Overview

overview

10

Static

static

3

playit-0.9...ed.exe

windows7-x64

10

Analysis

  • max time kernel
    1798s
  • max time network
    1800s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-11-2024 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    playit-0.9.4-signed.exe

  • Size

    4.5MB

  • MD5

    b5a2f8dde0d824b64b749f0db69d00d4

  • SHA1

    2cf1025a87a2dee9972b71f54e399e37ae75e043

  • SHA256

    12f2da4d791bd7654bb4e89d48cef58c07e2b804be1c6f79ee3d68e9e9566906

  • SHA512

    107a05c44148d9b4c7ae597c94e1a99809addeb43ade7178effd83758bd443afbaf9d3008894c8e5834ac9acb308517097418bc8a5f9f0d50d25a373aa6637d6

  • SSDEEP

    98304:yJd9khieA3BPOtdBrkFVYBh7IoAyTzZwFkQoGtczBOlzp2ybcBk:yJnkvAxPO3BrkFVYBKoASaFJekl92AcB

Score
10/10
xwormdiscoveryevasionexecutionpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

147.185.221.23:24311

Attributes
  • Install_directory

    %AppData%

  • install_file

    RegEdit.exe

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 3 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Command and Scripting Interpreter: PowerShell 1 TTPs 12 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Disables Task Manager via registry modification
    evasion
  • Drops startup file 5 IoCs
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\playit-0.9.4-signed.exe
    "C:\Users\Admin\AppData\Local\Temp\playit-0.9.4-signed.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Users\Admin\AppData\Local\Temp\playit-0.9.3-signed.exe
      "C:\Users\Admin\AppData\Local\Temp\playit-0.9.3-signed.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://playit.gg/claim/777bd3b3d6
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2616
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2800
    • C:\Users\Admin\AppData\Local\Temp\XClient.exe
      "C:\Users\Admin\AppData\Local\Temp\XClient.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1892
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2624
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:748
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2912
      • C:\Windows\System32\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:684
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {953A9E1D-9BFB-48F0-9AE2-75558D72D5B1} S-1-5-21-1488793075-819845221-1497111674-1000:UPNECVIU\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:804
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2108
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2988
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2368
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1592
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:740
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1520
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2380
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1004
      • C:\Windows\System32\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:2904
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2364
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1220
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1964
      • C:\Windows\System32\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:2188
    • C:\Users\Admin\AppData\Roaming\XClient.exe
      C:\Users\Admin\AppData\Roaming\XClient.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      PID:2208
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2624
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2196
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2580
      • C:\Windows\System32\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
    Filesize

    170B

    MD5

    36f4365a7be41293be288e356716d47b

    SHA1

    60adc1404349283fdfa0665f21f1431e551b5e60

    SHA256

    c9f0af35f64906094e79f8e7fbb1feebeb68af798ebdecee06e4e8288f5c3ac0

    SHA512

    723c88579f5ef2f067f3a12b09f0001d4c186b54626cd319856ba21aa43bd8868e7af0e699fa61e4b1ebb9a981445d63a456a3cd7afba4de7ea3bf2b2fd42ef6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    be8c4ba2a24a6c1d0c77ed9c87e86d59

    SHA1

    ff31cf85142e921f6bbe769224dc0a47359c3ec4

    SHA256

    bc763d1714b230e0040b78aae5c73002984ad9985f5791894049bd9e5ea42b91

    SHA512

    79d617992432a94565d33086e3d42ea469fb4cbe2da5127ff6c8f381add8a62289a8137a4b92c5e6c9f55d1981517290f6952eefd5a4cd8274169f8a7d7a0a66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b661a96cf26537f584b98a9d96903e5a

    SHA1

    3eed1ed7aad8514f9b969754e49f8da838b65fcd

    SHA256

    7601f1c527b21f8105ff4c9913626ec5c1ce459713d6de97fd416269bde3c0ce

    SHA512

    566c9c2687e6cc718a7e0ae8cf68989260ccb6325d805a08673bd82c4a41391f190984baa841ec44fef785d4f232aa002809ca37a5c515a81fd41458fa9c4240

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0adf54095039fbdb87936bcb4c4ac6dc

    SHA1

    6d31a433a6e53e35118760f2f96f7d6187f35c47

    SHA256

    ec7102d27607b762583142d280bcfbe56b1c79895579974e68d8a97a389ff58a

    SHA512

    fc8e1c168e91576c48941409505a86e7754d16e2152e73d2e6efef8b64f700ed79154a025a4b8aa7ed7ee48cec7cf349ee7fee34459a36bbb6d8be38c01ebd7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81445e432df0d6e2b9a8dbc3b4496953

    SHA1

    d38c12d2d9d0226e6dcbef4eb36213a33902e133

    SHA256

    cd0ed8386f66893a3208d183c0d4b16cba6f5ffe76db76598826d3b65b7e369c

    SHA512

    a52905b9d8af1b49d15360290c28f863a6292250364b335e9dff5eb76176d6ad9248f6c6b6f0dcf67adcb4ab947a58f4addbfdc5ad826a56735ae9109aabefda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea9aa2811f80b32fcf656599546f5be0

    SHA1

    976f809738651e90401c0671de0ca6b58c71b215

    SHA256

    112c1a7ce2017b8008f73b44b0c86fad88438e10baac32e7013cf96e67ebcdba

    SHA512

    7441db7ea776dfbd8c3ffaae6db35c0f98d4050793193ea911f7cb74b069d033e1989042dea46d892c032da5607f22ccc3d86a0d03b768621845d48d19a50f44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77daaebaede7742e590c7aca1cb13fe2

    SHA1

    ab146f6eadb93f34032d9bb83d6eee8b1e59d1d3

    SHA256

    3b1d6244a1661317678e3732da7b57bfb05fc328289ed2c4c6f2e09313adaaa9

    SHA512

    4ba93b3f4e467df37908cfd3bad1c555115ef369f6c7497b16a772e769e8e0f26214f702d9dba95469a4a57ab176ce9a2133bd97fef917c0dc5b8c80b6f584b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8f5519badbfff9facd97b90ae44a0dd

    SHA1

    738ab57b46a2785c21e5722d0ba1106bd4d4ded2

    SHA256

    9fb0e2edf1ea70fe33f618296e87449fd7410b447319438d12b9fb06dbd84567

    SHA512

    7cb528d949c7c6a6fc3ee9f442611c757cc99933ffc6118d935315baf9a208f2bedbe11d967dd0aaa99fe288abad210ae9221fb72b0a8c828c73bb1112132cdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    649346265d62a782c4c6891567b3fd07

    SHA1

    9a4f0cd8a3754a0e620aa783d1495f6f91cf1020

    SHA256

    960d9cd614ea1d0be6e25bbc730fa71a9d9c7bec4b8c41885ab7dc27dcb38556

    SHA512

    3f077ce52776ff663ea75172fdc16de2d9ccc6441971ad9a0c8cd109142d0ddafbf670ef2bf32186665988777dd586cbaca9bdbd24dc2ca2ce4485eef6154ffc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a824ec81589dfdae3d0d6da03dd1cf65

    SHA1

    fa0986d99404b7a6e5d4ab93dbc584e17fde1d35

    SHA256

    f0c8a0deee8d91de99600faaeaa3af802991b593f779bf2d52709b11e649853a

    SHA512

    10f13d57fcfd8a4c54b22ff2ef592bc364d795d6d75580de5e247e3723f91c0628ca7bbebbb09e68c33e1d810f09a147d81b1ad63f6b6c76e3bef417e7ddbf99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c1febffdda78d4ab7638506c52587aa

    SHA1

    aedcc98541d553faed822a7243eb2f17e4dc5320

    SHA256

    269bfdd3810f97e053d2384d8527ce97529b62dd1c10fc314749722660b8a9d4

    SHA512

    0f64e5a89003e3e260c416f8e7c4d7d9bf8e88be50b7cd36f34c9aa75e5736b83080cdccc9645254cb9ee310fa0907079b62c96dcf1df9d0473906820ea734a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    311c3a737daf626b944c15dc86ce04c9

    SHA1

    d4affc2a35d0c05bacd4a26cb78c8bbe191b0b47

    SHA256

    aa78899d47deb7e7ae02bfad66a434b595692fcf7a30ab54faa2b64a8d775673

    SHA512

    fcc052c21f2c7d02612896b534f30d06fb858fea8f7da6206ce95aff4594a1ac2a5f24e9bbae3baff8d530491108f1e9145299ed49d735146ace949f09399d9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59b150f8930150d0592daceb821ab237

    SHA1

    05eb08fb6b896b5fafbe08abe7361e1236e24f35

    SHA256

    36837f1a94055833e2a1973641a236bfa4fd6368c2999155f2e36aa874ebfb70

    SHA512

    5085aefe9a6a4e01a13ed669a9bcfa4190a6ec1b787382898a3f8c635a64c0fc387709cd65be87221780e3a3abf4ac1782608001da64e8529194e4606a481981

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46a4a753f198835ca77e8f6fc00b2fb5

    SHA1

    7a8b71661766ec8536a3e02db7d8fa42e3c20ccd

    SHA256

    d905e5cd075d76617781cc43cfc619d60c080c130e9e7131e5744ff755deae7a

    SHA512

    8592c6a123a03f0ed8553f226cec71f6fa0ecc6de7d0a2a8e2ff983d61adebf128cd37ed0b9fec61981aae0e13f8e8c5fe4c1cfde779306d016ef6ae56e5476c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d390dcb171bcb81679f09dfb72a0981b

    SHA1

    ac6161887265774ecb597f0427f23c9f76ac1a5e

    SHA256

    a90a31cfdcd57b71e2c965fff1785a86f0669fa8a6bec41e94f2fed8f89bb9d7

    SHA512

    d8b07c3b1cbc04f6f71ef64779efd7b39781f12fbdbd469b192c3178edd085a30d6fc0afff8a185d07e59073f907d11d662e7e3f42ff3b12bcfe0c50e8139194

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c798bae5864d22c7c3cea56b0152128a

    SHA1

    c830b640249fcbd33cd9a36ac71fd834e1de4d80

    SHA256

    3aea668f9ca2c95af60fb81184e45dc91cd5befca0c61395931a66a4b47ab912

    SHA512

    10719e0287b05e62366fd2d1514adf222b7a755984318ba2339101d488bc80a28115276592ab3ed946ca67994463917836690c379419bec93ba735aee3425ad8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e794a011c140d2f4c932270b1f48f26

    SHA1

    114cb310e468afbf1c6142d1eb184604a9e66fd9

    SHA256

    88e2d6a1c7b491f4ffc76f5d677567b382853a54d310eaaa456cd65cd797381e

    SHA512

    9dcd527e0506e962072408529270c939c49dd495a9b1fd85d85bba49998f67218fbc1dadb465974b76bbe7327d50693646b940669fb16d2270dc428fc15cb030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21138b2bedf45a7953577e0f86764aa2

    SHA1

    509d9b4b464bc00337deed10417f523751a6900e

    SHA256

    a268aab468ab3911ab8b034bb28d130b7ef27dc2b67d890f7097f2968baa2fdc

    SHA512

    404203825e05ba9cbfb295c3ce71707d14e81023cb0a92f764fc525e44df41c960d9181b0cf77bbe4abba7fa5c0c207b9d8dbf1eb900aeb7eab6164f66966b54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    684db58b000666add738410116f1beaa

    SHA1

    74daa1dca4dbf900e2718bb899e4165a4c7187fa

    SHA256

    fe82786c03f0052f97bda8b3dda2f8217164d3a995b02542376aa76d39dd104c

    SHA512

    9633c85f327f82690988983666ee1ff69c97dd4404141a8ef1467b0678490cbf5f3fc8376729f13e5dd6f7080809045e2001120b1278ece5b07a1373a9321eca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8968a8048888b9828e3849cb9b6e179

    SHA1

    96cd222c889e38f0882ad7a7f6cc520843424f52

    SHA256

    9cc65ad0742cdc39c734f9d198673a4d18100aef8048599121b0ea05f0e31a8e

    SHA512

    11c731dd4eefb8deb435f8c39956fe04d14e02618d2f66e8fd9f80b74af222c2e85ccdce8af8f30d06d2d0ef22ae1c8f091dcbfd15889adfaa25c88fcacf57ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    423a1508be1bb7c815c894bc23cba272

    SHA1

    130c1e176a5cb2429a538c30b745fc321ed3a15f

    SHA256

    a81ae2bfdde9de31684e1674c07e11a195a4ee1d85b7f5d70e5bae46e275ad1b

    SHA512

    df00ab570f6b4516411876204b6188c4c904c6154ddbf55f7037cd3190572e1735c29b7cabcb3f037773a84628dd410c41e01d772d4f52126c1e5ec388436054

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    505be4b7f1a5094c308857965ae7e3ee

    SHA1

    3aff81a4266383beb3a5b4843373cc4446c13b1e

    SHA256

    537698d57b08860564288687db9955ee1108593082c79b31b202d78a2ad78537

    SHA512

    2b0f01836440e1fd3558f435ddc2d2eb0fd872496d9a420384e0232a124010ba897944815ca179ca1cdf8cab5291e0c750b0607d40d3aab013eccb445aa7bf68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    374dac637d59fa7ec4b8ab05ce5b5509

    SHA1

    02bfc35857b01e09f2edce2f09b10d956dd36ff6

    SHA256

    8f762529635d5830648522748dbc1c5992186e0805770f78a9a9a2825eb443fd

    SHA512

    c2c5964087f12387af53849e17148c45ef5ce73e673d1fab11025459c95dab2d3ed3066a8c627ce8380ed38c5bab17c3bc2605c5da5e3572f8ee08830aafcd63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    480592c8f9b48b9095101abaee0aa89e

    SHA1

    099ccae2ac6efb384ab1aad353e0774b0d1b6079

    SHA256

    f1d80f43e099ffc0faf647eea2dc78e8e209dc43a353cbffb60df5f62e1cddcc

    SHA512

    2e7db0b65bd4ba3b5766857d615b651c9aea22cab371d79682850623ee5a5f9f2ca6cb0d8a6e8ae81ecac2d06a0121e4aca81c9aec04cd912fe69e6138b0281b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    11684be2e27e993f7eb87abaea38d38b

    SHA1

    4b4519d2848f607245e585f367c403f967af7f2a

    SHA256

    000342b0a081fadaec475c51c84c9759cfb9393c576e5bb16047b5f80c104d29

    SHA512

    05ca2cce88e709f82148be28c2ffd03b31a43ef55c45e5c396c5815cbfc0051729ff3ccaaa4c2a9a8b23584331d0d229555e71b6ba5771443f8ba53add5dc088

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat
    Filesize

    15KB

    MD5

    386f39b26f81092799f3e8747100ef41

    SHA1

    9dd3c349bd33e9c7874a7daed47feaa15408dd03

    SHA256

    ace86b5c454d24860160423870631ab909b0775227e1e7858cae52ea7d19226e

    SHA512

    6d9cc556c020e8fba2d04a3f87bee336fe32d39d87f8797f2fe06f7966da1a43008598aff4a0bcc64786827da1561613014c9563047100e8699a93b1aaf89bcb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\favicon[1].ico
    Filesize

    15KB

    MD5

    e15402a41f04d656bceedb8d0a3ea40a

    SHA1

    31fee0b94d2a286a3d9b8094d5549a9ab1def5b0

    SHA256

    d8004341ba5458033d06eaa55af945a158f0bf170c5cbfb30a626e930e048bbe

    SHA512

    ffe902b3466bd6e96110ffe20a800b96a82f4042a6826fcea1750d0ffdde0aacc164aca51bceda7bdfef5047fcd41bb2026ba1e3b5109888396847881e944470

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCFEC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD05E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\XClient.exe
    Filesize

    57KB

    MD5

    f2a9ba24fda65a5e298a37965de4258f

    SHA1

    5c91e7c89233c45933ac106cd4d1110d293c9206

    SHA256

    6ea59e69f350e9f0311dfc3d58fcc3ebd22f2401b3047f454a518e73a12569dd

    SHA512

    e53b4e702ba04350d3c5f4c3780394b53360100b67f9856831a49235d1561cb864616823be3308911629416a5e69d88f2c3fdff8907547a9d821714e1eb94386

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    b7f829963346ab9b88e03a5a8ff75a8b

    SHA1

    77f5dbf7683be1910c06e44ece643e0437dbcd8e

    SHA256

    c992ec1137359d8a010a2d11f30a831f372da47728053a0837073c8c0e8f466d

    SHA512

    3d0cc2e64a0a27c0a22b9f3d8536ea920fddc625ae577d5928f6e16640e5010eee0f08906c6d49bcb2f33575cbb48a3494077aebef4e0bb791da7e3a01e4f7d2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    fc2a2913ed0c5c1bbfd2875dda821031

    SHA1

    339832092d3887e2d188f44a25236a1428f3553a

    SHA256

    7a12210336111c5f5f19c1ebd56924fddcbb5d11dbf1fe216d8d8e71ab8171ac

    SHA512

    a314892e5552bda1058a7b3b6f25f6c1096132b41abb7016ae80011bc18ba77ab930ef97bf5d0f0cc71fecee33d0a41638b943037d5cd932365c96cf5ca55234

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
    Filesize

    692B

    MD5

    b898931f3593eb5b15c58a25bd7c347a

    SHA1

    1b37f1bc0213d78f5fff7619e8138b75b6bbb0e0

    SHA256

    16aa7c5c8daf129cebfe5e135ed7ec3cd135ce51602b07ba0f2126faf55b499e

    SHA512

    3903769b7b9cb432605c2bbbe63b8ea16d0231f596e1123168304fb15561f963242bdfdcefd2efc822f385a6b5c3d8f35e5c964807363313bc862dfc2137239c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\playit-0.9.3-signed.exe
    Filesize

    13.1MB

    MD5

    da0750733bf36c61222eefaba4805dcb

    SHA1

    304e90d123300e646b768f1f358e59ba506b7dce

    SHA256

    c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

    SHA512

    f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

    Download Submit

  • memory/748-32-0x000000001B740000-0x000000001BA22000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/748-33-0x0000000001E70000-0x0000000001E78000-memory.dmp

    Filesize

    32KB

    Download

  • memory/804-649-0x00000000013E0000-0x00000000013F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1076-1206-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1288-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-651-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1305-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-645-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-644-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-643-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1304-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-212-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1303-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1302-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1301-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1300-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1198-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1199-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1200-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1201-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1203-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1204-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1205-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1299-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1207-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1208-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1210-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1211-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1212-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1213-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1214-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1215-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1217-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1218-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1219-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1220-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1221-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1222-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1224-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1225-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1226-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1227-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1228-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1229-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1298-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1297-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1296-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1295-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1294-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1293-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1292-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1254-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1255-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1257-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1258-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1259-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1260-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1291-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1282-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1283-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1284-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1285-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1286-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1287-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-653-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1289-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1076-1290-0x0000000000400000-0x0000000000C1E000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/1520-1239-0x0000000001E20000-0x0000000001E28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1520-1238-0x000000001B7A0000-0x000000001BA82000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1892-1231-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1892-18-0x0000000001280000-0x0000000001294000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1892-650-0x0000000000BB0000-0x0000000000BBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1892-213-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1892-16-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1916-0-0x000007FEF5BF3000-0x000007FEF5BF4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1916-1-0x0000000000F50000-0x00000000013D2000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/1916-2-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1916-19-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2208-1414-0x00000000005F0000-0x00000000005FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2208-1417-0x0000000000B80000-0x0000000000BB6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2208-1422-0x0000000000C30000-0x0000000000C3E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2364-1267-0x0000000002340000-0x0000000002348000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2380-1245-0x000000001B6E0000-0x000000001B9C2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2380-1246-0x0000000002890000-0x0000000002898000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2624-25-0x000000001B7A0000-0x000000001BA82000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2624-26-0x0000000002310000-0x0000000002318000-memory.dmp

    Filesize

    32KB

    Download