Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

butterflyo...op.exe

windows7-x64

7

butterflyo...op.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    207s
  • max time network
    198s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    butterflyondesktop.exe

  • Size

    2.8MB

  • MD5

    1535aa21451192109b86be9bcc7c4345

  • SHA1

    1af211c686c4d4bf0239ed6620358a19691cf88c

  • SHA256

    4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

  • SHA512

    1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

  • SSDEEP

    49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 56 IoCs
  • Suspicious use of SendNotifyMessage 52 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe
    "C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Users\Admin\AppData\Local\Temp\is-7IJJJ.tmp\butterflyondesktop.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-7IJJJ.tmp\butterflyondesktop.tmp" /SL5="$4001C,2719719,54272,C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
        "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2496
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:268
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:268 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1636
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/butterflyondesktoplike.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2468
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2176
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:324
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SavePublish.mp4"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
    Filesize

    1.5MB

    MD5

    3cdee3212972fc869a924889def56b7d

    SHA1

    80efabf4bdfc3e8e6ba28ab3462b75ed5774dab4

    SHA256

    5f81c3edbf55bb41117f549174494113b63e0d441f544d5860ce69e0b30fa8b4

    SHA512

    86c82043ce02ebee141aa16bbf42a91b98616c50dd88c2669894f5a14d95d9b26ec4f4192cc189aa55e532ca82e6cb72abcc97dd8b39d348a2773a784259db36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    6c05cb875cc3882335859c75e630fcbd

    SHA1

    c7f8beb41188a527b80f7a075aadb6f3adca06c7

    SHA256

    968d649baac388893ffbe1ff4593fd73cb1cfd1faa7a69c01f2ca9a7a2a62be3

    SHA512

    b455aefcd116185f5c8783c051603afbd49553d5fb8acd97284d548aa358b6b73b585a716227a1c272ae1ec194f14b3cb0e58b69083031a39868106e88eca917

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{D6F58CF0-8EDC-11EE-8BED-7ED9061E9C39}.dat
    Filesize

    4KB

    MD5

    2b6f10bb39b1d53d36e510e41007a90f

    SHA1

    0131c26c11fd1bc8abde645a69dc3c756cf32076

    SHA256

    b687722172a3ed6c69c3f6d3f5c18a3ab895e00f2c9b0bf23202d75db754b199

    SHA512

    8b3bd6f0dd4002efde2210ebfb35179c2f083e64e5bf4afaf9c31892b0b18c38c50854283a495f83e5f802885dd3f8dd496c8edb6e94de7c2e4130e8baa14385

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RWA8GE3\butterflyondesktop[2].htm
    Filesize

    7KB

    MD5

    de9bccf93f6c0905b249151acff95e02

    SHA1

    44006662d744b4b98e41e2919bcdb1784b2349e5

    SHA256

    e7a27ab028b60ddbd9093d5c0165a5e33a0acbc69602b7a0d94fa108f982f377

    SHA512

    9eba9f38b2fdec7498563a2bb8a7e48dc6a0a0c9a1d3ad546af9f5b10acaa3c7fdb5dc2d44ed35d7ec35413ce22963697baec5565d88177cc471b47bedd665ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RWA8GE3\ga[1].js
    Filesize

    45KB

    MD5

    e9372f0ebbcf71f851e3d321ef2a8e5a

    SHA1

    2c7d19d1af7d97085c977d1b69dcb8b84483d87c

    SHA256

    1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

    SHA512

    c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RWA8GE3\menubackground2[1].jpg
    Filesize

    16KB

    MD5

    69a850972c7d424e410608664a163fd2

    SHA1

    d19d8b80c36bc6b1a8f70f63a54a5e15d60544c4

    SHA256

    4635d13be3ce718b407d72a4da6413f18321d34aaa91dcbac14e3b9cd4d19961

    SHA512

    bcecf2c4fb981f9bc3cf73c89ca593c051cca8e76aaa0ad21f2233403fdd36a3c1c3f05f350cfc360a92ea353b31edb7433f78f82ad17299a17c13fd805f0ccc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RWA8GE3\slider[1].css
    Filesize

    6KB

    MD5

    98f6d58d01b54054367c4235895d182c

    SHA1

    e4929f2143329f86bb80345efe056dc1a3470dfb

    SHA256

    156d690906cac548876cd6ca7c4ef23da2557d2c3b91dbf97c893eca1b7df0a8

    SHA512

    f625135720f919b5ab7162439f0296d9e20c143e2061affa09bab922d688e119359b65823a33063d8f954763893344ee14724edfc36587f4f0d51cd7aba62e93

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWMARXKJ\banner_bg2[1].jpg
    Filesize

    2KB

    MD5

    11e512fba29c88032e0958095ca7ee46

    SHA1

    427848d97c6347f2e040db4453a74cea832cbe0c

    SHA256

    b90ae6cd0c9c3df8f9ef47b0924db1892c78fbdb248db7af46a55180de7a0159

    SHA512

    d1bfbc1cb527e905c88371224accae7c364b1f9f3ab309f52098c3bad85abc962b480375188ca981ddd13925416ec43dd862db9a7a6d2bf979f9d37ed2c26b24

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZGKD8FM\banner3[1].jpg
    Filesize

    11KB

    MD5

    e70321e25ba7aa957b227d708df65a02

    SHA1

    934e57b8d05ccc1758a08e23f10a18b1269bd958

    SHA256

    42a325b49c1cbe221d73a82211108a0c3c6bbf9aaa11cea21b38b0d35e892d94

    SHA512

    289a9a4c7891e2e611e2de549801f462abeda6f493d07e3daa9a766ef1f66e597ab9b0db0322068977f53371c36fcd0afc313d3c514c3121f0f54d61d6624bfc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZGKD8FM\banner3[1].jpg
    Filesize

    41KB

    MD5

    802dc3898e04813167ef270f1adf3c55

    SHA1

    03885da2d6b4a83b619c797a8d48f6288cc79cf6

    SHA256

    474ef6f98193d29e81a73d37f6785ec393de0ef6fbe927f3b28ffff2eb3b5e86

    SHA512

    d14fcc1613c9f2757a7b2953c478fa44a4ee21a41b40bda5ac47b417f1062f00f179c5dbaf7ed4a6df0f90451c67e6216bf6ee884c5e0cb06e5f27cc70607749

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZGKD8FM\button[1].css
    Filesize

    2KB

    MD5

    737b76c3d20064566bb84ab2b4df4cd7

    SHA1

    34f14b3a2df4db9b98fba119358c6201dd7d19e3

    SHA256

    52f7ecddc750f2c8f7dd5dc3ec4ff121101ff49236829dfa61ef63e05bc9e1b2

    SHA512

    781dde4af76873d5e7173b700a422951b509003f76b2e9c9605ae7dde41526d7041cd1bd91b5cd04fe78481ad99e5f27b47f2d64c593b1ba8c4b40b998af7939

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZGKD8FM\main[1].css
    Filesize

    4KB

    MD5

    b20455b8c62dff81a15372cd7547f524

    SHA1

    b7e605da2b2d76dd6f010f721ed12bc9b3c2c9c9

    SHA256

    a5a58a0a58fb7e53c25b480980cb41d7d76f03cc70f70c221336a2193e11281a

    SHA512

    90645db242d2543c2bfbb0cd1ee1e62c70be65be90bab48368e54287baa77058b9285434533c41f395ab9e47b99ad1874315bde134ebf80589563811cbd71488

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZGKD8FM\menubackgroundside2[1].jpg
    Filesize

    1KB

    MD5

    dab7c1bc5923243eb6cc12b3725e9ab5

    SHA1

    cd74bf2eb35fd10dddc493ca6bf7c8f59c155cb2

    SHA256

    9dbb456d15b2c22ec5e147dd2585a1ca4634dde18555871183dbb1addda75f09

    SHA512

    42d6519f871ca06d838b52eb5101936fdfec75b482a6db743580e2843a1ed865e66f1f826d805e373d1e06392ae17a7dba9b63e4dd638ca37a28da1aed2154ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFILZH8E\all[2].js
    Filesize

    3KB

    MD5

    1abf97da8f7d8aa5b2958803e598cf69

    SHA1

    76d04c9aa878b6f1b3a985bdac54985a4fb35ffc

    SHA256

    bb12ec68db4029654cd1e8e3b6f51451f05fe75478f4a66c2229bda56ab00bb0

    SHA512

    a7327d8622ede8a8942ff541e95944bc191198e84d7800d702e8e50469cec19bd21c69445663fb60b565a05ed986804f205b8543d13ee26db8f3685756582a45

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFILZH8E\all[3].js
    Filesize

    299KB

    MD5

    d1454fd90cc5898d5162f1e7c31575ca

    SHA1

    92a8523366e4018d4e5bf7f395418129ad9a051f

    SHA256

    3ef95cfc414cd7abc4811de550869e42094e4768ff8afc72fe54c145b2690e84

    SHA512

    a8a657cb59afc509f91f903501364d5ee454335dc2af94022bc1423e96827d5609aafeefd4f71057654cf8fef82523292323512a003e77726c2824ed9bdd656d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFILZH8E\bodybackground[1].png
    Filesize

    11KB

    MD5

    1e097697ce0731629c7ba40eca4777f3

    SHA1

    c5cb898484b4fa5da5afba438da99423f2f936d2

    SHA256

    a06322f2cc199ad081b7e157e319690426a6f490e514f748951c73a42fea32ef

    SHA512

    5d3d7c89d0a4b01809c3be3e51e2487064f87604c23abd1056f8c99187cc60eede9fed03ff3d987cee297c7a8ce677e6c8ec00586cf7041223f8f988b406a16e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFILZH8E\slider[1].js
    Filesize

    2KB

    MD5

    10a9a62fdce91bd51cbb7b267f0f3a2f

    SHA1

    7461619bb60abfd3f13f7b23a4d1c867816e3096

    SHA256

    53cde9ec4d8608ca8038e06db87f0883afeabba8ea91647f47a6757751e231c8

    SHA512

    fb3f242f66b17508145fef9d0a9b76f5c9762778374e87ada24211b344558529598afcd53546e799451b819f8829145fc832886bb5ea0438856796c0f25c28e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3632.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-7IJJJ.tmp\butterflyondesktop.tmp
    Filesize

    688KB

    MD5

    c765336f0dcf4efdcc2101eed67cd30c

    SHA1

    fa0279f59738c5aa3b6b20106e109ccd77f895a7

    SHA256

    c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

    SHA512

    06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF98D69EEC57BD8DE9.TMP
    Filesize

    24KB

    MD5

    e33c5b4a00a9a552192c247f6bab628d

    SHA1

    649857c68ce11ef1dd6d3bab3d982433c0d875de

    SHA256

    c5ef3254a88f8dc62f0af2cf5acff3d22545692ed0809309fa666065a4cdd0f8

    SHA512

    d62b8c2775ba704f81e6137df7da3c7180a0cb3af34fcea715d36041a0ac1e8318ca6f1f7ac4163d30e68677a8c01bc7e7a46a27b60397ee0eb986fee236421d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
    Filesize

    76B

    MD5

    6c035707590b0c7f93402ec7d80dc103

    SHA1

    ef2c18850944c627906e5c260dff57b0acb84679

    SHA256

    834329cf7b2b85db73b2b4db3a13621118acbdcbf1ccd343deb8fd81cdbf9968

    SHA512

    97ef6ea4b5c8b7c6b6025a8bba8706696fcbc08acef21474c7dda30a2a3defb21d18da28183e05a4891dad9f48b9b417f9db9c9f710e50d970bcb96958a1ad93

    Download Submit

  • \Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
    Filesize

    1.3MB

    MD5

    bd9531891faaadbfa403ed8061a54e36

    SHA1

    ee890065a1148d8223d13bbcc76e70a52d44dee5

    SHA256

    7928a0653c8bac7c393af10632bd3b3a70469f54a3f067d09bcf43fe0cd841d3

    SHA512

    8a9982ffb7e186367818b5bce5e51e483125c2865723c61499f85264e2bb5a38890db1c7b5b4903394fcdbc5e85d83fa1a518316f227dc691e6ad5b9860095fc

    Download Submit

  • \Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
    Filesize

    671KB

    MD5

    25fb6dc1287f22197f1da1b6ef11d956

    SHA1

    7e0896afe3440972e9babcf0d2d1b8d3f946b513

    SHA256

    b63e7af60f2941afb8e5564bdc0423f50b792b13d3aa2c5abb5f5a92cd29d495

    SHA512

    1da4652cab0a09a9ce6d2e2a7647a5b86de2df64838179dcd2ca3a65411d716f41e9710dfe5ec8f97e6147d17eb15da47fb29b1dc318a3dd19d8cba9df9d6a86

    Download Submit

  • \Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
    Filesize

    3.0MB

    MD5

    81aab57e0ef37ddff02d0106ced6b91e

    SHA1

    6e3895b350ef1545902bd23e7162dfce4c64e029

    SHA256

    a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

    SHA512

    a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

    Download Submit

  • \Program Files (x86)\Butterfly on Desktop\unins000.exe
    Filesize

    553KB

    MD5

    357fe29ae0d5fca47586077566f0562c

    SHA1

    6a27ef93fba71dd74b50305d31600cfc6413e000

    SHA256

    84bb00ddfd2172463ed5bc442d51c7502441600b3806c1cbb855da7fb19aac00

    SHA512

    a9790c9c227116c8f95dcbc1766b13df1e4fb5d73762047c1cc2e0e04a5e6987cfddc4241c3009d2782ba79293add59df6364e864907a55639723f20f406023b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-TU1P6.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • memory/324-371-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/324-370-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/412-399-0x000007FEF55D0000-0x000007FEF667B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/412-397-0x000007FEFB510000-0x000007FEFB544000-memory.dmp

    Filesize

    208KB

    Download

  • memory/412-400-0x000007FEF48B0000-0x000007FEF49C2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/412-398-0x000007FEF69D0000-0x000007FEF6C84000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/412-396-0x000000013FBF0000-0x000000013FCE8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1076-18-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1076-55-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1076-21-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1076-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1076-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1076-9-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2364-56-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2364-8-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2364-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2496-372-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-91-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-89-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-378-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-368-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-367-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-312-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-51-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2496-73-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-90-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2496-172-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-401-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-402-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-403-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-404-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-405-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-406-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-407-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2496-408-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download