6b4fcb4657b4f1a4a3d9879cb4ce8589485d2aaf537aed16c36817206397333c

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/08/2024, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rift X Installer.exe
Size

4.8MB
MD5

5bdd85c1c08364f8394f810728205de4
SHA1

a187506a92f60d547714904dcfb71d79a39cde13
SHA256

6b4fcb4657b4f1a4a3d9879cb4ce8589485d2aaf537aed16c36817206397333c
SHA512

5795e82940e654d90e555276381bfe5dc0ba1f0b096a44c26160cb1d6e035b92ab93b1f6d980d134bd3e2b0b82fbbd38ad490fe9dbe97923f6ed3a1ba8936c14
SSDEEP

98304:qroSJ1qfx8dlqV4AOXPPQxuF9fWUCGzijJJZKwT29:qroSJ1aiqV4AOXPPQxuF9uUCnZKwy9

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2060	RiftX.exe

Loads dropped DLL 48 IoCs

pid	Process
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe
2060	RiftX.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Rift X Executor\Uninstall.$$A	Rift X Installer.exe
File created	C:\Program Files (x86)\Rift X Executor\RiftX.$$A	Rift X Installer.exe
File created	C:\Program Files (x86)\Rift X Executor\Scripts\iy.$$A	Rift X Installer.exe
File created	C:\Program Files (x86)\Rift X Executor\Fonts\Montserrat-Regular.$$A	Rift X Installer.exe
File opened for modification	C:\Program Files (x86)\Rift X Executor\Uninstall.exe	Rift X Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RiftX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rift X Installer.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RiftX.exe = "11001"	RiftX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RiftX.vhost.exe = "11001"	RiftX.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2060	RiftX.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2060	RiftX.exe

C:\Users\Admin\AppData\Local\Temp\Rift X Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Rift X Installer.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3216

C:\Program Files (x86)\Rift X Executor\RiftX.exe
"C:\Program Files (x86)\Rift X Executor\RiftX.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Rift X Executor\RiftX.exe

Filesize
16.1MB

MD5
10c0592c27ccacdad2da840c5a55396e

SHA1
fb2be6110579b2c29ad44a23d99bd12ea645c627

SHA256
6545f3ce1ad4721c114f671f6730cd4fc40162babd3a2f69afbf7522599da0c0

SHA512
39780e0ff020dab1e034d2117eb9697da80270792576d5741073a2f0deb7fba73ca8cda3a31265d50d565cca424cee3436014e533345c41e11b36dba5aa60e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\GetKillProcess.mfx

Filesize
360KB

MD5
099360222ca4f2631a039e99f2d620e5

SHA1
64437db0fea66b57e4fb5b746463db86c46a746f

SHA256
4ef8833efd0447806acf51f6609b30bbf4f946b47c300992408fa9a06ec24b10

SHA512
dfb59385b6c9b1f0d04ef8d079854c9f8bdf36dba43678053e5dc37de8b138ccd174eefb86a8954cc103b4c52dc54402699944b0e3b361b5f8256c734aa0c5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\InternetConnectionOperations.mfx

Filesize
115KB

MD5
715f47554c73bb77ff0e463592462cef

SHA1
75671893da8c786d4fc34ae122fb3754c92f85ff

SHA256
32a6843b7a32e69aa2cc0decae3b7ea322bb20a7d9834573141030f87d8c54e2

SHA512
ee216a470e3968db41ab1b4d1e6e92237d2229cb3ce746da646d0ba7852e3cf81da24c80d911261a3f9d7b54e5d7a9c3a36b9ca8fcb008ff2f247230e00d1c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\KcBoxA.mfx

Filesize
44KB

MD5
08ac00f4d05e68d8b5ab6870bf1f076e

SHA1
b8eb503bf860df5938df5cd59cea47392d129217

SHA256
1cae93696ec030be6317a338c3c8bc4274a53632c03ca60aab0bee59d361a380

SHA512
1da050749fb1e8f2917e550a86933b9f69cf4e972f1a166d0c24a2c9e1307fbad88aad36e7f1082d481c116f36e8e2b3327d630c136f02f6f465835fbd76db2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\KcButton.mfx

Filesize
40KB

MD5
b848bbf535366b6053f7bc8ab87fc5e0

SHA1
19d8a51062201531ff58c898925e53490c22213e

SHA256
94cea0df9febe19fc2e1a905bd7df0bdab63797a42a7006f14bc8838003e5a45

SHA512
cc6df5fb9ef537a255faefb890ffd07556bffec5abd6a914afeb004b77dede2db21dce1179a36b8641e7150e8c466345a58288835722639c1fbb7e5665122543

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\ProgressBar.mfx

Filesize
25KB

MD5
f41343b0b41066d01c2bf5c3cd925682

SHA1
0fcc264778eb89648f1259b772c4a4ed6771a6f9

SHA256
a33dad51bdbc04a76f69944eeeb3415f3d2c5a9dda229ac0caeb0e165c651088

SHA512
2223ec0e5e3e378d3cf31e641ddae7fbc797b13c4e1bb5f0febf7cd7fe9623c8382cb2b6ddf23d4209efc5610af652783e1a6d18430c4e360f7aa1e27cfdd06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\RunInConsole.mfx

Filesize
113KB

MD5
e31137fadc4e75bacab2258a5d295a2d

SHA1
c9b75af685b6fd724b5059b9666888f0985d4d08

SHA256
e4e2e4a9a6dbfa7ac537ae39c8b43040b752d90d409bc1c1d09c03d8e195bcd0

SHA512
8eceb18350e086b08f6c5e2d61df8f3135a37b640c797ece1499e9536621d4656b608470c34bc05c58e3e7e379182431733508e71c5d5259e6921350406e1ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\TaskbarInfo.mfx

Filesize
116KB

MD5
43b51be2d43a8e7ce0077fd727a1d25b

SHA1
5e26bc1dd5656c865281c3b9c8516bd141f5f78b

SHA256
2b3ff300e2b2b6b8f56337c9807b9b07a19ca1a50b6635f377a3f71726d66caf

SHA512
3455c094c6329c4a4628aae70600884995353f2782ee78df499fa3e0b88973068eadbf1405e447c539ef595159bbcbc47996da7aafde52685a99a9517b94e1ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\WebView2.mfx

Filesize
395KB

MD5
8f01337f9824a07bec33108ce442904a

SHA1
7efbc6e2e3ee9b4ebff1fdccc001037d913858eb

SHA256
82d4b45d2efa0119c1f7aadecbe73080252e2e989df2c2e9bf1f82e1ee3a12c2

SHA512
dc9d77b061198749fdbe0104a78227582d79c9592db5cf1150366a59d3ce332c4c6a8551c4edb08edaa29aa70ef73d36232fec458336a41edf1a9578c8dac0fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\WndTransp.mfx

Filesize
65KB

MD5
6f93111ce72225daab2bcdceee48d204

SHA1
1a5156f6e00b47dd4197c933092578aef49a66de

SHA256
e8a1af555a3d39b1cb0c6bf6511158d4fd48a1e4e2dac60a6f54af4b486f60a1

SHA512
44549a2f29c9b4cb217065cc4f670afe84691fcc9d0bb4898cd8caa408256015b1abc1c29b6ce4083207e56f339f0843757ae07d01e2a2bb945b6ddaa4c8d3f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\aviflt.ift

Filesize
24KB

MD5
97b3b613ed1f994389b1a963b6e781c9

SHA1
13b38afdfd6ea283a2012bb8e5c652e13175440c

SHA256
cb5f43c24df39973b983b7fda4abcef60f425061d880c7dd9514b501b84790f8

SHA512
97cb23d76d926fe03573c127862b738217f91b0cb61517df7514597fdc50844ccb3d4f799b9a8b23b8da37a2b802ee2bd1e56b5e9fdb699bc3d511868ffd417c

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\battery.mfx

Filesize
17KB

MD5
347d6293eefd33868b5b00637c3ae440

SHA1
0bd7a0fce2ad9e6f31cb4aba5de95e1473a26c31

SHA256
630c6b0bae5dd59736cdb718a142d1105390510918d8333e96e3cce48f7abc94

SHA512
8a0e9cfeceaf0b44b578dd95a198778de07fa06925f3d010887bd22589dbad3e23a32ef0d43b4a2e7ce897e58c8f579c780206c2f463388e69091210a34cf329

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\bmpflt.ift

Filesize
24KB

MD5
a73a9c8e91ef95cf4eabadf8f7334abf

SHA1
763195d19f5467c593ab638dbdd0a0277a3048f3

SHA256
02d03c4847e34c9029cca452e37ada5ef40167406d4474a9393e11aace024c3d

SHA512
cb5f451d8e637d466fec2dde865d5daac5a15ea44b6e2ce0506070c123ffad506f5f9739a9ea440f01c8f331cc9d42802cc14f82e1252ac667fa7318bcdf3acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fcKernel.mfx

Filesize
28KB

MD5
5bb15ebdb266b6c45cd2b410ad2f718d

SHA1
495299087d79291d96f2658a3e605fbf04649522

SHA256
0121679c56e4183d80dac5f79b4eadd4bb84aecad185ba99719fa268348eb161

SHA512
446b67ed31f99b29b0608d3aefde0b98a748d92cbdb1d58291653c89f1ed121ecd7538c2d1bd199fc529089340deca66b505514f818b9d042c6c30e8fa1c787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fcMsgBox.mfx

Filesize
63KB

MD5
99b871a03fc7a3e55f965c35670398ac

SHA1
d9c058fa6414aeef5c8aba262df8803335c7dffd

SHA256
a7078267ff7d905b45ed5496a03a14ca6b7f50f17f7a23c5e6e12dd2e7920bf2

SHA512
ca374f25b570aa2f53d4247fb411700163b9ecbaf332f06388d4fdfcafb4c65f9612ea39b7c1a5d39d0146d1a6111c3257f88e88ef20711188b5fdbf16b73ce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fliflt.ift

Filesize
28KB

MD5
91b37f29180a7bcca82dd4682d677b3d

SHA1
bca27cb7ddb271e6649f264777e04970f5ad1276

SHA256
4b651eaa60da09038984a9b7027826941f61f6da58d3f57d11349c8c1896a6d4

SHA512
2fb10952f2671e6a42a9748279aa94e9ce9b307d57d562f9ebbaaa88e27ca96eda36a5fa209df0f791adab7e8d896916b30330ba759b9278cac4bff43600d6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\fontembed.mfx

Filesize
15KB

MD5
f38352c344bd71eb21a78a1b69dcade8

SHA1
eca1053fa4ce77f96752f400d4ffac8f2f158d15

SHA256
38b5dba1524e47ff474d29bb0fb3d7b0476e554cdb82f2de09c4a761ab5645b1

SHA512
70134d7e2d4c589fc3ca5c52e005852d07e6b3cce91db00d32bf121611480601d007ead98c3e2febfdd1ca03a0c723fa46e9b73c0f497b315a6cdcb9f15afd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\gifflt.ift

Filesize
28KB

MD5
9a1a0b8e7045c06c47abeb52d861c377

SHA1
6a1c36eb8354f62d5eab6d7c62316fd7d0e1aa92

SHA256
8fadc250c2afc00b0430c5df576cfd2d444367ad928027334c5d03829241cf92

SHA512
918a672f82be50a42c237eeb361b971c724a1d7b11cab183dfd5125bdb7663cae588fa92b142dc99a88407a133bbe58bd7bc0c5c60d93287c470375fc094f079

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\jpgflt.ift

Filesize
96KB

MD5
ba4a1f5006fc3fc33f30e82a964cd7b3

SHA1
8099283e645b6ef523757afdf552da3dc9b72924

SHA256
5bcaaff4c698581603d4165308260412b38ac6cf708486b53bda3bc76241098d

SHA512
8eaa1bae465a0ddd498372fcc9bd9c2b3bd9ba861abcc9158a0e3b8cf14f2a6fc8aae8fb129f96ea090c023247dec56524b2f42fa25239c08145dbe7c664a11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcanim.mfx

Filesize
28KB

MD5
913cfd77a201854385bd6df283d2e594

SHA1
e9bc389b1bf741e4b928806812cb4831415406fc

SHA256
98fccdcd1bfe5f3b621d7472904df2e43f0f933ad13133ac0158702b2d98f079

SHA512
2886b734d56ad4ace8eaa746ba62686f7164ab776a8883b1e4de02c67f806110cf7f1698a3bb61e2e4f2d1027657970e6da54074519c4421de81af43506f0b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcedit.mfx

Filesize
32KB

MD5
62f67209e7995da3f14f4b697235a99b

SHA1
158248b41de5449ef647a2caeda431dc544aa59d

SHA256
1fb56c1a5fb313c8c51fead10472566328c9260aacc72aa8dde8d345acf53203

SHA512
3857939c51b5045030df233393597b9b56a0534a2ea570d748a002b19b0b20de16b0d5181cf9eb6180d24b4de0a159e21275d12bdc7673a3f891ce155db42325

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcfile.mfx

Filesize
116KB

MD5
fe2b4c6a45ce244f1c40f730008465c9

SHA1
9dfd41a915c19a4520a3024e9133e9a24e61779f

SHA256
7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b

SHA512
caf9e1bba2a5560b73c47d116f0f0f016a88f54e5397499fcd5b8a648bf676b93eb255a32fe7f71f0462b481737eba2d01cb9e790b75897c44ea741d73867b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcmouse.mfx

Filesize
7KB

MD5
a3b924e8747962ba4d6f81bf31da0d2a

SHA1
2c4fcabbb62cb08c6931fefdffc9d3549fc65df0

SHA256
8d4440a3b4d2fddd45f90007e08a23c5ada0e1c715d0c59f4532305008e4366c

SHA512
11134d818446607c52edfed5b29c1a922fe90b594b15e36f3df9fda04b4fb8a713c3120e6f643d327a3f29b211a6b15a8d40389b69fb6302db3defcfe5328be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\kcwctrl.mfx

Filesize
79KB

MD5
2c34e977f898ab60eddb72075c4be223

SHA1
adf883dd06e5ae340a03e6c22a56a4c0caf909ea

SHA256
a0ada42e3a4760097c1c2f98905f12b19de47159543aa21e1c604dbcac7337f2

SHA512
73402857d09e5a0e8049bb7adf3bbfdfc9ac65966217751cbf6db2bf532aa3f92ffc3a1a5dcda638e83d6ede29ebe6e760cbad74d27aa6fa006c9296607d3c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\mmf2d3d11.dll

Filesize
548KB

MD5
07163378491db6156398fc8e6582564d

SHA1
6c702d8501431d38e8d392093795444a3900b004

SHA256
2aeca2207c6dabb6fc70f164f3d6188ed76f7786344654592ecef1752528ed13

SHA512
296a0d861450a9c1e6724a6c03be38940dcad202a0a10002eae744d2c532a087e7c37c6088a3281fcd83ac197a0af4105a3c3157ee2527106d586be5993248b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\mmf2d3d9.dll

Filesize
1.1MB

MD5
72bb9180f8905c0da95566b778cdac5e

SHA1
e96145e8120514092b35f67f1f120b958997f921

SHA256
3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

SHA512
c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\mmfs2.dll

Filesize
510KB

MD5
1e0e5acec2f2d3567c40491e39aa8f50

SHA1
101ec3bbd32c005b12b38c0f7988faa9329a019f

SHA256
6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

SHA512
80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\pcxflt.ift

Filesize
24KB

MD5
56f80b514fa7cc1dd7fb24ef195c30eb

SHA1
e61d7dcbbb623219c625bc67ed0f382f26308600

SHA256
c9e1db8689c11a87f9ab30ebc705eeccc0fbd909ca493a6f589d6a9a5c2a1b15

SHA512
f391e04bd3e67317b3bb1f9541c94782d14e8b8287f5fd3e2f753688d85cc38bf5164c8faa5dc85b8c44a480f81462a4ddc16aafe64313601d21a608b546e721

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\pngflt.ift

Filesize
288KB

MD5
d57365ca275388910be7b09d95ee65b9

SHA1
477e9afa81c0ba97323be56d15ade8fb17c45d78

SHA256
df948630fdb53ddad68d66994f5d2b18a67df32478b6b8b3720c28f40bde7b1f

SHA512
b6a7266c47245cdd5ccc1e4c1b490a22996cac3db53500405354d1a5892896f66aba255ff725808770489a199626a844a86cb80e081a47ed27671bd82ca1cfbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\strgenobj.mfx

Filesize
84KB

MD5
fe5ed0a1d6d02d64648456ce10e0017f

SHA1
a232636a92d9ea6d96a0838c6e077a0b7dcd1098

SHA256
c5cfdc511e9c924a8ee4d933ae42820c291f7f858fef8b24b0ca1ab1727f4f5e

SHA512
86c9818565366016754e1d2690bd476aa8ca77d5586a29c7e8844e5006941a20053ad45dc84c7a0bbf1ac00acef313961fdc001b49d7328a0a1e8e75e5b2091e

Download Submit
C:\Users\Admin\AppData\Local\Temp\877ef49a-cb84-499e-9377-620444df47cd.FusionApp\tgaflt.ift

Filesize
24KB

MD5
00a5f50c4a0f8a2c8704fb0640dfcfb6

SHA1
960ff3909de1395de49bd9f36600b989851591ea

SHA256
756725f247592504d42c67257c3957e972ee490af06f12b00467b389e0ee6bbc

SHA512
2be74193a33f1b70f39be9a5565326d425ce02b6eb98b783f8749a209b95fdcbe8724c38c9dbd33e4a12b40756c5ad9177e557f62748b52be2cd7c4bc344b577

Download Submit
memory/2060-77-0x00000000016C0000-0x00000000016D9000-memory.dmp

Filesize
100KB

Download
memory/2060-111-0x0000000002F60000-0x0000000002F75000-memory.dmp

Filesize
84KB

Download
memory/2060-133-0x0000000003000000-0x0000000003060000-memory.dmp

Filesize
384KB

Download
memory/2060-146-0x00000000030A0000-0x00000000030C2000-memory.dmp

Filesize
136KB

Download
memory/2060-104-0x0000000002F10000-0x0000000002F33000-memory.dmp

Filesize
140KB

Download
memory/2060-67-0x0000000001670000-0x0000000001691000-memory.dmp

Filesize
132KB

Download
memory/2060-181-0x0000000003240000-0x0000000003258000-memory.dmp

Filesize
96KB

Download