043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-10-2024 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe
Size

566KB
MD5

67f8b2f83aa50da8186f03e69358c160
SHA1

e9010ec5abfab7162ba0caf507d3246f6680bcdc
SHA256

043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9
SHA512

66d5392f7a10a4e1beded35b41e3e4c73fba4a2a9cad4139353c29b7cac04fa9babf9049054eaa4c3475e52dc6854734a75a62480eeb8e5258509a90c7aca6df
SSDEEP

6144:etzgx2GdlblXkmatlBF7MuJGSN4r8jZlIPMTaE+q4Ow9waqgpJOuKWK519CkBOwh:e0nlXkXfBFINSdwPbQvbgyv7O/j

Score

9^/10

credential_access discovery exploit persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (8473) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Possible privilege escalation attempt 4 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

2744 takeown.exe
2732 icacls.exe
2416 takeown.exe
1736 icacls.exe
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Deletes itself 1 IoCs

Processes:

Termite.exe

pid process

2772 Termite.exe
Executes dropped EXE 2 IoCs

Processes:

Termite.exePayment.exe

pid process

2772 Termite.exe
532 Payment.exe
Loads dropped DLL 2 IoCs

Processes:

Termite.exe

pid process

2772 Termite.exe
2772 Termite.exe
Modifies file permissions 1 TTPs 4 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

2416 takeown.exe
1736 icacls.exe
2744 takeown.exe
2732 icacls.exe
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

pid	process
2744	takeown.exe
2732	icacls.exe
2416	takeown.exe
1736	icacls.exe

pid	process
2416	takeown.exe
1736	icacls.exe
2744	takeown.exe
2732	icacls.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Termite.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\Termite.exe = "C:\\Windows\\Termite.exe"	Termite.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\Payment.exe = "C:\\Users\\Admin\\Desktop\\Payment.exe"	Termite.exe

Drops file in System32 directory 2 IoCs

Processes:

Termite.exe

description ioc process

File created C:\Windows\SysWOW64\mswsock.dll Termite.exe
File created C:\Windows\system32\mswsock.dll Termite.exe

description	ioc	process
File created	C:\Windows\SysWOW64\mswsock.dll	Termite.exe
File created	C:\Windows\system32\mswsock.dll	Termite.exe

Drops file in Program Files directory 64 IoCs

Processes:

Termite.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_disable.gif.dll	Termite.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\TableTextService.dll.mui.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.dll	Termite.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.dll	Termite.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.dll	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_increaseindent.gif.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Media Player\es-ES\WMPDMCCore.dll.mui.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105276.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21334_.GIF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8B.GIF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp.dll	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.dll	Termite.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.dll	Termite.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.dll	Termite.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.dll	Termite.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00686_.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Custom.propdesc.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT.DEV.HXS.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\Tasks.accdt.dll	Termite.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.dll	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL.DEV.HXS.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.dll	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0160590.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\REPTWIZ.POC.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.dll	Termite.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.dll	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45B.GIF.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Mail\fr-FR\WinMail.exe.mui.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.dll	Termite.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.dll	Termite.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSOUC_F_COL.HXK.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB_K_COL.HXK.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\QP.XML.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.dll	Termite.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099182.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099195.GIF.dll	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00670_.WMF.dll	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.dll	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.dll	Termite.exe

Drops file in Windows directory 2 IoCs

Processes:

043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exeTermite.exe

description	ioc	process
File created	C:\Windows\Termite.exe	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe
File opened for modification	C:\Windows\Termite.exe	Termite.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exeTermite.exetakeown.exeicacls.exetakeown.exeicacls.exePayment.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Termite.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Payment.exe

Modifies registry class 10 IoCs

Processes:

Payment.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\Shell	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\""	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\DefaultIcon	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dll	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\Shell\Open	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dll\ = "dll"	Payment.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\EditFlags = "2"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dll\Shell\Open\Command	Payment.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Termite.exePayment.exe

pid	process
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe
2772	Termite.exe
532	Payment.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe

pid process

2684 043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

takeown.exetakeown.exe

description pid process

Token: SeTakeOwnershipPrivilege 2416 takeown.exe
Token: SeTakeOwnershipPrivilege 2744 takeown.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	2416	takeown.exe
Token: SeTakeOwnershipPrivilege	2744	takeown.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exeTermite.exePayment.exe

pid	process
2684	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe
2684	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe
2772	Termite.exe
2772	Termite.exe
532	Payment.exe
532	Payment.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exeTermite.exe

description	pid	process	target process
PID 2684 wrote to memory of 2772	2684	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe	Termite.exe
PID 2684 wrote to memory of 2772	2684	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe	Termite.exe
PID 2684 wrote to memory of 2772	2684	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe	Termite.exe
PID 2684 wrote to memory of 2772	2684	043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe	Termite.exe
PID 2772 wrote to memory of 2416	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 2416	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 2416	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 2416	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 1736	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 1736	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 1736	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 1736	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 2744	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 2744	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 2744	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 2744	2772	Termite.exe	takeown.exe
PID 2772 wrote to memory of 2732	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 2732	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 2732	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 2732	2772	Termite.exe	icacls.exe
PID 2772 wrote to memory of 532	2772	Termite.exe	Payment.exe
PID 2772 wrote to memory of 532	2772	Termite.exe	Payment.exe
PID 2772 wrote to memory of 532	2772	Termite.exe	Payment.exe
PID 2772 wrote to memory of 532	2772	Termite.exe	Payment.exe

C:\Users\Admin\AppData\Local\Temp\043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe
"C:\Users\Admin\AppData\Local\Temp\043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684

C:\Windows\Termite.exe
C:\Windows\Termite.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysNative\mswsock.dll"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2416

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysNative\mswsock.dll" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:1736

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mswsock.dll"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2744

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mswsock.dll" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:2732

C:\Users\Admin\Desktop\Payment.exe
C:\Users\Admin\Desktop\Payment.exe
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.dll

Filesize
27KB

MD5
2f6f15b15b43a4a05fc00d06152d999d

SHA1
b6353e31da83bbacbf9c81c3ced98aa4b5f956ff

SHA256
5e7a6cfff9f00a4c8f7a83d3590df9e10083f58433273f66a7202d5758795728

SHA512
048acb716cf85211a9cd5151dbf861dd99fbe0f95acd02d6f5f41a05eedc35d521d4b9078b118f5a8f90a49ff88c0ca8bccb6dbc5e4b9851c79a22079e88a60e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.dll

Filesize
356B

MD5
12840ea661c54c7dc77a99666df0383c

SHA1
dfa97b2e962f2513fa53570bc0c3e2a3f3e23966

SHA256
f39427f10ee7e9a7d1e317f62ca86a1ac4f664a7aad41042c8509a93d9ec7da1

SHA512
fd35200fdc956e6587cd9ae343df82773769435cd47a67c670aac45c7160372c8460dbcbd32d844a77fc6303aa5b8b3e00208be06d118a2604f81f3434df897b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.dll

Filesize
236B

MD5
ad3ffd0eb10d7e127aa43d7cb762ce47

SHA1
fb43b94f31098deab22e4f4222ba3aceb5d30ef5

SHA256
850ce207b073d2bdfeb9e1154b59bf2792843bc80e64d04ec0b078354c6b59c1

SHA512
012b6b72eff9c521e82d30699a3e78f23eecf1186e15a9db75ef7b7c4d8fd616a8f73b99063cd2b77e7cb40e59434237a4e04d4e03352bca0192afcf129fb927

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.dll

Filesize
124B

MD5
d7de1f025c9417fa8547ebce629b4dca

SHA1
619fddd06392afea68d07c40c1493b8e9ab973e8

SHA256
3a04a41bc8d6af9206264dbd7e2623400a7daf0b295112a8f671bd8db405c707

SHA512
d44991c96d4e6885576172a064f8af4fc1621f3dd28d0fe46be808535b1130c67fd14f614844f7a76bb5833cdbde8a9780042fff81ae2ceef250eb6283aee1e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.dll

Filesize
124B

MD5
ba009ce587e0b6abc48cae16ea51f989

SHA1
88093fd2317d8f11b176fb254e18180a9aaba039

SHA256
68b81cd28e8596da11369b47051974a0c21acb56f1e7a344192cf7a3d98b633d

SHA512
f4e6b3e23f85198ee9a3bfe5a4b2ad1677ab67157de462acb9f2dbccad45d2f5106019954da30d53756c2ab60b7f11cb433c3f68487cf2969b3a6ad2e67ffcea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.dll

Filesize
196B

MD5
92716c8215aaa299257f10ef03851f58

SHA1
07515113411e3af819a1d7f0807c3bc213822db6

SHA256
39a616ca72671fa43e460b1079330da628f7936860c7a6f08d268761510425a1

SHA512
b83c44086ce98bfc90199b8cbb6f7ee45569a3a21c0042a726e35a727e614e8823b33856f72a14a138d7c66b8105ce4e72254b0a22048474e8061a407871981d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.dll

Filesize
508B

MD5
c715a6a954ff664137ab3e2193ed669e

SHA1
3c28a5dcd1d172c94d25516fc4b815d54c800e3c

SHA256
3ef7cedeb7022551a9300f47f34fa11ad185ed4e459f7f60da47b20ed0c36cdb

SHA512
7df2997f99a17b46fcbdd2ec7eba1e3b795ce91e1dc3479a9c641b012957d3c45c4a2a136c6f984283dd9169023101601477460f86973a9ff84143076f7d4cb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.dll

Filesize
1KB

MD5
18bcc22ab7273f69c4069e02a9b482f9

SHA1
27d5019b9223e72385cc67e4930c213726ec1dd3

SHA256
85c5a6f6e6a14158106c50cc96b091bc3c0256c40d39df2c9f30c7dfa3e14206

SHA512
eb6953926c3835dd2a7ef5651f4a3a53b6f4fb8fbeed289273fb866afbca461075fa3667f10f0f8184ff4c8aa7b78b7f26b998ee27608f37bf399bd8fd9eb774

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.dll

Filesize
820B

MD5
4c8855080b606490d28287168e96ef33

SHA1
c9b29d4b750d1bfbcf5bff1dd217f18318758fbf

SHA256
739595d1937b23da4d43aaff13903c12b53db5bada9c83554e623c958e798b64

SHA512
500f251e5d12966c65b948d5c395f98bd6089f51d5e144526922aa406fa7dfb6f0592524fb4689310ec70f7236bee1485e2cfadc57f24ef0b5c99a23ce0123cc

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.dll

Filesize
19KB

MD5
83fe8a350c38d0a50606bd59df59cc87

SHA1
57172d48b6244c428d9e6a1a05935373fa2af308

SHA256
14207313c7111cf02b98281bc07c976deb5913c21d3380198f46fcc6933588f5

SHA512
625c6faa6a247a2a2600d3af28ffe4912ca309a2f86eb109623c3d67e2738d69c47c7c0e23dadcd2222091c70dd90b5ac4b4a47ce166aa43a701bcf838c41a76

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.dll

Filesize
5KB

MD5
ded844a92237a434f3a4db40d1d376a6

SHA1
6c2d5a7a83a393b8c79de1f08191fe6e1c8912e1

SHA256
061c4799555ff13c6792a599a6e8e864619bb38c877da80aee050a49b232f94d

SHA512
b1aa5c96853e8880f4caabd8a6c218da3ddd1d6c43fce70d05ef05a9be204f16225305dad8df7856260a48cba53c9edc0341e807c12c4bf31e491dab13a5f128

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.dll

Filesize
5KB

MD5
d03536cb90199d46dce3b19dc2a7b195

SHA1
b4f8f150a8fc54a3114febe6bba41d5bde2d0778

SHA256
03d755928d2a1366aed95e9053b39def880c6e836f2dbb1e556ad6ce3f7ad1a1

SHA512
28a85400003043d2091d3699d7d2a87e42091a9bcc892c6b60cee63e0b713674118d643fb784847bc267a8549bb6de7ef7bc10e064bf23380a7a8024cd0a673a

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.dll

Filesize
4KB

MD5
12782b260ca4661fd21677c5397610ec

SHA1
f1b12e85e57a524680b2fef69da8b830b2cdcc6e

SHA256
34e8388d3a2d8a9414dc607ef18fb02fdb208f4b608b1f5f7e612abb5b2f4a3d

SHA512
2a96c2ef83f61f12fb2959eb69923706caa6c9bf574792bbbb5036920d952254d5f6d6426295e4862770dd4ac67f86b6f4e1da4645bfb8892d160d96eac76a02

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.dll

Filesize
4KB

MD5
31636e94c15be369b70bcec2ed1db287

SHA1
761d1737e609cbdfc661b7c59845c5da215ee9bf

SHA256
6d1d85161f144f05d5ed826973b521cfa02aa284477dd3ba05ab2b935068c66b

SHA512
107681afc1016387a06fae61b06312d529cf343f2bc6475f7f4c947717e41b5856e96ffae8c4c4418d3b6cc9b702ce120dfe342af3c27835dac8461802da5a8e

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.dll

Filesize
5KB

MD5
437f4afc7d2a242968f3413082bcff83

SHA1
d690e40ea9a7e8e624f43a9064f310f52defc964

SHA256
deb74f250adc293909738258094095bbc0be77458a3a369473d2f466f6bb1212

SHA512
1e8ec25f547b64de079d65a39e6058a4d2158727ff58cce8cd3cf584a32734a57a8abd37604720a57b5bb35ad76f47f0d3b9a5ea634ff29fe0a6a0dd0e39cb89

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.dll

Filesize
5KB

MD5
0727f68191c264fb7ce80a495a263ea9

SHA1
3b0cdf0e87f376f834609a744129ef3275bcaee0

SHA256
3e23b3e19f77192c86fdd9402462beb8e4613104090849e252b36ff4c285be1f

SHA512
6d1caaf47a2b937bc27afc35a8a0ede8552a49954afe538face80f7ef4a9af5d25bcba7cd23cf384c6bca44bf5c7b050ff83058b8980454bf2aef50b1b71f748

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.dll

Filesize
4KB

MD5
bdc19feca4672e0cdfd6660b7e6bfe6a

SHA1
c8656b7796574f922d04d7e554642727caa9c6d5

SHA256
05b78e8a2554a9c992456b8baab54214fb728345a69b4afa095da88c11fcdaf9

SHA512
c80d77f6523856a35bb9ce98a4f701bf47fb20bdb7b5252e84db1dedb8d74e2d6ea5c405f7e336754e03e618ccec5fe6e20a77d809cb86e8bbf0b117deb716cc

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.dll

Filesize
3KB

MD5
b4bd90ea5e64b084fda9456cc7677662

SHA1
23600ed9f89c5a50b88b120ea17b2e3e7931961c

SHA256
bb8e0a292d2410f9dbd0c205282da81930d64d3f72ee50d4b8161586c804a6f2

SHA512
62571ccbd9540916602e9f8c190337560b183e6cc0977454a7938403b6e767907d1bcc62a5881ef1a586fca35f37de4545183ca4aaa74a1b1001e655d4e2109f

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.dll

Filesize
4KB

MD5
611f58a8a223ddb6fed089fedda0cb2b

SHA1
664922324d65f66d609d08601dc4e4b2851f76b4

SHA256
f38c2657fc9df6999a773c3fead19a45b53634166f72bb63b98b07a555830019

SHA512
90a083698f1cc3ac9560a5752a23099a6e886299e32cd85834aed15545500724104e4fb3283c41aac77d42d4de22f3841e427ce0e6bdc884730dbd03a9db5006

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.dll

Filesize
3KB

MD5
1f06d4afee3578e0ef4701dace97cdd1

SHA1
7877014ae8e4123f725af1d851e8a6cc09cf5461

SHA256
0c927c50a367488cd4d0c0cb9a6a88328d33d5dda2ce4f50df48d619330fd658

SHA512
ba5b2f73cee0afd35bd6609539cd4b5c1883c20dc375d3589e8cc84960827e36edf25978c4ce2ff315bcbc3038a705a579d8ba1f386d5e888d4b1ad0d520263e

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.dll

Filesize
4KB

MD5
4368b92e2cd4958d1e259983e89fa283

SHA1
4341a6beac327060cd131e652620fbb70ab37eb9

SHA256
f8ce912e56b5880e1bfbc8c3e15e93f1d116e09ffc5d4b88f8f1c23ed40b538b

SHA512
800b787251be345e64d7591d8bef22af84c27cc857fe57254b3fec3f22df7bfe8563a4c52853eb204958dc437038cba7186a06b4016604308acab8aa28fab2b0

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.dll

Filesize
3KB

MD5
c2eba86489c5ec9729fce56b18e0cf77

SHA1
9026d84269552ff84495dc86524333bd719b0b13

SHA256
92a4001d11d21ca2b65f4cd849886b7e8aa14e08aafc6f55cb56052c274a1e64

SHA512
64e86543064d4ea2d1496bc29d2c0008e04c1a0074961135099edfbb42cbc4613bd8899d15cac50d24392cc9359b805f295e7551a2e09bccade4e05daa3dd8ca

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.dll

Filesize
4KB

MD5
311a3e8fd0d0b7227021c958ef771cb5

SHA1
bdd347630dc509da8a56d47d3cf2da3aa0c224a1

SHA256
8b36ca1339eb1c7b9d9b70bc14a81ce33f4520284bd64954dacbb760492020fb

SHA512
7fa1e6ac844a553a4e48ec58569d5547d64f2f9c80a3471af0777c2c09fed6a56e8e5f378ea0e142616e8cb9fcbee2c7d6a2409903e048158921f2b31ea3e3b7

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.dll

Filesize
2KB

MD5
2f6b9e9a9168ba33b4aa1031e7a190a8

SHA1
3a904e3b43dfd5f96990b1c640399f6eb85b755a

SHA256
5f62f607bae35a691458afe184d076832472d30d2336d05afcd533da2911316e

SHA512
27e5d811797a5bdad5edafca012cf28692270973f5c73f7e914d6398e283767f4be427251ad3f0a987982223b22b2f8f858c2a1bfeae1f32e939653c61803b35

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.dll

Filesize
2KB

MD5
fda12a3f13e8750e9eede95347260a92

SHA1
dc4ac777b4f47a611f5391fbcd70c71da1e52f52

SHA256
94a9bad7ea7e262e7cdd69d384a3be2cf1df3096f120bb6725e6e9cda8670c81

SHA512
89fe2e80370cbb3351a8f1e41c9cf38cd186102b17735f2292f3be07066a9c7b849d1a9c772319374a5d50a1ddd1b0af4ad7c52115eebf1836d8e9ca67cc8caa

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.dll

Filesize
12KB

MD5
6a112a3a79e8a9678cfdd172d76c729b

SHA1
ff3afb60e36d5491f1d93c8955cbf1161003d8a0

SHA256
776ae8c2aad7fcd809d3d648b7c2fe25593a7e64707611a096db868ab6c932f6

SHA512
ff188afd3488f04c45645ee048059c8c3d7fd0ee704f3592557157e2f717066012678e5b4443bc5e0c6fb483caf0362d960d3cd6ea78006d54b8b036e3c260d0

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.dll

Filesize
8KB

MD5
be2adb7eb5740cdfe044df96136eb1e1

SHA1
d0edc7d177d3376f6572ff34cef56fb1918367c4

SHA256
19589262d5eb6898e1cce4e63ccab5ac2396178e6be3e6c8f496392d0bc258aa

SHA512
970e64e031787382df434ef4c3171d741b3597bdc9c5673c1816cc51d8799620b125023a1852f5e1bad0839ff6062b3e5c87b892a11af1eba2cb7a8346ad5016

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.dll

Filesize
68B

MD5
7e75e61550642d958ab3c13d23a905fb

SHA1
54608cde352af72db76279c41925ddceabc0bc34

SHA256
61a4ff88751c04b2bfb5d7dae0edabf2006bbd9beb76cba462c516cce329d658

SHA512
2d9361150fa0e7eaf97a0591207854b19880ac359dd00530709fcc08b58d2daebe3da79a566c4733f14a0b9754e45c15b396e5d285e9d5bca2c6127c0cfb4f83

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.dll

Filesize
7KB

MD5
4b9271f034da887e1ee671ffdc52fd27

SHA1
b2f63f7acf129900ba84c99323702f1b944f8b19

SHA256
c99c995c1fb1692a7d27759614c70048650678a11ce1a86b3d44cd2c3ef2382c

SHA512
0c2e415093b50af14c6a823203fe3e6d6a77fc6b73533739fcb1730184221e1012611fa2f690cd2c35af9648b2a9cc3f3bf3bc4884e39627e241202f0d76cba7

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.dll

Filesize
4B

MD5
69b99168d68638bfb0f888187dfa2ca8

SHA1
a4fa8ee7a398095fc0458aeddebd4aa0cb087eb8

SHA256
a7c046c8702d146d7b68df28480248d3672334bca92b0e3a7606994570b6b027

SHA512
1f577a8065be9beac40fc94fd598fdb1a3b3a0ff0199306c7bd1e4bc06070b098d98839d1ccbc67636992cac3cea269f61e3de34302590170a65d5b06a99ead8

Download Submit
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.dll

Filesize
164B

MD5
bf25fec443e3f22a36e59717313949ad

SHA1
d3bc00c464a69cf6a1b63fd1528eb0e0403585d7

SHA256
93bd0ca7b4192d0aa23cbaf8c019ee599fed046f4781dd3745f43a3a971071ef

SHA512
92792492c55208a2da0d1e69ef0a90ba9fb2821563aae52265193d8e6951c2feca511418f947769e5287a9b13835c6d8c853c330decc57b5a6658b5d83395768

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.dll

Filesize
36B

MD5
94e903531f5003fa8d5a4d6e95a67708

SHA1
da27e60d1fd77e4a6b78089fdddac363d34acfd0

SHA256
d70166d5bf6e1934676166718843228e616f32a2cf27d67b000c7b2773ea94f5

SHA512
39e0d3c3bcf9ca506a3e4b53615131c81830dbc7cb8e86cd28ea5ea9a92d6a0c969445c4f5cfc235a82eaa2704bd82abb4032391eecc3678ffff2904eab8a26c

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.dll

Filesize
36B

MD5
662e1c708a3f8c9558e43998be22f71f

SHA1
f96fc0deb8d3b4fee61d0f4c52ae339bd24e3616

SHA256
5135fba130af7cc4e46c5dae8b7eb34dd2f0e484610dfdbfa87ea6ed7100a56a

SHA512
ec474c09000d8cc5fc4ba8ce697198ffec61a562bba808d1d1927e4597c3d5111636be755c873dc7f077da282ad7e3a2b6db0dc135826524bcf64cecdacb05a2

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.dll

Filesize
36B

MD5
e6c049645fe5d7524a870759a06d9c6c

SHA1
f2058aba61c87ac07a3c61eb077b58162961d886

SHA256
cd45252b5171bc9d05a80bc1a28945df246f3fd0a7a3477de83c29f5388ae1f7

SHA512
ac0a0ec72a28de363b623a0c3439d5ae2ed3f8e97474b438afa1bfef791da68859c828e3a279ab4edf5ec4f5a6d938a9f983f3693bf3c88d7bfe8b9ca00675c1

Download Submit
C:\Program Files\Java\jre7\lib\zi\GMT.dll

Filesize
36B

MD5
eb70aa3055b3525302245eb14bd6ef0d

SHA1
4f2c3b5b3e08798496701f3777a6d095deca2dc8

SHA256
1d6b1cacb83535a6c41c0b23ab088597290612535328c8104df1728a18571ce5

SHA512
55c4f1c42fbf98cd72da0ddd9ac943d4ed9941aeb5cf13c7094dc4f3ed1b48d1fbde48b9de2c382d406df1cfa9f8db55cab17afc39f01b102bb0adc8107acf79

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.dll

Filesize
1KB

MD5
d7b2562f7907dde9a6e094c85d745719

SHA1
4950c3fc3ee0fafbfc7e3480254d2b09260f6d00

SHA256
f48950eec808400c5da363f85a776b71c54c4b8f8a1f20892f20f15b72102e85

SHA512
5978ba4779645130a0fee30e3423c31c403999ea963239e076b8912dea496b38716913d5ec111de347030c6d5aa2db2156a080ac45a37e5656b40c89733484fc

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.dll

Filesize
4KB

MD5
67bf2faec3d7d54852c7b700261ef68b

SHA1
576880a590e861a89636dd1b85b892cabf92139f

SHA256
b21de679f0f4a384a6fc1bf946c4d5edff829266fbf643278bf3b3c63a1bc8b2

SHA512
27257354477d0cd993945cd74d40ced049dd243e8ab5ce6bae8bb93df6009ba85f96cb132f7e51cae159c74e49bddd04ea5c8326c066e66b26f7b02f9f509ce5

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.dll

Filesize
4KB

MD5
028262aeeed205e25c41d9a6035ef79b

SHA1
abef94700d2592747e45034da753d199e98bbdc1

SHA256
ed57ea43e3b2cadcd2c02de2df818f322dd5ec591a30843c284ca029adca5bfe

SHA512
9478bc8afe955adf605182449f491158b5984beac5af28d3e21d14a1b624b394c6fcbf95ea6c3c26ea1ae6ee25a8117a40cd67c4d9194e0cb5a786018d469b41

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.dll

Filesize
684B

MD5
95d3a6e2683eed3e0b868991e4a7b5e4

SHA1
6f9850f479245bf682e8f8d4d6ea8f4e5cc34011

SHA256
549f4159a6bae4b44423ca5045d13681296a24e775d4737d79698cd7fa38115a

SHA512
01acf10b029c5264b6ab7d00b7e434ece71a8305a30741eb65ebac9b31a8be593c8b680291d30f64e561139c73307f1372535521fe67c213e4474b727b206abd

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.dll

Filesize
1KB

MD5
56a76c4b8e40f18910f177cea2620b69

SHA1
b0f7ee826545a2433481cf7e77d539eb1cb58ba1

SHA256
4ab195108abe8457eacbdd788ff8791c5013af5c642a313cba17e9f2144cea04

SHA512
563da6ebfc41bbac1d17088dd834ec5db84132d1bdbbc187eef9dbd9bc4a12e8afb8187b1953cf82b22a47e38f21f1134f445179d4a28fff6c75a84d9ea6c09a

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.dll

Filesize
17KB

MD5
5cec04cd1fdb7133dcee76a8e1252b65

SHA1
a9551dd977c9ca234a95d8cc4debcb6238520058

SHA256
bfd42b0907d5437fe6b429cca8c9126f01df36fb0156f922cb6617ecb7047d3e

SHA512
907e86c431b78398c92226bea8926121e069064c8de30dd7de679ecc78c5ed34aaf18b072cafbd3083c83fb43f0155e47210804e071b7170a18eb8c7ff826d46

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.dll

Filesize
9KB

MD5
81cd9671aae8b9fb9769ba8194aac29f

SHA1
f6c37c60c161bdf619f2e03a05cb9deed1a9471d

SHA256
367185a743134ab98829d69b9f3e9cbd777b91e60c0c95ccba515821c6d31111

SHA512
6eed3694ae7653fe45aba690b6fb19315588ee9e744a182d171bd8a96279f08607438717999e22b6a29db9836721876d8ba50951899f5f0cb490a4854f876d9f

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.dll

Filesize
5KB

MD5
316d4e0e9a4033330521b0fec652e939

SHA1
7db53a66cdd83eb50726b8dacfee01860352579a

SHA256
70b5954aefd32466c4560f30a8694894fe3e48aa70a51acea90829f7e05d2736

SHA512
47686d03d05cf68d8daf3598f5617dc7eccb253f20cce73730e84bcbca0301a1dc5977d54ccecfb7e172aea52ec45fe6196d932c717b728ae21cf5032abebda2

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.dll

Filesize
65KB

MD5
6e58c8c2df0fa7988f6ee22b703adf77

SHA1
1746ec2d6496fdf202ae154191ea408dc65ad377

SHA256
c47ded5c77944fa617a27184bdb264d52a45226160562dc1e3c88a8e4d48e079

SHA512
6386e787dc515e8062b63b22f71903fd4352dc2315f66060eab08af9e34fdaee95529b3372f8b68e6da23e3f1da4aaefcf4ddeb1e5e902bc3830780a27a201ae

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.dll

Filesize
732B

MD5
fc3cb5ac0a1a73651e97e03a5e6f7a99

SHA1
c0b3984b5d88168d5c2b776996c49ce5fb37b11d

SHA256
cdcd0a07c81a6b5057b8f63f33d5ab21db73e2cc453b7ad2e7cd6247f205cb94

SHA512
b6335673f475401dc376197b3fa887ddc42be0d079676328fde6c9016c35f454fadb7541edb6311903bb449a8e4799bfa2e10dd69ac2abb9dd2da38ce9d15ca1

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.dll

Filesize
5KB

MD5
3ca45886e8dbedd6568880d615613710

SHA1
0721e1db1d1cdd4b312b94e032e4dd5dd96c2a73

SHA256
33be49476bc477027872eaaa4271413866f0d1a6dd1c46701d2e28cd40cb52a4

SHA512
febadc729d2f7d0a13de5730f356b8ca60b09eecb519ea52c3ad433030b82cad9b06d221e3bec4cabb97cdc2bbba6677dc4d3ed7afbceb7f2d560151e5712e2d

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.dll

Filesize
7KB

MD5
ab423f97cd08fe1b4e6580a3b9174c84

SHA1
f9bcc23af8b444285f5639ba5bc152d76723d491

SHA256
bac99d4a54dce53ac59f7ab623068a5a1b3586f3cb9feb289afee448862b3d19

SHA512
7087b477bbf899c99dfef0b824ba9155ce39f94b7da972d28962dfc8bdc841bbcce9308fa176750bd1fbb114438e60029c35ef5dca8bba6fd5c6f7d3e9fd8be8

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.dll

Filesize
4KB

MD5
abac331d22a16b66910e13f36c3cdc90

SHA1
b5fa57fbc35431e1218b6ad10e55a403a55799ed

SHA256
fc4bdb703a5dfd6f337a5313d3a8029e8bc0bc5c2119c1bd8302b22faf8b65e5

SHA512
e90a8d7ee9983dc77e7d628a1029ca07bd563caa59a3b3af829357af0be212fb652ab0a656241d648a727c848ecd44ee639f848e0a65dfd8ef75930b89f108d5

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.dll

Filesize
5KB

MD5
ef3bd64e493c32eec833eee5a6c8ff8c

SHA1
14375c7e4243d82500161631c04363ca19c29966

SHA256
e1cd6f2b40a8bdbc28b8a6691e36aac11fbdd444c7519809efaf1b019bd03617

SHA512
15e3a063a2c616cea6e1e6bfba05b38243687e1e09473e8c7c8417d92cc270c31604e6ea6bcfce98af7aa0e3ecb34f5eaa8e11690d5a6fcbda19b925af386cdc

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.dll

Filesize
2KB

MD5
79db2f833cfd7f008508606de9e605f3

SHA1
5b01dc0dc0e1beca991dc2ece4008b541cb12020

SHA256
3523706339673efd135c2e5296fe67e542892abd2fe6c93d2f712ee2ea818c87

SHA512
8b91c29635902d1cd998b427facc21a4befb78152f3ecdc101410f997678d3fa4a69a8bf45db9be33677cb76ae9f06e8fd2ce965ba06a72a13d9c92379efd248

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.dll

Filesize
2KB

MD5
b100773d844b82e68df5f597aef3ebb7

SHA1
905266c91ae108ca4bcb03dfbf6da0cd14837af4

SHA256
f278984693d8b053d8b49233e4bdc7c08783887f45daff67c23518ced9492dec

SHA512
ce26c4e37237c15bde59b44654f59447294d53f12f09eb1a0e3aa46b548e8438e425138ae0cd26064d69c00278f1fa403a6ec4e02b88c9553fc209cbd508aaa4

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.dll

Filesize
1KB

MD5
43328ee9addca70c8e3cc34b92e61243

SHA1
41d9bf8b6ee8abbe2690629a2ff3751fb57dfc71

SHA256
d91d8e9943770c6c4443acbf346789fa013da122baa656e87c29d4c867521bbd

SHA512
3c5f6593685066203b593708c0e65a38bcba48c9029a6d24173a6f69816d037be151318a651b890d3b10887d4b5506973ffc9013c2cba0e638c2803d965659c6

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.dll

Filesize
5KB

MD5
c2bf82afd3e2c09d4f1eb4d98de9e25e

SHA1
79ec5cd38c66a8682b55b2a2222cb53a9d0af1cb

SHA256
ce57267a0621cb31d037cafff274a883ef9eb204f6c08dbc48b037a9ef6e8f41

SHA512
6c1951cc4987150f69cd54dbd39c3c8a04a83208d1fdc727955d2777716ad06a25aded4804a46cf0043b5692bd3d17c82c73b0bbc00e38d0cdeda8ed0db0691b

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.dll

Filesize
6KB

MD5
98a04baf6380b0e618d8c1d47e377580

SHA1
d14d2c1471d231c10cfa438e2c94ae12eda00faf

SHA256
6d379f9b309b4bdf00b5762e0efbf20570a478c01a5939bba4beefff513f734f

SHA512
bd145ae7b7069964d395429ac81f7dd5fdaca072808d2cb75887eee108291c81d4f4fef86263b687ef2fe31f20c340a0a0bd1025d9ab809aa92ef896f6678c1e

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.dll

Filesize
1KB

MD5
94229f18a8cc932698f5617b376a0804

SHA1
1480893c79118dfe74f3a57734e8c6c1a4fb4279

SHA256
43266497891c82c4e903153ddc658481b56d6181b89423dbc33e0d74efafdbc2

SHA512
ef7f37676db7878d7968e847d1914e22c69958b8d0aad569f8f704da1a9b144862d2cfa4c8b792fc2b7ad5413b268ac893eb3bc6a29c932ebc10d453d434141d

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.dll

Filesize
4KB

MD5
9d2577058089fb34d28166a60db27939

SHA1
e4218d04ff63f401e9408850aad4b6033f9019d9

SHA256
b9bf62b3b267a88577b5bfe5e24698d8b6a97ff75109cab7cbcdd9b1a475a90f

SHA512
aef07d07064f7a69ebd0b09097690bff336d9127ae0f0b878677f3d195951bb0bddaac957bdda3e1efb515941f2da5a726cc6af985c7db014feeb90ca346d5d8

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.dll

Filesize
5KB

MD5
129c1a29564b17ce5d62587f0ef2ed43

SHA1
06e5a226312f6cbaf5baccc0531881e3c08d7283

SHA256
3b52d1489b42995f30a076a86342b8d51e82384d519675506bd35e66f2d538e2

SHA512
8c974be342ba45af194eec76c13375bdd455cc148c820c455088e59cdbbb8726b71bc3a4090ddb4f34cf9b466325ca14eb6f915ce308dc23df96e0d41de64dbc

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.dll

Filesize
5KB

MD5
6a4de2f794986733dd5baee51163ccbe

SHA1
219beb07c6ee1487a4a11d8236e09addc634ab17

SHA256
6959969101992aab0d10744bed8504bfb623b57b59c793029642fcf20a7dac83

SHA512
025816acd2d620915100d386ef0aeecafd4cdc19e8c822ee9bece89fcf893cb8688551a1857eedc5c684ccb4550f9f6f547eefc09cb5e214bc79b024ee8824c7

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.dll

Filesize
3KB

MD5
4a384905025ce50a0d0e19dc2c6b9843

SHA1
a9cb78c5d3f3d29104fb326ff3f9f4ec2a395b97

SHA256
fe3f56bdfdad1d068b802433fa501a64c2bee867fa06d8eee8e0eb4fc0aad737

SHA512
27f51465c07da4ff4c0e03c33bd1be3be98cab73d2ed6f45d5cc717aa3543a307358cecd38273512865e6b3b79ecf4f1dd01ca6fe34dc258bc4d424ae80ab56e

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.dll

Filesize
988B

MD5
09c60457f2e320cba6abcbb688ae1949

SHA1
063ed263a6b2daac9c61827e51ed512237c2932a

SHA256
bc63091adb3ee14b7860c2e8f2f15276f947002502502b9df6f5735bd8d87010

SHA512
2fffb80f02c45823e3285fbf19ea52d785dfbf551f6bb34e9c7e606f8f90bd24e951bc342debf2e47ca1f6e81dcf1d3f0622198ab2c95fbaeddb2e68f2ab2dac

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.dll

Filesize
9KB

MD5
d6cd723bc881981b78719f1f712c3b86

SHA1
1e6a7b7875f24d4f7ec5dd9b98715bcca9f95b85

SHA256
4db448c008df7f177e37932df3e55fd1051b3d31e22b6ac961fa12d59d5966dd

SHA512
16c3555f50ee5ca4b50f9d4a04cf6d585866bcbc60c9ff5f0121a88b55eb158b6b5f4d23e91fa1fabe4603f1eecbf8e6d97826305dd03d578cc8268a4854cb5d

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.dll

Filesize
24KB

MD5
c7d91f897380eebba72631ef46a313f7

SHA1
24108d623bf42a675847982acf36b4736a9c2099

SHA256
d388f49605ebe6268e2caa2b4b831118f92ab8ac820b480001bf5d1456023082

SHA512
607400c0ff33f8c8076238d9ac2ff73a597cf490a3673081ded07b8848297c0511a635c792a69e509af3077c516c3ac9fdc514595d54ec07e5ea8409f66dc1c4

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.dll

Filesize
1KB

MD5
ef58adf7334d5188e7b3f83e7fbdbdf7

SHA1
eb0c18d10e39c028221583a7da6e67abd5b36309

SHA256
df6d3e2840a3201467a26bac6b68083ac836b44adb1f5e65918f33f75c90fe1a

SHA512
421a70f859ca9ef270e9ee6efbe8bd3727a670dd653cd98c3795cbd6820a71bc172ca9311364c166a7dc1e6aa32c6043a7c70ef906a053685838f7c19e219047

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.dll

Filesize
42KB

MD5
68f6233449f2a2cb3c9c68848f914cc3

SHA1
a98814f6392e2c77191bf3d74052a282c378ef49

SHA256
b1c18a5b4261c84503b3192f4ae5917182898e8583316bb399599d04ffbc70d0

SHA512
ed467aabaa9d13a8d5feb6678f01765a6af8a35624d52420716647527a5f5cbe6471afb75e5707645169ff5d4f3a896819a03da72f25af174d6eb6fed39762b3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.dll

Filesize
56KB

MD5
55b8918401950e4f81f5246e09cb8b0e

SHA1
a0801d34d92128615b15bc0b7ecf4657e7f8165f

SHA256
7bad7e99867765c76929eb5b5a5e380f32a4b002ee920b3736af27463318ae54

SHA512
6d45b7e59993d151054afe6ab93cf4083b02a34c3e9a26487a7ad28955fe1be4ec135211b96e78d70cde84b999084fa1eb764e6849c45945dda303eab783e8e3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.dll

Filesize
132KB

MD5
d65789743636dff354cc172b67650489

SHA1
6da2f7e02c2b422af8a3f0abf1f16c64b64cc2cb

SHA256
4bcbc2526d4c58489262156a155acbceff4a0f7646224da3585b03e742ec5cb9

SHA512
221dd37c5c18d1486eedab76c0339a4c7d01cecc1066bbbe1f3aeaf58475e010df07d57d86236e7e5c425000f518acd52504868d31ba79355098bfb7f5d49680

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.dll

Filesize
8KB

MD5
5de15765a6ac41f28435a5e05cc3ea14

SHA1
a18cb3febf9878e87024e0cbbef8354509f78109

SHA256
6c0bde45e6f8dec717c4eec0178bb09f6fa6a37677488548535b12aff49aa4bc

SHA512
1d3ee1a135f9c31c2996846963097d447f6ceb87ab07bf9e15af395c7b88b88a7e49c01a2fc7ea2d3c5b7b0be6e1b15d0a9d511330acb00c00d723d6983c5f38

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.dll

Filesize
15KB

MD5
96cfcd14367bc7c318957603803fe3d3

SHA1
a1a9f8304c7c18828fbeb04b70ee3eb749c51f4a

SHA256
6d037d9d858ef24185b43c33e64f0fdb2916fef1d5fab55003de299aa28b3348

SHA512
f0af08e8c196e69a198be723962c183c91d7723fce0bbea6f000ec5c73d7654f11571d28151a9366e377e8c76e059ae240420eb2fa62fe811e954dc304f81c58

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck.dll

Filesize
12B

MD5
f4bbd60ca741ccc77cf1cbacb5ef364a

SHA1
44a0ff7f50647fa8e9531e3cf989a71460c443cf

SHA256
25a72b0775dc66e9f572330382f5071de4c735ce4de2084fc9c6eef351242d3a

SHA512
aa65391c9a1bc80ef09527d4b3e5fd046ae204ea745a77b9b454747b5b25c23b42ff8182322a0ca6da1bd0025f8287e18cf7d664e7901e6c19400c47fb8a2ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT.dll

Filesize
28B

MD5
8ab1e76569bc396f11404e9d6dc1c605

SHA1
aabda06c4e2abca9b4a8dd162ea644b523102304

SHA256
f089c763c55d30f9a066b8f7464acab1a28333c46a7ea6674267caec246acff5

SHA512
1f8ea87170bf269fd367f75d16e2b8f358bbc9bf8e16c28985de94b0da168d77a4dac3908a96656f754a0dd9ca0fec65052fa7a114c9480cb54c72c6f2359d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2.dll

Filesize
8KB

MD5
24e19ba0e97fd64e0b7fd5eb78d3dee0

SHA1
8acc3e5e92a5838987af9ac8d24d85dd5cc1b647

SHA256
090407b7ab31a3fb30893eae1ba6997121bb3d106b72327e47a58242f59ecf95

SHA512
d6d1467dacd0d4d56562b26a9e65a60ed3c16c181997a987d925f0d866f80b95b6f73f745ede187004454d1d2ae7b629df541c06e951681fc94e1d3dcc211c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.dll

Filesize
28KB

MD5
5ac020697b18ed1c6fd421f8b6eeb64c

SHA1
37b9349288b134e26aee58ce4ab048ea526c656d

SHA256
5d64a9b525b32434621ba0cdfe8f90aa5cfe38c03c5c83f8787d87aa1b3e8124

SHA512
c9bfc26b471072d0c3973ae3b12b0c2b0f6a32493454fa9e07a3343532613af88006b229412a8bc88c6e5a542e4d9291f1ae5da94a078599e7bf6faae7e0b4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.dll

Filesize
5KB

MD5
0ecc4d611952bd531af308ecc894d0ff

SHA1
60afe7ee3b50d9124ae67e4b049edb2846702c86

SHA256
7407bc5a0519c7f6401e558637fd2ccb6bdb3b19a9b220c2184d3f131bd77f3d

SHA512
4a7e8fdb6ca6f68aea1bc5015dd0c7d98dbd41968e9f07267ee7e2a7cdb99ef8cc1b841a8cc2dde3f3b431d2d93ca799d60f7e7b515ddfd7c415b93256e02e0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.dll

Filesize
48KB

MD5
8ece9fad2b4ec3034efabcb9213c2777

SHA1
c28d79f21c284295e5daaa85b53778098d1e8942

SHA256
55bd8c7617003e119b1d7e10fc853f732948daf52319e43a551645c3046337b0

SHA512
5be2d813ade88c84d57e2d29358eaab6507ba8da7217157b9624a59a5b609ce16118d3ad82be0b1c94c353b5e72e722bafc48b48c71f439e61ab7f8f712c358a

Download Submit
C:\Users\Admin\Desktop\Payment.exe

Filesize
1.1MB

MD5
9f9bb9ee4952cb514089910e19eac5c4

SHA1
c57f604e8eca50df40df93a6b0c3d65ab8d3b198

SHA256
0c9844f11b7b57547891b3cec86bd3468734a990768dd9f7a9a72cf6a908b17a

SHA512
8661c46618d0f8454a278d6a4e1b85fd9c9656c2e59feb6851087bfcdb53bba5015ce023cf6d0504dc899ae6fbbd4f413b45228eb2c8eb6965912cb32482d14f

Download Submit
C:\Windows\Termite.exe

Filesize
566KB

MD5
67f8b2f83aa50da8186f03e69358c160

SHA1
e9010ec5abfab7162ba0caf507d3246f6680bcdc

SHA256
043308721b7ee6a1a93250a1d013a1a761fef7368c9ab483514c31a1584c86d9

SHA512
66d5392f7a10a4e1beded35b41e3e4c73fba4a2a9cad4139353c29b7cac04fa9babf9049054eaa4c3475e52dc6854734a75a62480eeb8e5258509a90c7aca6df

Download Submit
memory/2684-7-0x00000000022C0000-0x00000000024D3000-memory.dmp

Filesize
2.1MB

Download
memory/2684-45-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2684-0-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-921-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-3392-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-995-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-9168-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-8-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-11115-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-5760-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-11515-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-11516-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-11517-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/2772-11518-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download