2a002b99e1ff7c5c47a54df94967f9a9f8c977fafba247f6aecfaa917dfb7efdb2d983493

Download Submit
\ProgramData\X360CE\Temp\ViGEmClient.dll.84A31178\ViGEmClient.dll
Filesize
29KB

MD5
a8781afcba77ccb180939fdbd5767168

SHA1
3cb4fe39072f12309910dbe91ce44d16163d64d5

SHA256
02b50cbe797600959f43148991924d93407f04776e879bce7b979f30dd536ba9

SHA512
8184e22bb4adfcb40d0e0108d2b97c834cba8ab1e60fee5fd23332348298a0b971bd1d15991d8d02a1bc1cc504b2d34729ed1b8fea2c6adb57e36c33ac9559e9

Download Submit
memory/3412-31-0x000002675E990000-0x000002675E9B0000-memory.dmp

Filesize
128KB

Download
memory/3412-339-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-338-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-337-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-336-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-335-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-334-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-333-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-332-0x00007FFC21A83000-0x00007FFC21A84000-memory.dmp

Filesize
4KB

Download
memory/3412-32-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-0-0x00007FFC21A83000-0x00007FFC21A84000-memory.dmp

Filesize
4KB

Download
memory/3412-30-0x000002675E960000-0x000002675E968000-memory.dmp

Filesize
32KB

Download
memory/3412-29-0x000002675E9B0000-0x000002675E9F6000-memory.dmp

Filesize
280KB

Download
memory/3412-28-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-27-0x000002675EA70000-0x000002675EB72000-memory.dmp

Filesize
1.0MB

Download
memory/3412-26-0x000002675E930000-0x000002675E952000-memory.dmp

Filesize
136KB

Download
memory/3412-25-0x000002675E8B0000-0x000002675E8FA000-memory.dmp

Filesize
296KB

Download
memory/3412-24-0x000002675E880000-0x000002675E8AC000-memory.dmp

Filesize
176KB

Download
memory/3412-23-0x000002675E860000-0x000002675E87C000-memory.dmp

Filesize
112KB

Download
memory/3412-13-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-10-0x000002675DB70000-0x000002675DB90000-memory.dmp

Filesize
128KB

Download
memory/3412-9-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-8-0x000002675D920000-0x000002675DA1C000-memory.dmp

Filesize
1008KB

Download
memory/3412-6-0x000002675C1C0000-0x000002675C20A000-memory.dmp

Filesize
296KB

Download
memory/3412-4-0x000002675B230000-0x000002675B60A000-memory.dmp

Filesize
3.9MB

Download
memory/3412-3-0x00007FFC21A80000-0x00007FFC2246C000-memory.dmp

Filesize
9.9MB

Download
memory/3412-2-0x000002675AB70000-0x000002675AD02000-memory.dmp

Filesize
1.6MB

Download
memory/3412-1-0x000002673F7A0000-0x0000026740662000-memory.dmp

Filesize
14.8MB

Download