2d75bc310ccdfb81b7367a87d93b4539c1051512c294415ab8cd0e1b8c68792b

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BBA Launcher.exe
Size

168.1MB
MD5

69ba8c5f1933cbd68f4a53b3633d6ad4
SHA1

743128ea353a60d1db06eeacec9f4c38f9a78d73
SHA256

963c4e4a24bcb04da89c66c8b4c63469c7806556a48125ce5d17491f233c6c4f
SHA512

b37aa402fc099192f14c9fdf06a0d91014897ee8e499443305295edb5472faf932714fff0bfaf5e5de8265dd87ec3297609c91a5509ab1f96fa8ef6cb8e68f6b
SSDEEP

1572864:+QqT4eFUirK1e2zSQ5Rcw/N5cae/bHhrPdacyodvcPSBoHESUlyAzl/:4BKRcAMyAzB

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BBA Launcher.exeBBA Launcher.exeBBA Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	BBA Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	BBA Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	BBA Launcher.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

14 raw.githubusercontent.com
15 raw.githubusercontent.com
13 raw.githubusercontent.com
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

BBA Launcher.exe

pid process

948 BBA Launcher.exe
948 BBA Launcher.exe

flow	ioc
14	raw.githubusercontent.com
15	raw.githubusercontent.com
13	raw.githubusercontent.com

pid	process
948	BBA Launcher.exe
948	BBA Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BBA Launcher.exe

description	pid	process
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe
Token: SeShutdownPrivilege	948	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	948	BBA Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BBA Launcher.exe

description	pid	process	target process
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2708	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2620	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2620	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 3980	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 3980	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe
PID 948 wrote to memory of 2952	948	BBA Launcher.exe	BBA Launcher.exe

C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:948
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1700 --field-trial-handle=1704,i,1280664548030565070,9571313412121003569,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  PID:2708
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --mojo-platform-channel-handle=1888 --field-trial-handle=1704,i,1280664548030565070,9571313412121003569,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
  2⤵
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3020 --field-trial-handle=1704,i,1280664548030565070,9571313412121003569,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Checks computer location settings
  PID:3980
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1704,i,1280664548030565070,9571313412121003569,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Checks computer location settings
  PID:2952
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --mojo-platform-channel-handle=3424 --field-trial-handle=1704,i,1280664548030565070,9571313412121003569,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  PID:2172

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x50c
1⤵
PID:3396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\BBA Launcher\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
20112fa809d907e4eab11afda4342168

SHA1
5f32d18df268b42ec591a09b2cc87a4b57546939

SHA256
d29a510c7a999b0690f0e18f32a83c8540fcd7b17a1e6900fffb8ac3c53f8140

SHA512
0123a6f25c9096d66d50d4b14b855b8578b0164d95ce42f4698e2aef6c1adb7563c18a1d149c114b0135f7de85aab552db1b91c7d4452e0e247da3bbf72435f7

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ba56729dffe8652975ef2c40ce037d25

SHA1
af4c2e94521e2fed1763d530c6d99549ad278fc0

SHA256
26e6b8415902c46eedcab1c381280dfc11f15675068fea85661c11e3f96f7504

SHA512
27405a7f3f4dcaaa1125fae6030ff7a82aa694c043fe0025b1337d7960119ddecc4e0af44321cc9cbbe0a64d64fc96cb1e7f4023f708798f43db512c54387da8

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Network\Network Persistent State

Filesize
1KB

MD5
afffe355833b261ed82d2a8b8573c33b

SHA1
c1ed734c2ed20bb622735c72d58911f8fd8633ef

SHA256
fc1f834654b731fb61508274ce1a5bdefa47bb8e2b0894a8dddc23679c75063a

SHA512
4fe4faf5e7d31ce49b37a8d4003df91107ac1ceccd0219a9cbc17cff2b1908823ca1551af873d989973f0d99b7ef31d18634acb682403d5bcf04ddcc03f889bb

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Network\Network Persistent State~RFe58d433.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2952-85-0x00007FFF52060000-0x00007FFF52061000-memory.dmp

Filesize
4KB

Download
memory/2952-84-0x00007FFF529F0000-0x00007FFF529F1000-memory.dmp

Filesize
4KB

Download