rms | 02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c

Analysis

max time kernel
180s
max time network
190s
platform
windows7_x64
resource
win7-20220414-en
submitted
28-05-2022 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe
Size

17.8MB
MD5

718d25363e1de0a0d97821ca14c9458f
SHA1

ac1ab30c7cc553727797afdcc71f9b298329e9ef
SHA256

02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c
SHA512

98ee2664623585dc2c751403b23481d112a3c7b357754fcfdb15e0ba6c5a9f5c7e352e8e6d8a79f7b6ae10da817f0d29eed6de7e7479f3b26468857615cef5cf

Score

10^/10

rms rat trojan

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms

Executes dropped EXE 4 IoCs

pid	Process
2028	rfusclient.exe
1968	rutserv.exe
1412	rutserv.exe
1880	rfusclient.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation	rfusclient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation	rfusclient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation	rutserv.exe

Loads dropped DLL 9 IoCs

pid	Process
968	02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe
2028	rfusclient.exe
2028	rfusclient.exe
2028	rfusclient.exe
2028	rfusclient.exe
1968	rutserv.exe
1968	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2028	rfusclient.exe
2028	rfusclient.exe
1968	rutserv.exe
1968	rutserv.exe
1968	rutserv.exe
1968	rutserv.exe
1968	rutserv.exe
1968	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe
1880	rfusclient.exe
1880	rfusclient.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1968	rutserv.exe
Token: SeTakeOwnershipPrivilege	1412	rutserv.exe
Token: SeTcbPrivilege	1412	rutserv.exe
Token: SeTcbPrivilege	1412	rutserv.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1880	rfusclient.exe
1880	rfusclient.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1880	rfusclient.exe
1880	rfusclient.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1968	rutserv.exe
1968	rutserv.exe
1968	rutserv.exe
1968	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe
1412	rutserv.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 2028	968	02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe	27
PID 968 wrote to memory of 2028	968	02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe	27
PID 968 wrote to memory of 2028	968	02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe	27
PID 968 wrote to memory of 2028	968	02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe	27
PID 2028 wrote to memory of 1968	2028	rfusclient.exe	28
PID 2028 wrote to memory of 1968	2028	rfusclient.exe	28
PID 2028 wrote to memory of 1968	2028	rfusclient.exe	28
PID 2028 wrote to memory of 1968	2028	rfusclient.exe	28
PID 1412 wrote to memory of 1880	1412	rutserv.exe	30
PID 1412 wrote to memory of 1880	1412	rutserv.exe	30
PID 1412 wrote to memory of 1880	1412	rutserv.exe	30
PID 1412 wrote to memory of 1880	1412	rutserv.exe	30

C:\Users\Admin\AppData\Local\Temp\02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe
"C:\Users\Admin\AppData\Local\Temp\02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:968
- C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe
  "C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe" -run_agent
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe
    "C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe" -run_agent
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1968
  - - C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe
      "C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe" -run_agent -second
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1412
    - - C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe
        
        "C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe" /tray /user
        5⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\English.lg

Filesize
59KB

MD5
3ae9b907af2f75f7cc86a048d3c624b4

SHA1
ce53d6f72f96ce89f0ab13159821e9b585945542

SHA256
336827a859f935804ff33cda0c88519cd54e4a57fc777a60ce3a9e1225ad957f

SHA512
77290a58acd521d329eb313877141f092c3bdcd7efd503c4021fd8c3fc20aaad98e20a66fc277428c7f6ffeef7f022591a2bcd209d760465c2361885693d9268

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\Russian.lg

Filesize
65KB

MD5
2645440c71f354c5f051ed52a32e0b63

SHA1
b2a2a27362cdc7233c2e46b189a384cebf8d3dae

SHA256
bbf21f05c24ecde99fb25bcbcc1391e747602197ddaa8713e198470dd7b18c6b

SHA512
3203bcc10290998923f0ad792a63a381352ae3c11ebd64bb17a3984b6fd2f8cb6afb2562664988ad951283ea39a2d85e50fd7b0e5d75ccdbe990c254c5d01fa2

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\branding.ini

Filesize
452B

MD5
98a2c9944fc35b1e7c0366b03768a55c

SHA1
b7afd10377a769f2c715c81a001b1ffa4d648918

SHA256
907fe2f231b31c0d8e73f2300c56c570fab253018e5e19737ca962f61d7df0e0

SHA512
ef4c70a7a70959f95d59bd7f506df17f5f6a7e023aef6f65d442b574c29fc744f833cacc2ec6958ef73d0ad959be29a11af9a772c7f91f3e8e30b25328fcb028

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\eventmsg.dll

Filesize
51KB

MD5
4e84df6558c385bc781cddea34c9fba3

SHA1
6d63d87c19c11bdbfa484a5835ffffd7647296c8

SHA256
0526073f28a3b5999528bfa0e680d668922499124f783f02c52a3b25c367ef6d

SHA512
c35da0744568bfffeff09e6590d059e91e5d380c5feb3a0fbc5b19477ceca007a882884a7033345ce408fce1deac5248ad9b046656478d734fe494b787f8a9f2

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\libeay32.dll

Filesize
1.3MB

MD5
f8fbc228c3139532971f66881262b940

SHA1
f1655c3b836c764fdc0bb07661c3ef70a9f51318

SHA256
e2fad24a7cdbf526d25be68a83a213c05efba1a499bffed5d5a4ade50513c604

SHA512
cc036991f454255010fd1618feba34e3a1e23a941fa2aa6f76046faaddf6531918cb3e982bfac3db2ea1c1a1182994d4acfc8c15d6b4d58fdd4f7ea989bbb673

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\logo.png

Filesize
30KB

MD5
12998106fc95f7d72907048fa514670f

SHA1
706a11703636e961bf151ae1604b4d714b0122b4

SHA256
8cef886e58e6f221bb166d30a297462e94f493d28647cd3001353028a082b515

SHA512
60daa7f8250a0a7b38e6100769687af7824291644948935fe03973ca0b1a2976be01a970d8cb13592ee5b670b736523e9f2ab2b27ba8adcfdcca016a549e944b

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe

Filesize
11.1MB

MD5
4816ebf955dc865ae3ef1a9a43f629d9

SHA1
81708d22afd00b413151bd4182f56eb0ad320e1c

SHA256
cacbf5477b51ad42c769250bf7ee2c7af5a9113f73264704fc6459a7c996d016

SHA512
e17051a06063d96c045cd8e0496a249ad6905281a54ce17e4480d7c25955e554b9a84cf6247477b97fc5377a3aa6b2069018985525a74632487e3222460b78ee

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe

Filesize
11.1MB

MD5
4816ebf955dc865ae3ef1a9a43f629d9

SHA1
81708d22afd00b413151bd4182f56eb0ad320e1c

SHA256
cacbf5477b51ad42c769250bf7ee2c7af5a9113f73264704fc6459a7c996d016

SHA512
e17051a06063d96c045cd8e0496a249ad6905281a54ce17e4480d7c25955e554b9a84cf6247477b97fc5377a3aa6b2069018985525a74632487e3222460b78ee

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe

Filesize
11.1MB

MD5
4816ebf955dc865ae3ef1a9a43f629d9

SHA1
81708d22afd00b413151bd4182f56eb0ad320e1c

SHA256
cacbf5477b51ad42c769250bf7ee2c7af5a9113f73264704fc6459a7c996d016

SHA512
e17051a06063d96c045cd8e0496a249ad6905281a54ce17e4480d7c25955e554b9a84cf6247477b97fc5377a3aa6b2069018985525a74632487e3222460b78ee

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe

Filesize
18.0MB

MD5
2506ee405ea25bc4822d463a4ec637e1

SHA1
6e6d335f090360c3101336b2360a341d89400edf

SHA256
517c1d47baa31c63b8263cc535675d4d4540c8682a108b3e5673f260fcc82bf1

SHA512
99f7997b689c720311d470692a7d212cd81e63e51d2d4c0680325743191ac571956946e6f554fb75fae1c8443b12180ca63f01c6b8839907a99a60df3f710aab

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe

Filesize
18.0MB

MD5
2506ee405ea25bc4822d463a4ec637e1

SHA1
6e6d335f090360c3101336b2360a341d89400edf

SHA256
517c1d47baa31c63b8263cc535675d4d4540c8682a108b3e5673f260fcc82bf1

SHA512
99f7997b689c720311d470692a7d212cd81e63e51d2d4c0680325743191ac571956946e6f554fb75fae1c8443b12180ca63f01c6b8839907a99a60df3f710aab

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe

Filesize
18.0MB

MD5
2506ee405ea25bc4822d463a4ec637e1

SHA1
6e6d335f090360c3101336b2360a341d89400edf

SHA256
517c1d47baa31c63b8263cc535675d4d4540c8682a108b3e5673f260fcc82bf1

SHA512
99f7997b689c720311d470692a7d212cd81e63e51d2d4c0680325743191ac571956946e6f554fb75fae1c8443b12180ca63f01c6b8839907a99a60df3f710aab

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\settings.dat

Filesize
5KB

MD5
54a7b56ee41314c5eee2bc24628db013

SHA1
54122e6ecbc480c5c4a53aebc36b0d40f98891c5

SHA256
b115bce6ef29859bf2279cd6e4bd00b71736409bf5426fbb06de4939c30c5c1f

SHA512
8b3dae9db5242b1773f0a5b5a5bee5fd52a4de62956a930b23ffccc7197a7e2d02e55899f23481e8d202041b947f763cca26a65ef02d9d7d21df2ce7a4c9f243

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\ssleay32.dll

Filesize
336KB

MD5
fe8cda03e1df3c3a6dc8375263e790c3

SHA1
67955da301ef89cd0429074e403769721e7594be

SHA256
1295a0fd2b2605dee4dada91335a4010a29504be7ab014ea14fe0092fd2160fd

SHA512
0353e5314d553ed617ed286d01e981d3a9790d9f5c5fc391f84cb2be06922fe1d68a5d353dee0daabb6408c72ee65aec0d855c7c3a6fc6ca80567babf769bd1f

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\vp8decoder.dll

Filesize
379KB

MD5
e247666cdea63da5a95aebc135908207

SHA1
4642f6c3973c41b7d1c9a73111a26c2d7ac9c392

SHA256
b419ed0374e3789b4f83d4af601f796d958e366562a0aaea5d2f81e82abdcf33

SHA512
06da11e694d5229783cfb058dcd04d855a1d0758beeaa97bcd886702a1502d0bf542e7890aa8f2e401be36ccf70376b5c091a5d328bb1abe738bc0798ab98a54

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\vp8encoder.dll

Filesize
1.6MB

MD5
d5c2a6ac30e76b7c9b55adf1fe5c1e4a

SHA1
3d841eb48d1a32b511611d4b9e6eed71e2c373ee

SHA256
11c7004851e6e6624158990dc8abe3aa517bcab708364d469589ad0ca3dba428

SHA512
3c1c7fb535e779ac6c0d5aef2d4e9239f1c27136468738a0bd8587f91b99365a38808be31380be98fd74063d266654a6ac2c2e88861a3fe314a95f1296699e1d

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\webmmux.dll

Filesize
259KB

MD5
49c51ace274d7db13caa533880869a4a

SHA1
b539ed2f1a15e2d4e5c933611d736e0c317b8313

SHA256
1d6407d7c7ffd2642ea7f97c86100514e8e44f58ff522475cb42bcc43a1b172b

SHA512
13440009e2f63078dce466bf2fe54c60feb6cedeed6e9e6fc592189c50b0780543c936786b7051311089f39e9e3ccb67f705c54781c4cae6d3a8007998befbf6

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\webmvorbisdecoder.dll

Filesize
364KB

MD5
eda07083af5b6608cb5b7c305d787842

SHA1
d1703c23522d285a3ccdaf7ba2eb837d40608867

SHA256
c4683eb09d65d692ca347c0c21f72b086bd2faf733b13234f3a6b28444457d7d

SHA512
be5879621d544c4e2c4b0a5db3d93720623e89e841b2982c7f6c99ba58d30167e0dd591a12048ed045f19ec45877aa2ef631b301b903517effa17579c4b7c401

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\webmvorbisencoder.dll

Filesize
859KB

MD5
642dc7e57f0c962b9db4c8fb346bc5a7

SHA1
acee24383b846f7d12521228d69135e5704546f6

SHA256
63b4b5db4a96a8abec82b64034f482b433cd4168c960307ac5cc66d2fbf67ede

SHA512
fb163a0ce4e3ad0b0a337f5617a7bf59070df05cc433b6463384e8687af3edc197e447609a0d86fe25ba3ee2717fd470f2620a8fc3a2998a7c3b3a40530d0bae

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\libeay32.dll

Filesize
1.3MB

MD5
f8fbc228c3139532971f66881262b940

SHA1
f1655c3b836c764fdc0bb07661c3ef70a9f51318

SHA256
e2fad24a7cdbf526d25be68a83a213c05efba1a499bffed5d5a4ade50513c604

SHA512
cc036991f454255010fd1618feba34e3a1e23a941fa2aa6f76046faaddf6531918cb3e982bfac3db2ea1c1a1182994d4acfc8c15d6b4d58fdd4f7ea989bbb673

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\libeay32.dll

Filesize
1.3MB

MD5
f8fbc228c3139532971f66881262b940

SHA1
f1655c3b836c764fdc0bb07661c3ef70a9f51318

SHA256
e2fad24a7cdbf526d25be68a83a213c05efba1a499bffed5d5a4ade50513c604

SHA512
cc036991f454255010fd1618feba34e3a1e23a941fa2aa6f76046faaddf6531918cb3e982bfac3db2ea1c1a1182994d4acfc8c15d6b4d58fdd4f7ea989bbb673

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rfusclient.exe

Filesize
11.1MB

MD5
4816ebf955dc865ae3ef1a9a43f629d9

SHA1
81708d22afd00b413151bd4182f56eb0ad320e1c

SHA256
cacbf5477b51ad42c769250bf7ee2c7af5a9113f73264704fc6459a7c996d016

SHA512
e17051a06063d96c045cd8e0496a249ad6905281a54ce17e4480d7c25955e554b9a84cf6247477b97fc5377a3aa6b2069018985525a74632487e3222460b78ee

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe

Filesize
18.0MB

MD5
2506ee405ea25bc4822d463a4ec637e1

SHA1
6e6d335f090360c3101336b2360a341d89400edf

SHA256
517c1d47baa31c63b8263cc535675d4d4540c8682a108b3e5673f260fcc82bf1

SHA512
99f7997b689c720311d470692a7d212cd81e63e51d2d4c0680325743191ac571956946e6f554fb75fae1c8443b12180ca63f01c6b8839907a99a60df3f710aab

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe

Filesize
18.0MB

MD5
2506ee405ea25bc4822d463a4ec637e1

SHA1
6e6d335f090360c3101336b2360a341d89400edf

SHA256
517c1d47baa31c63b8263cc535675d4d4540c8682a108b3e5673f260fcc82bf1

SHA512
99f7997b689c720311d470692a7d212cd81e63e51d2d4c0680325743191ac571956946e6f554fb75fae1c8443b12180ca63f01c6b8839907a99a60df3f710aab

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe

Filesize
18.0MB

MD5
2506ee405ea25bc4822d463a4ec637e1

SHA1
6e6d335f090360c3101336b2360a341d89400edf

SHA256
517c1d47baa31c63b8263cc535675d4d4540c8682a108b3e5673f260fcc82bf1

SHA512
99f7997b689c720311d470692a7d212cd81e63e51d2d4c0680325743191ac571956946e6f554fb75fae1c8443b12180ca63f01c6b8839907a99a60df3f710aab

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\rutserv.exe

Filesize
18.0MB

MD5
2506ee405ea25bc4822d463a4ec637e1

SHA1
6e6d335f090360c3101336b2360a341d89400edf

SHA256
517c1d47baa31c63b8263cc535675d4d4540c8682a108b3e5673f260fcc82bf1

SHA512
99f7997b689c720311d470692a7d212cd81e63e51d2d4c0680325743191ac571956946e6f554fb75fae1c8443b12180ca63f01c6b8839907a99a60df3f710aab

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\ssleay32.dll

Filesize
336KB

MD5
fe8cda03e1df3c3a6dc8375263e790c3

SHA1
67955da301ef89cd0429074e403769721e7594be

SHA256
1295a0fd2b2605dee4dada91335a4010a29504be7ab014ea14fe0092fd2160fd

SHA512
0353e5314d553ed617ed286d01e981d3a9790d9f5c5fc391f84cb2be06922fe1d68a5d353dee0daabb6408c72ee65aec0d855c7c3a6fc6ca80567babf769bd1f

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\70003\B023FD26B4\ssleay32.dll

Filesize
336KB

MD5
fe8cda03e1df3c3a6dc8375263e790c3

SHA1
67955da301ef89cd0429074e403769721e7594be

SHA256
1295a0fd2b2605dee4dada91335a4010a29504be7ab014ea14fe0092fd2160fd

SHA512
0353e5314d553ed617ed286d01e981d3a9790d9f5c5fc391f84cb2be06922fe1d68a5d353dee0daabb6408c72ee65aec0d855c7c3a6fc6ca80567babf769bd1f

Download Submit
memory/968-54-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download