643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771

Analysis

max time kernel
138s
max time network
141s
platform
windows10_x64
resource
win10v20201028
submitted
08-11-2020 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771.exe
Size

2.9MB
MD5

821c45d73884b3910f1558fe881db5dd
SHA1

6b44bc8f8c539f4fbb11500ddbdcc99cd9ebe7bf
SHA256

643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771
SHA512

cc8e3a03c97e88d1611c9641686382ce5506dfd60adf77037eac84654337dc28c8c4365fd922a951055c2ac5d50b94e3b87f85c467ccc907af34961341698666

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

installer.exeGenericSetup.exe

pid process

3460 installer.exe
852 GenericSetup.exe

Loads dropped DLL 25 IoCs

Processes:

GenericSetup.exe

pid	process
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1063

Processes:

GenericSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	GenericSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

JavaScript code in executable 5 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\installer.exe	js
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\sciter32.dll	js
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\installer.exe	js
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\tis\ViewStateLoader.tis	js
\Users\Admin\AppData\Local\Temp\7zS84225A24\sciter32.dll	js

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

installer.exeGenericSetup.exe

pid	process
3460	installer.exe
3460	installer.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe
852	GenericSetup.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

GenericSetup.exe

description pid process

Token: SeDebugPrivilege 852 GenericSetup.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

GenericSetup.exe

pid process

852 GenericSetup.exe

description	pid	process
Token: SeDebugPrivilege	852	GenericSetup.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771.exeinstaller.exe

description	pid	process	target process
PID 4680 wrote to memory of 3460	4680	643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771.exe	installer.exe
PID 4680 wrote to memory of 3460	4680	643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771.exe	installer.exe
PID 4680 wrote to memory of 3460	4680	643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771.exe	installer.exe
PID 3460 wrote to memory of 852	3460	installer.exe	GenericSetup.exe
PID 3460 wrote to memory of 852	3460	installer.exe	GenericSetup.exe
PID 3460 wrote to memory of 852	3460	installer.exe	GenericSetup.exe

C:\Users\Admin\AppData\Local\Temp\643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771.exe
"C:\Users\Admin\AppData\Local\Temp\643aaf3a5ea4cf8cf028f48f5e9ebe8cbcca3b4d359d08f5510f89951c9d9771.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4680

C:\Users\Admin\AppData\Local\Temp\7zS84225A24\installer.exe
.\installer.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3460

C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.exe" C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:852

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Security Software Discovery

T1063

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS84225A24\BundleConfig.json
MD5
e4aa59521d6f9f7935e2f4662ee893f2

SHA1
8a9f84fdf19f9975135b1d0c20b83692fbc67cbb

SHA256
3ecf5d21557958b138fa5e15d6e9e8cc3fa16416322fece83ba8237ebdbbeea4

SHA512
a686db1ce29decf84da0f7a21cfa7d0c46e763a00060fda40fbf5a74875cd7d65040aaf0c11dda001c9a789dbb6a1858e6bf342dd149cfc8f94da0bb593b4a89

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\DevLib.Services.dll
MD5
89be3dc6037e353e2d77035853c06ac3

SHA1
a47a0caea8e562026b2238d1875b74f5a8e26f8e

SHA256
911d136b3f189ba0b9837bba9e057536e3a4bf3d2a9ae5e803147d412fa878c0

SHA512
9ad9ced8fb3bb1cce60399a10f25a7e84b40d40b982d7a65ed68a7dd4206940b2ad21d223d486e2ebdbdf979318786dd54d8d6c7ed28dd60d55f6634d7217c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\DevLib.dll
MD5
867a7c021e3f715be52377d6898987d1

SHA1
7e6aa7fead644e93d5e949863313bac1efc48557

SHA256
5bc621d896c1d8d6ef9f4a7d830b725545b4e5b786724f62da38f592e737b0b4

SHA512
9b7327ecb5de29e7275c7b41966b1f9ce5e3bda3659b39b13e78a95681162f4bd37b5046af3d62b6c76da84b1c77e3f470c764188322103582eefb737aad8be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\DynActsBLL.dll
MD5
26fa8bc471cc10e65edd16d563e26c1c

SHA1
75004a65fe774b4f1ddb0fdac410a4066ee77792

SHA256
21ceb805de2892dcf3f93ab462b5d2fa1433051ce07c22616849924a57b04f45

SHA512
4dc5aac395a985e0775e98c05b6b827ae651da127c302edea20563ec9d8eeda4c3d9749e7551f40134b183c5dbebcbf988ef1abcb047264d0e84d3c14e2a9b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.dll
MD5
e9f66987ab0b9582dc806f5e4d89eae0

SHA1
672fde84c877d301419cfe595b9b248cc0235c6a

SHA256
0a1e756ba2cf3b23571eb0b3e0001e7883856c25f3c0185d8f0df24e2e185746

SHA512
f0c50ef47aa31b3ce68e916347ede54621e1c23a0558673c4f11001dffa1031ffa08bfaf7d03c6e182b016cc6d885afc22a8b749d9c961c36ad0480129d21cc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.exe
MD5
ca266ec9cccc768c00fc11394d8182dd

SHA1
4a6bd9aa470ce0836837977afeec6a02a8575650

SHA256
3531f2bf48fa5430df59843819801ae4f557488afdba33fa2511cad4d95829e8

SHA512
5c679904753faf4f0f464e974f650cb6a86a75085360455c01620856502383c79f0eb7001f781e603ea2afd1552ed383f11d185fd953efe42e88be2c0e0e9c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.exe
MD5
ca266ec9cccc768c00fc11394d8182dd

SHA1
4a6bd9aa470ce0836837977afeec6a02a8575650

SHA256
3531f2bf48fa5430df59843819801ae4f557488afdba33fa2511cad4d95829e8

SHA512
5c679904753faf4f0f464e974f650cb6a86a75085360455c01620856502383c79f0eb7001f781e603ea2afd1552ed383f11d185fd953efe42e88be2c0e0e9c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.exe.config
MD5
c5bb4979ee79c1a681c76afea65c95ed

SHA1
d1714ece77da71e377011b9a689af2e0675bb036

SHA256
54f1667525366c3c0f21949b406f62097ff9c5b4982a188a1ae5a3b61ae9a59c

SHA512
de0e8e036a0dcc5cf5f3cd6e7b33a0479b6311c6ad6c98a919c14f6318acbe57404830a2a1bfaa53b5850824a8fbf93227a5e02c846f53420e7c2b7fa799b0dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.exe.config
MD5
a8dcd70001bd0e4b3136e2978c2b6086

SHA1
7a73b92c5dd8922cb72c8f409bb0e284d42b2b26

SHA256
bf639e68bc157dbb255838c2289254bc8ba1a938cb0178f8efb2cdaa2ad492eb

SHA512
207c6571a94a795859aa1f9a4391f084e19d13a920bde0837dc2b28efc0fadb1fec61cf5196e36f1f2cdd1616bb47cf8c2d7acaeef369f8a76d4f6b1a3451470

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\H2OSciter.dll
MD5
04651e584ba25556ac7f7fe8930524c3

SHA1
7bbf9eff2529f20bb6ddd50457fa40243f0d0ffa

SHA256
d27c5c6b47c7fa4612be1e5d89e2e7cd99ffe72ca0577fc9111771f843707544

SHA512
20120ee03be4209ff159b347caafb752d0be14cf4aff6b456a91e9fce2b53377d6a57bf31f708455462839c3cdd3dc7040a2af3e7f77217979048628edf5a892

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\HtmlAgilityPack.dll
MD5
e7c2038932f2394a203000ceaf4f3408

SHA1
b52ae8e3dd75df7286c460cc6fdc051bb88801f7

SHA256
b45507e14f95fb9766e6ef2a469da741bb250c13f5f1c7886d321ac318de3195

SHA512
1be698f3113ad580bd72bcda2240f632d1f6612b7d2403608f74c5504fe4e5723b4c703505227ec553a7b7fc51776fa5b72675b5ed7f86251df4fda5280c8196

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Microsoft.Win32.TaskScheduler.dll
MD5
495ebb12df1de581271cf522b47b225a

SHA1
5be62a3d0a7ff0fc72ede7ef3e10ccf841dab119

SHA256
ce4a3f1df21928b297e98fdf8651a7f5cba4dd70dba2a267f6c3281df74f5aab

SHA512
bbfac639ea6aca6bbb3ad181a962e594c68333147ef6c86e390b3b13c8928fba68f47a16a45ed1058c50f9030cb862cbb26b5615d7f260b2566772638b420eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\MyDownloader.Core.dll
MD5
8b5b60e2e2b17f618c5144661c1d9154

SHA1
d68ed7f76538c3158840c7bcc2495402ba7df08f

SHA256
3a0398466f2fe4dc8a28e08659878397971cbb0e811319754ca2fc26ecb05e0c

SHA512
bb4a2620df379070d9ac6566454971056751dab02d525e105f3e07a2e93ac486f6ac17b4b525fbbb67449769a195ed041c47e56cdc85d6e508621e86a1a415f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\MyDownloader.Extension.dll
MD5
32d2b985aa68ddb92e40b33ecef00527

SHA1
f0e939698e637e9957ca0764a5c47f8b417d4e10

SHA256
f80656f47aa408f19e93153473f633f1b9bfa075c96eed45f6a8bb8d6b020b15

SHA512
b2f94ac69120927b9a866eb1718e8e0998674c75ed2e7b83015386f561180a8d8b729931f9ebc36ac02be1c28d1484e5a2ba9a29236afc9fe31a07f69a18c040

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Newtonsoft.Json.dll
MD5
714920416ba15fc3828bcecc7439473c

SHA1
b8ff89d8b3ab2a08c2292ce2070c04a3c31231ca

SHA256
a077c0976026703ec7fc1fc5f5fa65deaf6424e24ecaa661c10d128d7d5da6d3

SHA512
14eda6f479d416e34015951db6064563d812106175ad46f017fc8bcf9ff1b23015baa7774b563112b851b6873683dee288f921d22ea08818bedb90bebec03007

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\OfferServiceBLL.dll
MD5
1d5304e9e94d33bbe2eb84e2a090ad50

SHA1
bc5a659315947b4887c9ee4d21e6c62272a00f6a

SHA256
4a10091e4602b3ec194168ac981100a7f77cd6860f51ae5b1f15464014949c7c

SHA512
74c955b2469c7af807b586c2fc9133f4b97bac10a4fec672879c8e9422bd24ce15fe4a259607cc84ddbf91b71fb0345949810e160772a54724a02d73c6b374d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\OfferServiceSDK.dll
MD5
ada7c53c18113f10059dff1ec2032c9c

SHA1
488ca72adc73246a790f50654fe718e1745be2ab

SHA256
902e9a5c207199e407a3c3c2282c8f4b3a4f0ba76a2679b8c2a243bd8a873727

SHA512
3a2f0c0e300c13485635dee1aced175bad6778be6a6ec1839f14201c4a2bc2701880ee1c3056a490a07931b2df27ff5c885212e63be91d8fd142616e32995bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\DownloadFolderPage.html
MD5
081be6b3acc0aaa8abb5022576602a85

SHA1
d28c4fa116388e95538754d3a7e6f3851c6e0a7a

SHA256
bdab5051d03d17b9ef5f84fba1cd56db7e02547e8d80d61c902b87dacff80258

SHA512
083b75bd25a56cc5a190b24ee9cbfa7c1c16e1aed5a3d29037960be1830cd14e7e641754252716b295721d0677bfc9a55e57de6a4301db6f60eaee2b67f171e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\DownloadPage.html
MD5
0c50068656f5399f70a6bfa7d5449756

SHA1
72d4170b4bc5a2bbb0cb412aeade5baa704fd724

SHA256
5f43eb0a5b3a9882ec8589d65cb775bb8d8188eb0d84044785eec6d8822bc749

SHA512
b5217bec4de5e2572a1de41dadd4d4e532f1676a141a18e00be1d68d3f326a2d04e2f32c4e2b72d8e22eab04e0444b607339423e10b5bf913fb73fb24a4fe90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\InstallingPage.html
MD5
5e8620e688e1fd1ea5857459d3ddf602

SHA1
aa0a8dec375f9514ad99009d69c5bccf7a83dfb6

SHA256
86636267a852a1d28b86da101599dc4db517b8a9cfc0f3fdeceb2b09241d67b1

SHA512
42908c34771f7214dc3bc54f298dd14af43a99667d5f72d51124d17bf2f4e494bc1c9032e9b46cc2cf5714f0b8bd789320c3b27a87326ebca0f089a6dc29ed46

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\LaunchCarrierPage.html
MD5
54f1c87d7b5621fd51675dc248fff9f1

SHA1
35a2bcdabe667c4df0d9af9545fe7a070ae368d0

SHA256
09597d2f1167ec640796b179062f7442ac9149cd8f9344f8ce0c3faa65c1f02d

SHA512
cdd51c523f7766410e1660873aefd564e64517501a003d03a197dd8cb05d9b59c4c1361141226495f2f4a4d5add37c3a8d108e055091d3aeddbb525998c54594

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\OfferPage.html
MD5
ca9a0c02a51e2903eb950f75dd2b761b

SHA1
0b5f73759847b45d4fd578603e37d6116a965e37

SHA256
13b256ce28ba320c78d5e79c9225f15086c7b2c1120021872779b9b94a375b0a

SHA512
54d8e943700b707db76d864890614ce174c3f32cb64a6cbd477131ccfc978eb651a9165fbc94d783eb28697c22da4cc3bff32faad7e0ef99fdd83671a856f46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\images\bg.png
MD5
8ea330def408bb6b3bbc67a50857e20e

SHA1
693457d0bb4161c7b344a5c674f018ae28527f42

SHA256
852d4712e8d7109e71e5ab508712192148a2fa2d80146684a6356fe7d10c5bcb

SHA512
50574a61990b31989ee12295f59a44eb63f4ed12032b1137f23b5ba887b979f424cc42859dabf79474aceaa087880bd2d6083132654a4797dba62d3141c8fc71

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\images\loader.gif
MD5
2b26f73d382ab69f3914a7d9fda97b0f

SHA1
a3f5ad928d4bec107ae2941fa6b23c69d19eedd0

SHA256
a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643

SHA512
744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\images\logo.png
MD5
93deead26530ca33939697f7f22794af

SHA1
c1877d26c332a429ba82cd47a3090e8b33cba29d

SHA256
6154bd6a4a3eb13ca9f41f2766c37b56e2ab379c2042b31690f181658b880832

SHA512
0dee9a63d0763decd6e5c8c12899f81db8e35e6f69484c613fb93af6c49ae6286038f391aa8aa5fa088835debf8391ca79cabd479ba787d4d63a2c4955cfe005

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\images\warning48x48.png
MD5
d3361cf0d689a1b34d84f483d60ba9c9

SHA1
d89a9551137ae90f5889ed66e8dc005f85cf99ff

SHA256
56739925aada73f9489f9a6b72bfaaa92892b27d20f4d221380ba3eae17f1442

SHA512
247cf4c292d62cea6bf46ac3ab236e11f3d3885cd49fdd28958c7493ebb86ace45c9751424f7312f393932d0a7165e2985f56c764d299b7e37f75457eef2d846

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\style.css
MD5
d77f8a03bb43b5db751618bfb48af4d7

SHA1
ae37b4beb2076e3fa69c22cc8aa613b088a42bde

SHA256
a985e78ec48000c96cd23429b075879e81e1487ef73576d58ef67a8b7d892c00

SHA512
9ac8e70617f877c5d73b5445bd9ade792bb9b1854e914971c8b60ade24f58d0ee7d08fcb42868f0217e12bda3d65be26627b882928f26523457804ef16c3485c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\tis\Config.tis
MD5
fb1c09fc31ce983ed99d8913bb9f1474

SHA1
bb3d2558928acdb23ceb42950bd46fe12e03240f

SHA256
293959c3f8ebb87bffe885ce2331f0b40ab5666f9d237be4791ed4903ce17bf4

SHA512
9ae91e3c1a09f3d02e0cb13e548b5c441d9c19d8a314ea99bcb9066022971f525c804f8599a42b8d6585cbc36d6573bff5fadb750eeefadf1c5bc0d07d38b429

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\tis\EventHandler.tis
MD5
0cdeed0a5e5fd8a64cc8d6eaa7a7c414

SHA1
2ae93801a756c5e2bcfda128f5254965d4eb25f8

SHA256
8ef25a490d94a4de3f3d4a308c106b7435a7391099b3327e1fdfde8beef64933

SHA512
0bbcf56acf4e862e80af09d33c549cb5b549be00257cfb877c01d2a43eb3d8ac44683078ff02cde5a77c92ec83aeda111d5d3be631015b0aab2de39b87a4dc4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\tis\Log.tis
MD5
cef7a21acf607d44e160eac5a21bdf67

SHA1
f24f674250a381d6bf09df16d00dbf617354d315

SHA256
73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7

SHA512
5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\tis\TranslateOfferTemplate.tis
MD5
551029a3e046c5ed6390cc85f632a689

SHA1
b4bd706f753db6ba3c13551099d4eef55f65b057

SHA256
7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8

SHA512
22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Resources\tis\ViewStateLoader.tis
MD5
ef47b355f8a2e6ab49e31e93c587a987

SHA1
8cf9092f6bb0e7426279ac465eb1bbee3101d226

SHA256
e77239dbdcc6762f298cd5c216a4003cf2aa7b0ef45d364dd558a4bd7f3cdb25

SHA512
3957dfc400f1a371acadb2a2bc196177f88863908542f68e144bdd012b54663c726e2e0cc5f25356b16012deee37f7e931ebaa21292c7688ac8becbdd96775fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\Shared.dll
MD5
cd2ddc1c767125a3a51afdef4d4b8f9b

SHA1
89ea2ae15dbb3f7c4b94392f6def9ceef072428c

SHA256
27715cc7e067d8fc7aede58e49f2f02eb87ebc1066931b397bc7b7a3b77a0a62

SHA512
c70f839f7f481c61a0f2b9bbb6a09de89e27b2a344ebdb61b98d11d188ed3e26ae69560d67d88f05dac208d7360a838b5d4b09f79236b924b2361bfc70fd547a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\app.ico
MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\de\DevLib.resources.dll
MD5
ae06084e14cd756126d94ac2a9e1d9a7

SHA1
bea5064f93cfd3ee3361c13edae999e562624aad

SHA256
bad2bb768fcccbb33bda5c0c73492a68b4901975b31875d2f35107fa95ffee49

SHA512
69ae32c2160c188c4cd335827da0d669af9c35d07811d5dd651e140d044fc1249a57c187a6075072f73775bb2fc6924795edf8152eb7809460a19b602735b663

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\en\DevLib.resources.dll
MD5
15a41b89823905f636c3b57ea7d82ed2

SHA1
64e4f48474a987bc94a262c31c910e83ae8075bb

SHA256
f0bcf528424d4b71831730c6e852afeac84f0e322f1efa9d139a856a86a59937

SHA512
b593a0c316f5d924da19ecf63fac9f943de7548d597acccc2a56b4765d1b13aa51f5909d022e7d095f39c04195a18d256b497aa36055b4a81b89648a5580b633

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\es\DevLib.resources.dll
MD5
43f1b14da83f5514f9426dc38ea58264

SHA1
e77ef47a6806d9028d59a47a78e18d774bb36034

SHA256
13dd5f1c61d3a3b97a7b72c0c76b54b257c9f576d023821536e61bca8051bcef

SHA512
56ba560347dda858f9d6a1d1fca713bf2050f6a074545cddc10c187e51a3099f1d29ff35eadf24c9cf231da903a551d433e93b77f7d1b92bfd0fff5d3f8d6277

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\fr\DevLib.resources.dll
MD5
61cd9639d06373c4a3acfac2dc287ff7

SHA1
19940622de3ce54a4f9411c02a95ce0c16c7e318

SHA256
d5160ca1d7ad8162cd0094655addf4d11b0377600c0e2c7075374f928a2dcaa2

SHA512
083ee6b9c6a4778b9015477a1fabe71af545d84a3a681d8cedba3986d7951aa1967a3de3fb53fb9b8ff7da392275340c446a59867f4ac05de9cf42e6667310ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\installer.exe
MD5
46130ce84e15131ace77186628c49c92

SHA1
e797bbbc8aeb096d8f6823682e4f8ce402544fb3

SHA256
937ea48cc92c2c819873f89263b8d02c4a17025bc146c1a7d00e5154b90d5fc7

SHA512
beaa73298d53d269669233415f77acf1c2ff6e07c29e68999f06c6d9643cbaa133df2f65f8b6eaca77f57c5b41c59b39fef937a126370371bb0c47153b99cccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\installer.exe
MD5
46130ce84e15131ace77186628c49c92

SHA1
e797bbbc8aeb096d8f6823682e4f8ce402544fb3

SHA256
937ea48cc92c2c819873f89263b8d02c4a17025bc146c1a7d00e5154b90d5fc7

SHA512
beaa73298d53d269669233415f77acf1c2ff6e07c29e68999f06c6d9643cbaa133df2f65f8b6eaca77f57c5b41c59b39fef937a126370371bb0c47153b99cccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\it\DevLib.resources.dll
MD5
394ce4d46c91d44e8258b02f1ddd659e

SHA1
8af27117bce42176509fa260c98bf5cea6a42054

SHA256
ce11b68e4b067dc7f005b53ea9573ab9994b601c227b1de51f85aaa10b5b4d75

SHA512
9efb157cee0faf47764c09d7e322d4af39a30dc80826cc0b6b403d9112fe352859cba6a22183fc95d4d159b55b35d2a2175070fe03a03c4820fc209e9bea46e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\pt\DevLib.resources.dll
MD5
9a0e1ee831cd67cd2998b2507f1b3567

SHA1
37bf17b6fb58cf030573f85b1f40bd4f14bdfadd

SHA256
ee0ba0fbe0623e506fb42287eb5bc54204b6f9186d8a82a399bad16f0c189f1f

SHA512
d8451bb02f8b78cae4f5905be9bdad78cafb08dcc16153749c421d0cd3f29f8120433949164825e88d8af25dd0314246c5086d9d7a2292c82939f3775452ee47

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\ru\DevLib.resources.dll
MD5
57c00a172cd7a0b3cf97efe5c3020062

SHA1
7851ce67d26dcbf434dea3755f894de117bbec7d

SHA256
6100dbc016b3146b456166c26e887d7e03de266e384af4514464fe35caaa8718

SHA512
eec9744c8b39217bbf7a688733bc59f2420a3cfa81180063cfe887ae84a4910a4dedfef59c6a05d9b45754607958f3dde464f9ec07af4d0ddd61d4291411a41c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84225A24\sciter32.dll
MD5
a0bc59e3bd1d84fe0b18b2a00e0343db

SHA1
747cac91c1b147bff9e908b3ac6658d8c427924a

SHA256
70be5a6da26aa02df5db93091f1ccdd6811ef4489f89a1bc7760e36d30aab9cb

SHA512
ca7c68a0a5362256778abbdd254e0a10ee7feceda3955315ad34a5e3ac2ea14bdc79b7d2b4be7256e37d69ae3936fd04a708b72548567d4c29fb7167509b305c

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\DevLib.Services.dll
MD5
89be3dc6037e353e2d77035853c06ac3

SHA1
a47a0caea8e562026b2238d1875b74f5a8e26f8e

SHA256
911d136b3f189ba0b9837bba9e057536e3a4bf3d2a9ae5e803147d412fa878c0

SHA512
9ad9ced8fb3bb1cce60399a10f25a7e84b40d40b982d7a65ed68a7dd4206940b2ad21d223d486e2ebdbdf979318786dd54d8d6c7ed28dd60d55f6634d7217c23

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\DevLib.Services.dll
MD5
89be3dc6037e353e2d77035853c06ac3

SHA1
a47a0caea8e562026b2238d1875b74f5a8e26f8e

SHA256
911d136b3f189ba0b9837bba9e057536e3a4bf3d2a9ae5e803147d412fa878c0

SHA512
9ad9ced8fb3bb1cce60399a10f25a7e84b40d40b982d7a65ed68a7dd4206940b2ad21d223d486e2ebdbdf979318786dd54d8d6c7ed28dd60d55f6634d7217c23

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\DevLib.dll
MD5
867a7c021e3f715be52377d6898987d1

SHA1
7e6aa7fead644e93d5e949863313bac1efc48557

SHA256
5bc621d896c1d8d6ef9f4a7d830b725545b4e5b786724f62da38f592e737b0b4

SHA512
9b7327ecb5de29e7275c7b41966b1f9ce5e3bda3659b39b13e78a95681162f4bd37b5046af3d62b6c76da84b1c77e3f470c764188322103582eefb737aad8be8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\DevLib.dll
MD5
867a7c021e3f715be52377d6898987d1

SHA1
7e6aa7fead644e93d5e949863313bac1efc48557

SHA256
5bc621d896c1d8d6ef9f4a7d830b725545b4e5b786724f62da38f592e737b0b4

SHA512
9b7327ecb5de29e7275c7b41966b1f9ce5e3bda3659b39b13e78a95681162f4bd37b5046af3d62b6c76da84b1c77e3f470c764188322103582eefb737aad8be8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.dll
MD5
e9f66987ab0b9582dc806f5e4d89eae0

SHA1
672fde84c877d301419cfe595b9b248cc0235c6a

SHA256
0a1e756ba2cf3b23571eb0b3e0001e7883856c25f3c0185d8f0df24e2e185746

SHA512
f0c50ef47aa31b3ce68e916347ede54621e1c23a0558673c4f11001dffa1031ffa08bfaf7d03c6e182b016cc6d885afc22a8b749d9c961c36ad0480129d21cc6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\GenericSetup.dll
MD5
e9f66987ab0b9582dc806f5e4d89eae0

SHA1
672fde84c877d301419cfe595b9b248cc0235c6a

SHA256
0a1e756ba2cf3b23571eb0b3e0001e7883856c25f3c0185d8f0df24e2e185746

SHA512
f0c50ef47aa31b3ce68e916347ede54621e1c23a0558673c4f11001dffa1031ffa08bfaf7d03c6e182b016cc6d885afc22a8b749d9c961c36ad0480129d21cc6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\H2OSciter.dll
MD5
04651e584ba25556ac7f7fe8930524c3

SHA1
7bbf9eff2529f20bb6ddd50457fa40243f0d0ffa

SHA256
d27c5c6b47c7fa4612be1e5d89e2e7cd99ffe72ca0577fc9111771f843707544

SHA512
20120ee03be4209ff159b347caafb752d0be14cf4aff6b456a91e9fce2b53377d6a57bf31f708455462839c3cdd3dc7040a2af3e7f77217979048628edf5a892

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\H2OSciter.dll
MD5
04651e584ba25556ac7f7fe8930524c3

SHA1
7bbf9eff2529f20bb6ddd50457fa40243f0d0ffa

SHA256
d27c5c6b47c7fa4612be1e5d89e2e7cd99ffe72ca0577fc9111771f843707544

SHA512
20120ee03be4209ff159b347caafb752d0be14cf4aff6b456a91e9fce2b53377d6a57bf31f708455462839c3cdd3dc7040a2af3e7f77217979048628edf5a892

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\HtmlAgilityPack.dll
MD5
e7c2038932f2394a203000ceaf4f3408

SHA1
b52ae8e3dd75df7286c460cc6fdc051bb88801f7

SHA256
b45507e14f95fb9766e6ef2a469da741bb250c13f5f1c7886d321ac318de3195

SHA512
1be698f3113ad580bd72bcda2240f632d1f6612b7d2403608f74c5504fe4e5723b4c703505227ec553a7b7fc51776fa5b72675b5ed7f86251df4fda5280c8196

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\HtmlAgilityPack.dll
MD5
e7c2038932f2394a203000ceaf4f3408

SHA1
b52ae8e3dd75df7286c460cc6fdc051bb88801f7

SHA256
b45507e14f95fb9766e6ef2a469da741bb250c13f5f1c7886d321ac318de3195

SHA512
1be698f3113ad580bd72bcda2240f632d1f6612b7d2403608f74c5504fe4e5723b4c703505227ec553a7b7fc51776fa5b72675b5ed7f86251df4fda5280c8196

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\MyDownloader.Core.dll
MD5
8b5b60e2e2b17f618c5144661c1d9154

SHA1
d68ed7f76538c3158840c7bcc2495402ba7df08f

SHA256
3a0398466f2fe4dc8a28e08659878397971cbb0e811319754ca2fc26ecb05e0c

SHA512
bb4a2620df379070d9ac6566454971056751dab02d525e105f3e07a2e93ac486f6ac17b4b525fbbb67449769a195ed041c47e56cdc85d6e508621e86a1a415f9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\MyDownloader.Core.dll
MD5
8b5b60e2e2b17f618c5144661c1d9154

SHA1
d68ed7f76538c3158840c7bcc2495402ba7df08f

SHA256
3a0398466f2fe4dc8a28e08659878397971cbb0e811319754ca2fc26ecb05e0c

SHA512
bb4a2620df379070d9ac6566454971056751dab02d525e105f3e07a2e93ac486f6ac17b4b525fbbb67449769a195ed041c47e56cdc85d6e508621e86a1a415f9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\MyDownloader.Extension.dll
MD5
32d2b985aa68ddb92e40b33ecef00527

SHA1
f0e939698e637e9957ca0764a5c47f8b417d4e10

SHA256
f80656f47aa408f19e93153473f633f1b9bfa075c96eed45f6a8bb8d6b020b15

SHA512
b2f94ac69120927b9a866eb1718e8e0998674c75ed2e7b83015386f561180a8d8b729931f9ebc36ac02be1c28d1484e5a2ba9a29236afc9fe31a07f69a18c040

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\MyDownloader.Extension.dll
MD5
32d2b985aa68ddb92e40b33ecef00527

SHA1
f0e939698e637e9957ca0764a5c47f8b417d4e10

SHA256
f80656f47aa408f19e93153473f633f1b9bfa075c96eed45f6a8bb8d6b020b15

SHA512
b2f94ac69120927b9a866eb1718e8e0998674c75ed2e7b83015386f561180a8d8b729931f9ebc36ac02be1c28d1484e5a2ba9a29236afc9fe31a07f69a18c040

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\Newtonsoft.Json.dll
MD5
714920416ba15fc3828bcecc7439473c

SHA1
b8ff89d8b3ab2a08c2292ce2070c04a3c31231ca

SHA256
a077c0976026703ec7fc1fc5f5fa65deaf6424e24ecaa661c10d128d7d5da6d3

SHA512
14eda6f479d416e34015951db6064563d812106175ad46f017fc8bcf9ff1b23015baa7774b563112b851b6873683dee288f921d22ea08818bedb90bebec03007

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\Newtonsoft.Json.dll
MD5
714920416ba15fc3828bcecc7439473c

SHA1
b8ff89d8b3ab2a08c2292ce2070c04a3c31231ca

SHA256
a077c0976026703ec7fc1fc5f5fa65deaf6424e24ecaa661c10d128d7d5da6d3

SHA512
14eda6f479d416e34015951db6064563d812106175ad46f017fc8bcf9ff1b23015baa7774b563112b851b6873683dee288f921d22ea08818bedb90bebec03007

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\OfferServiceBLL.dll
MD5
1d5304e9e94d33bbe2eb84e2a090ad50

SHA1
bc5a659315947b4887c9ee4d21e6c62272a00f6a

SHA256
4a10091e4602b3ec194168ac981100a7f77cd6860f51ae5b1f15464014949c7c

SHA512
74c955b2469c7af807b586c2fc9133f4b97bac10a4fec672879c8e9422bd24ce15fe4a259607cc84ddbf91b71fb0345949810e160772a54724a02d73c6b374d3

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\OfferServiceBLL.dll
MD5
1d5304e9e94d33bbe2eb84e2a090ad50

SHA1
bc5a659315947b4887c9ee4d21e6c62272a00f6a

SHA256
4a10091e4602b3ec194168ac981100a7f77cd6860f51ae5b1f15464014949c7c

SHA512
74c955b2469c7af807b586c2fc9133f4b97bac10a4fec672879c8e9422bd24ce15fe4a259607cc84ddbf91b71fb0345949810e160772a54724a02d73c6b374d3

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\OfferServiceSDK.dll
MD5
ada7c53c18113f10059dff1ec2032c9c

SHA1
488ca72adc73246a790f50654fe718e1745be2ab

SHA256
902e9a5c207199e407a3c3c2282c8f4b3a4f0ba76a2679b8c2a243bd8a873727

SHA512
3a2f0c0e300c13485635dee1aced175bad6778be6a6ec1839f14201c4a2bc2701880ee1c3056a490a07931b2df27ff5c885212e63be91d8fd142616e32995bd3

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\OfferServiceSDK.dll
MD5
ada7c53c18113f10059dff1ec2032c9c

SHA1
488ca72adc73246a790f50654fe718e1745be2ab

SHA256
902e9a5c207199e407a3c3c2282c8f4b3a4f0ba76a2679b8c2a243bd8a873727

SHA512
3a2f0c0e300c13485635dee1aced175bad6778be6a6ec1839f14201c4a2bc2701880ee1c3056a490a07931b2df27ff5c885212e63be91d8fd142616e32995bd3

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\Shared.dll
MD5
cd2ddc1c767125a3a51afdef4d4b8f9b

SHA1
89ea2ae15dbb3f7c4b94392f6def9ceef072428c

SHA256
27715cc7e067d8fc7aede58e49f2f02eb87ebc1066931b397bc7b7a3b77a0a62

SHA512
c70f839f7f481c61a0f2b9bbb6a09de89e27b2a344ebdb61b98d11d188ed3e26ae69560d67d88f05dac208d7360a838b5d4b09f79236b924b2361bfc70fd547a

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\Shared.dll
MD5
cd2ddc1c767125a3a51afdef4d4b8f9b

SHA1
89ea2ae15dbb3f7c4b94392f6def9ceef072428c

SHA256
27715cc7e067d8fc7aede58e49f2f02eb87ebc1066931b397bc7b7a3b77a0a62

SHA512
c70f839f7f481c61a0f2b9bbb6a09de89e27b2a344ebdb61b98d11d188ed3e26ae69560d67d88f05dac208d7360a838b5d4b09f79236b924b2361bfc70fd547a

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\en\DevLib.resources.dll
MD5
15a41b89823905f636c3b57ea7d82ed2

SHA1
64e4f48474a987bc94a262c31c910e83ae8075bb

SHA256
f0bcf528424d4b71831730c6e852afeac84f0e322f1efa9d139a856a86a59937

SHA512
b593a0c316f5d924da19ecf63fac9f943de7548d597acccc2a56b4765d1b13aa51f5909d022e7d095f39c04195a18d256b497aa36055b4a81b89648a5580b633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\en\DevLib.resources.dll
MD5
15a41b89823905f636c3b57ea7d82ed2

SHA1
64e4f48474a987bc94a262c31c910e83ae8075bb

SHA256
f0bcf528424d4b71831730c6e852afeac84f0e322f1efa9d139a856a86a59937

SHA512
b593a0c316f5d924da19ecf63fac9f943de7548d597acccc2a56b4765d1b13aa51f5909d022e7d095f39c04195a18d256b497aa36055b4a81b89648a5580b633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84225A24\sciter32.dll
MD5
a0bc59e3bd1d84fe0b18b2a00e0343db

SHA1
747cac91c1b147bff9e908b3ac6658d8c427924a

SHA256
70be5a6da26aa02df5db93091f1ccdd6811ef4489f89a1bc7760e36d30aab9cb

SHA512
ca7c68a0a5362256778abbdd254e0a10ee7feceda3955315ad34a5e3ac2ea14bdc79b7d2b4be7256e37d69ae3936fd04a708b72548567d4c29fb7167509b305c

Download Submit
memory/852-92-0x000000000A850000-0x000000000A851000-memory.dmp

Filesize
4KB

Download
memory/852-48-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download
memory/852-79-0x0000000006280000-0x0000000006281000-memory.dmp

Filesize
4KB

Download
memory/852-80-0x0000000006AD0000-0x0000000006AD1000-memory.dmp

Filesize
4KB

Download
memory/852-83-0x0000000006AB0000-0x0000000006AB1000-memory.dmp

Filesize
4KB

Download
memory/852-78-0x0000000006200000-0x0000000006201000-memory.dmp

Filesize
4KB

Download
memory/852-74-0x0000000006140000-0x0000000006141000-memory.dmp

Filesize
4KB

Download
memory/852-85-0x0000000007490000-0x0000000007491000-memory.dmp

Filesize
4KB

Download
memory/852-88-0x000000000A820000-0x000000000A821000-memory.dmp

Filesize
4KB

Download
memory/852-56-0x0000000005A50000-0x0000000005A51000-memory.dmp

Filesize
4KB

Download
memory/852-64-0x0000000005AA0000-0x0000000005AA1000-memory.dmp

Filesize
4KB

Download
memory/852-47-0x0000000072210000-0x00000000728FE000-memory.dmp

Filesize
6.9MB

Download
memory/852-52-0x0000000005570000-0x0000000005571000-memory.dmp

Filesize
4KB

Download
memory/852-44-0x0000000000000000-mapping.dmp

Download
memory/852-96-0x000000000A810000-0x000000000A811000-memory.dmp

Filesize
4KB

Download
memory/852-71-0x0000000005E10000-0x0000000005E11000-memory.dmp

Filesize
4KB

Download
memory/852-68-0x0000000005B00000-0x0000000005B01000-memory.dmp

Filesize
4KB

Download
memory/852-60-0x0000000005AC0000-0x0000000005AC1000-memory.dmp

Filesize
4KB

Download
memory/852-101-0x000000000D800000-0x000000000D801000-memory.dmp

Filesize
4KB

Download
memory/3460-1-0x0000000000000000-mapping.dmp

Download