cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a

Analysis

max time kernel
102s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe
Size

1.1MB
MD5

7082969fe608a1152b0d57c89a88deb7
SHA1

2d1080859d1330d29058d405933997514b4beb56
SHA256

cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a
SHA512

3e63e50f98ab3c863dc0442f43aa4c211e2e06ffcb78718d72a54e1d26f372a2f4583806ba579c0e256d0b508f68cebab628ebd7291df135d358c233c40c96f0
SSDEEP

24576:jAAYnBxBE1NdOgvwbGIzRsTXqDXjviCI5vXSJDwX3Ww5ZeFLLTr:jAfUm8wy3qDTvilCJDW5ZeFvX

Score

9^/10

Malware Config

Signatures

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
behavioral2/memory/4484-178-0x0000000000400000-0x000000000041A000-memory.dmp	MailPassView

Nirsoft 5 IoCs

resource	yara_rule
behavioral2/memory/3316-155-0x0000000000400000-0x000000000041E000-memory.dmp	Nirsoft
behavioral2/memory/1536-171-0x0000000000400000-0x0000000000414000-memory.dmp	Nirsoft
behavioral2/memory/4484-178-0x0000000000400000-0x000000000041A000-memory.dmp	Nirsoft
behavioral2/memory/4580-192-0x0000000000400000-0x0000000000417000-memory.dmp	Nirsoft
behavioral2/memory/2316-199-0x0000000000400000-0x0000000000410000-memory.dmp	Nirsoft

Executes dropped EXE 10 IoCs

pid	Process
4016	UNIVERSAL_PATCH.EXE
2952	UNIVERSAL PATCH.EXE
4724	UNIVERSAL_PATCH.EXE
3316	UNIVERSAL_PATCH.EXE
1044	UNIVERSAL_PATCH.EXE
1536	UNIVERSAL_PATCH.EXE
4484	UNIVERSAL_PATCH.EXE
4860	UNIVERSAL_PATCH.EXE
4580	UNIVERSAL_PATCH.EXE
2316	UNIVERSAL_PATCH.EXE

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe

Loads dropped DLL 1 IoCs

pid	Process
2952	UNIVERSAL PATCH.EXE

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe

Suspicious use of SetThreadContext 8 IoCs

description	pid	Process	procid_target
PID 4016 set thread context of 4724	4016	UNIVERSAL_PATCH.EXE	87
PID 4724 set thread context of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 set thread context of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 set thread context of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 set thread context of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 set thread context of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 set thread context of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 set thread context of 2316	4724	UNIVERSAL_PATCH.EXE	124

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 8 IoCs

pid	pid_target	Process	procid_target
4172	4016	WerFault.exe	85
4288	3316	WerFault.exe	89
3712	1044	WerFault.exe	98
4852	1536	WerFault.exe	103
1724	4484	WerFault.exe	110
1760	4860	WerFault.exe	116
2292	4580	WerFault.exe	120
4492	2316	WerFault.exe	124

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5040	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5040	AUDIODG.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 4016	400	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe	85
PID 400 wrote to memory of 4016	400	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe	85
PID 400 wrote to memory of 4016	400	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe	85
PID 400 wrote to memory of 2952	400	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe	86
PID 400 wrote to memory of 2952	400	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe	86
PID 400 wrote to memory of 2952	400	cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe	86
PID 4016 wrote to memory of 4724	4016	UNIVERSAL_PATCH.EXE	87
PID 4016 wrote to memory of 4724	4016	UNIVERSAL_PATCH.EXE	87
PID 4016 wrote to memory of 4724	4016	UNIVERSAL_PATCH.EXE	87
PID 4016 wrote to memory of 4724	4016	UNIVERSAL_PATCH.EXE	87
PID 4016 wrote to memory of 4724	4016	UNIVERSAL_PATCH.EXE	87
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 3316	4724	UNIVERSAL_PATCH.EXE	89
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1044	4724	UNIVERSAL_PATCH.EXE	98
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 1536	4724	UNIVERSAL_PATCH.EXE	103
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4484	4724	UNIVERSAL_PATCH.EXE	110
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4860	4724	UNIVERSAL_PATCH.EXE	116
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120
PID 4724 wrote to memory of 4580	4724	UNIVERSAL_PATCH.EXE	120

C:\Users\Admin\AppData\Local\Temp\cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe
"C:\Users\Admin\AppData\Local\Temp\cf20e362550cdde7afb806d6f6da981fb7de2d33a671c6895f903706b2de6e8a.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
  "C:\Windows\system32\UNIVERSAL_PATCH.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4016
- - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
    C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:4724
  - - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
      /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
      4⤵
      Executes dropped EXE
      PID:3316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 12
        5⤵
        Program crash
        
        PID:4288
  - - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
      /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
      4⤵
      Executes dropped EXE
      PID:1044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 12
        5⤵
        Program crash
        
        PID:3712
  - - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
      /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
      4⤵
      Executes dropped EXE
      PID:1536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 12
        5⤵
        Program crash
        
        PID:4852
  - - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
      /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
      4⤵
      Executes dropped EXE
      PID:4484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 12
        5⤵
        Program crash
        
        PID:1724
  - - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
      /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
      4⤵
      Executes dropped EXE
      PID:4860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 12
        5⤵
        Program crash
        
        PID:1760
  - - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
      /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
      4⤵
      Executes dropped EXE
      PID:4580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 12
        5⤵
        Program crash
        
        PID:2292
  - - C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE
      /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
      4⤵
      Executes dropped EXE
      PID:2316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 12
        5⤵
        Program crash
        
        PID:4492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 496
    3⤵
    - Program crash
    PID:4172
- C:\UNIVERSAL PATCH.EXE
  "C:\UNIVERSAL PATCH.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4016 -ip 4016
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3316 -ip 3316
1⤵
PID:2044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1044 -ip 1044
1⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1536 -ip 1536
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4484 -ip 4484
1⤵
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4860 -ip 4860
1⤵
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4580 -ip 4580
1⤵
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2316 -ip 2316
1⤵
PID:1388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\UNIVERSAL PATCH.EXE

Filesize
382KB

MD5
bc3dc5136d76c30af2da911df4465ad0

SHA1
6276987bb908c3ea58115fc513aa78a770e6cb11

SHA256
d6b21004c8731ce807ab7da382e12407c5de06c135b190ff8281ec8fb28acbe9

SHA512
fd48775d4f398106cea2cbd04ecc4c292ff5b450b7b42c08ce145526a3fc0b38967597b39c826d99f68697775c25904b58508a930bf173ce7bc32e94ebc99a6c

Download Submit
C:\UNIVERSAL PATCH.EXE

Filesize
382KB

MD5
bc3dc5136d76c30af2da911df4465ad0

SHA1
6276987bb908c3ea58115fc513aa78a770e6cb11

SHA256
d6b21004c8731ce807ab7da382e12407c5de06c135b190ff8281ec8fb28acbe9

SHA512
fd48775d4f398106cea2cbd04ecc4c292ff5b450b7b42c08ce145526a3fc0b38967597b39c826d99f68697775c25904b58508a930bf173ce7bc32e94ebc99a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bassmod.dll

Filesize
9KB

MD5
780d14604d49e3c634200c523def8351

SHA1
e208ef6f421d2260070a9222f1f918f1de0a8eeb

SHA256
844eb66a10b848d3a71a8c63c35f0a01550a46d2ff8503e2ca8947978b03b4d2

SHA512
a49c030f11da8f0cdc4205c86bec00653ec2f8899983cad9d7195fd23255439291aaec5a7e128e1a103efd93b8566e86f15af89eba4efebf9debce14a7a5564b

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
C:\Windows\SysWOW64\UNIVERSAL_PATCH.EXE

Filesize
719KB

MD5
8432e73bf96eaf19287916b3539248e2

SHA1
248612964ad6490f4e435c3b2043f043ac5e783d

SHA256
a3defcfd71ca8742d5746a91703a8cb6de0468142b8e0368959b1cabf117c228

SHA512
a30f48d78f4e61c664c091ffdd611b449126e079f5be852fd9539621dfa1da44b235ad64bc5c249efb540daf313791097502108f3b6706e9ab2c3bce7382723d

Download Submit
memory/1044-162-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1044-163-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1044-164-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1044-161-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1536-168-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1536-169-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1536-170-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1536-171-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2316-196-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2316-199-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2316-197-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2316-198-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3316-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3316-153-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3316-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3316-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4484-176-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4484-177-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4484-175-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4484-178-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4580-192-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4580-189-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4580-190-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4580-191-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4724-142-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4724-141-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4724-207-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4724-145-0x00000000004D0000-0x00000000004DA000-memory.dmp

Filesize
40KB

Download
memory/4724-202-0x00000000004D0000-0x00000000004D8000-memory.dmp

Filesize
32KB

Download
memory/4724-139-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4724-144-0x0000000002171000-0x000000000218E000-memory.dmp

Filesize
116KB

Download
memory/4724-143-0x0000000002170000-0x0000000002197000-memory.dmp

Filesize
156KB

Download
memory/4724-159-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4860-183-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4860-182-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4860-184-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4860-185-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download