3de5f8732ba0959ba80909ca24344d6a58cded1792210b146c9d416c524b5371

Analysis

max time kernel
242s
max time network
255s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SmartAssembly.exe
Size

4.8MB
MD5

772cf222a9183d529f0f8d33d35d079a
SHA1

0fce1ebb7254b5118d73a268863d7e312b203546
SHA256

c85a61c4ea4526afdb7ff61344c5266d3d8a65df80e5c437e0460e902651e71d
SHA512

d2dc77692ebe611f27960ef9de6d3f5268eaf4e646d61f4da910092d53d35f70d8e10793fc78802e5855a72f635727c1e6bdfaa348ee179924e8ae74b9eef3e5
SSDEEP

98304:N48aPAB2z0XEg8JyLbLJBbRq5PHmbTUl2LA6T+WMJ14e+9Cr3l6/:e4ZXTL/J9Rq5/oLbTps14eAOl6

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4252	redgate.installerwizard.ui.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\V:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\W:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\X:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\B:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\E:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\M:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\N:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\Z:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\I:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\T:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\O:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\P:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\Q:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\Y:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\A:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\G:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\H:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\L:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\U:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\F:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\J:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\K:	redgate.installerwizard.ui.exe
File opened (read-only)	\??\S:	redgate.installerwizard.ui.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	SmartAssembly.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	SmartAssembly.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2776	msiexec.exe
Token: SeCreateTokenPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeAssignPrimaryTokenPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeLockMemoryPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeIncreaseQuotaPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeMachineAccountPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeTcbPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeSecurityPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeTakeOwnershipPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeLoadDriverPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeSystemProfilePrivilege	4252	redgate.installerwizard.ui.exe
Token: SeSystemtimePrivilege	4252	redgate.installerwizard.ui.exe
Token: SeProfSingleProcessPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeIncBasePriorityPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeCreatePagefilePrivilege	4252	redgate.installerwizard.ui.exe
Token: SeCreatePermanentPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeBackupPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeRestorePrivilege	4252	redgate.installerwizard.ui.exe
Token: SeShutdownPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeDebugPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeAuditPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeSystemEnvironmentPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeChangeNotifyPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeRemoteShutdownPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeUndockPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeSyncAgentPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeEnableDelegationPrivilege	4252	redgate.installerwizard.ui.exe
Token: SeManageVolumePrivilege	4252	redgate.installerwizard.ui.exe
Token: SeImpersonatePrivilege	4252	redgate.installerwizard.ui.exe
Token: SeCreateGlobalPrivilege	4252	redgate.installerwizard.ui.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
760	SmartAssembly.exe
760	SmartAssembly.exe
760	SmartAssembly.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 4252	760	SmartAssembly.exe	80
PID 760 wrote to memory of 4252	760	SmartAssembly.exe	80
PID 4252 wrote to memory of 4524	4252	redgate.installerwizard.ui.exe	83
PID 4252 wrote to memory of 4524	4252	redgate.installerwizard.ui.exe	83
PID 4524 wrote to memory of 2164	4524	csc.exe	85
PID 4524 wrote to memory of 2164	4524	csc.exe	85

C:\Users\Admin\AppData\Local\Temp\SmartAssembly.exe
"C:\Users\Admin\AppData\Local\Temp\SmartAssembly.exe"
1⤵
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:760
- C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\redgate.installerwizard.ui.exe
  "C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\redgate.installerwizard.ui.exe" RG_I="SmartAssembly 6.7.0"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4252
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
    "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\oo15e7nj.cmdline"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4524
  - - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
      C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6ED3.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC6ED2.tmp"
      4⤵
      PID:2164

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_657F086E05976DCDC616B9D59B4C0B1E

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5

Filesize
1KB

MD5
ebb46376adf0db170aaaf4016946555e

SHA1
8771259b395c9c0e09fac7d9761636fdc558d6f6

SHA256
8fa245758d279fb34e36f04531963d511b529d932d9a8504c7d101a88fd09520

SHA512
48b94935fa1d26733c9284112bb9b15388ec8178dd59fc0eb5cbcc5f8c8ade2b8c5f06d6a51086e8566c111c85e6970a99851dc73e92ebd9fc3f11aa7764e9b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_657F086E05976DCDC616B9D59B4C0B1E

Filesize
408B

MD5
25abee42885dbdcb7017fa453474042e

SHA1
370d5e1b119af3932fad6935a1f1b6d377bbe74f

SHA256
8a3ad1ded59d615e1232d65ee0d9ed8aa0643730e4b4a2fe1520c5c514ef8720

SHA512
6212f245e546a04560cba4cf5e6215fc48ec8dce90d834f51b3451a0b80a60c1ed1cda2d1b8cbcb9dba6bf8f3bf82d0cf8fe025c606661daf5f6661fe2d453e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5

Filesize
182B

MD5
6892f920ceb86c339e47800e76e93a5e

SHA1
1af263a6b5caaf1e2ca65c9a257fb0d7c12c326b

SHA256
03664a63f40de272261855e2f2daee9b9f06aa3b58ede8fcc07371f80b660f13

SHA512
87d43e50309d4af7d3b91f7fd2dae28bad918cbeda604db8b31cd1bd5fc1e0678f1381b4be59de684783611e9944db79cd890ba0f0f25a47eb4249c083e6e60f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC

Filesize
404B

MD5
66d27997a88ab44ecc8bbecdaeb3acab

SHA1
b0e85a04be74c769551b0b0d87d49105f26d2a02

SHA256
8bfb29b4390dccb26beb80299e5bd69df67326ce1a9f714c595245fea69858cd

SHA512
dd7f34887dafb977f06b040465e2b843fe64481e35edbf7d579abfddd3651430196b306744b052ddee8ca24137379699a5107bc643009211e7908d1b9dbfe899

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES6ED3.tmp

Filesize
1KB

MD5
b0f4bba76d0d6f1d040f0c44a28ed5a4

SHA1
5937073f89c2c703ded24672136baca140411400

SHA256
772432c5af3e3b0890586538c5659d3872937bacc0c67f654f42d59d67055725

SHA512
7397c780af5c429e04f799e09ab495901561db3cf140646a59843d5cd262341770333aaaeed1899761e2e62d236b6e1b103a5f878dd75e53ad7f6de2e6319ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\oo15e7nj.dll

Filesize
9KB

MD5
09d25878a56b6c111e3073d8a179c33a

SHA1
99f4b390dde976ba2e7467c65da2baf601035b9e

SHA256
fc81e678cec7a03a68281c27f7f7bba63b0487bf99cd62f13b1d926f6fc1b5ce

SHA512
eed8d90a567c5386050bf10f2378ed464bbc787c842b4ba804e2e0d33d07483383f92811245a12aeded636ad01e177824c0308575fe1d4c4416b43bce4c39a77

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\ProjectItems.xml

Filesize
293B

MD5
d3abf5657d06a1443f6546d330a09be7

SHA1
df32637f03cd960747a9f4583b00e62d1e4ce6ee

SHA256
44ab3b3a28b0abf61769a6cf2a22383fd7c8d62581b81b6e22e484a5400b13e7

SHA512
07fd1195a0cec05fec818767fd7a83d48114a4f9fd2ec126a8fa4e9a0e23582e510a161ca1cc2b17997d0011ef49d121a1a8847cecce13828ed78947cd3427c1

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\RedGate.CompressEngine.dll

Filesize
73KB

MD5
e41cde4e39029b744c09afd7d5603e5a

SHA1
c48b38dd8354802924d36ba87def4ae185d2f64c

SHA256
3cdd320b018d61468bc88e5addc862144354cfc82d9316da95220c9af14e0890

SHA512
40d660f17e81886b16ca57f0d9be45faa560ef57164738e328a650eeb540a87c975c28c12faa1c07d67444f9b2ac344c26aa69a0dab8d80fa527edbf695f1dc6

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\RedGate.InstallerWizard.Engine.dll

Filesize
237KB

MD5
89844a4628b604694dcf994f56f2b117

SHA1
a5770289abd701ee49bdf77855b6893534761d0d

SHA256
5e5cd397c9959dd76999b1ed7df80ff2708593ea80dc427c57b7732ce6d0ef83

SHA512
d9f41c8bb6529af683864368fcdda75274ecb826aa372a89194dfbad9b0d3b53a3c1d3c8125975b8aa844b5f561347048c1ac7f543c3e613e0d5160385024e08

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\SQLToolBeltInstaller.project

Filesize
437KB

MD5
389c8a8d1b6645c153defcbb2dbc64c8

SHA1
5d5d4f0db640606aa1b74ac035013eb462b5d4a3

SHA256
95e32c619a9f168cd23c44095c5876de7175f2d695758248d353f2ac8a47ec7a

SHA512
d54a5236ffb418b91ba04d0acc8355063d8d1b5363419cc116a7c158529b8438c938b2eb98bd53e1440b794d347cdc1ffd1c3f7517f10b7a230cc28d47d65e78

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\empty.msi

Filesize
9KB

MD5
2ab205e6e7f17b3d0888aeb3589d8fe2

SHA1
fa0e787ce24967ad382abc64f3989757d7718d13

SHA256
03cdb087506fa560ce8213abf66e8f4b486c96ddbf2a02b6c8ef29bea491b276

SHA512
d6b609f6b9aaa9721146d26f45306de17b03d4eb766a32886a355d4bcd1649175c84dac0220f84272a80de32bb47abd757878722187969bcfaccc6166704bebc

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\info.xml

Filesize
78B

MD5
4fedd1ca11f7a2f24645fec06b8523c1

SHA1
b6418a75dea30e3737d522f1fc8618ddccf21827

SHA256
65f37e5784811886eece4324af9b12b4926efdd59dd4adf5a79c09d514c23e6a

SHA512
8dcda563bb72c932aa61a3f3f2b9c611501a189bae3defd29298311dab1bb2a88f0c39aa1c604ba0c9ef4db845f7a937918360683e51e6de32fa141f11d9eabd

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\install.bin

Filesize
3.2MB

MD5
e7e2b7f2f949c1462b28ad69e046c7b3

SHA1
0a6888c3e03508cba9d2dac07e23a25a5e552c6d

SHA256
e0d8c72a91df5af1ab151ddc2461777b8765ab502ad6c54d73b21bc777ce32dd

SHA512
7b489261b79a829f51a7f785d42ce51e614fd96f66c88979671403de154873aa2ac367ffac3c48a9f9830c2f2b1701f149491a1d61ff5b048c42e8b157c3571e

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\redgate.installerwizard.ui.exe

Filesize
225KB

MD5
7eb6248ef3f7edc6017c4cf1371b71ed

SHA1
212a04694b27a8bf5d70462c4e8794f406eb0aa5

SHA256
e80d606e9a0637db7975bd978fb88db567219cec4ce29665040dde8f596e491f

SHA512
2f1b676f2e9f7446befccb41f12088b45b84707ac4ce217cc555b6498ca4b55292486c289b1e25873133ea8e268734870f43501cea6584821cba4b76821c0b8f

Download Submit
C:\{04FA72C5-87BE-4144-BFA3-33795D132217}\redgate.installerwizard.ui.exe

Filesize
225KB

MD5
7eb6248ef3f7edc6017c4cf1371b71ed

SHA1
212a04694b27a8bf5d70462c4e8794f406eb0aa5

SHA256
e80d606e9a0637db7975bd978fb88db567219cec4ce29665040dde8f596e491f

SHA512
2f1b676f2e9f7446befccb41f12088b45b84707ac4ce217cc555b6498ca4b55292486c289b1e25873133ea8e268734870f43501cea6584821cba4b76821c0b8f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC6ED2.tmp

Filesize
664B

MD5
393c0d39bd627642ca980ccf89c87ab0

SHA1
9e5a3f2991801679fce16bd8169449638f0f558e

SHA256
af0085147b3245ad0072a720ce339551ec22eed7b75b9410e0d5e32f60d0854b

SHA512
003fd9771c2e3da93274f14d5d416c891c1c18d124c5a3e5cb1fd1c31698c20b7f9de77e851e14df71587fb687d55698d80ab815f99f4aed680964a8f2c2b4e6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\oo15e7nj.0.cs

Filesize
15KB

MD5
5bec0c4530751cdd44df42c719fa2c5e

SHA1
eac3058aa0cfa4639026e926f72d02edf07ac2cd

SHA256
8fb42b36ccbd6b05586b0e924a6b4df73d291f4cd3936b97fb743f36fc5cc903

SHA512
3fa67e1a4b601487930a3fc26482c88ab2be1686362d3e8ae9baa76771803e6c096af3191c85e186b75b5b0bbf63660e3275e1f2ac6e099f9370ded30676bcce

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\oo15e7nj.cmdline

Filesize
431B

MD5
7dfdf46492a4011107718dc970a83032

SHA1
008892a074fa0446e250d75e188f731495b48115

SHA256
3cf8ae00495eb804a76763bdb61a818bf7510eb91ae3477cd9d0e304546bbd6b

SHA512
ee724637a27624cde27d288ba6b80ebfc3a4b8af766e8b399c412b677ad669b2ac7356d327b9b29279365951aeaae7499ba5389ce689a1879c06ec7ac64c76aa

Download Submit
memory/4252-142-0x00007FF8A8640000-0x00007FF8A9076000-memory.dmp

Filesize
10.2MB

Download