Overview

overview

10

Static

static

7

FakturaPDF.exe

windows7-x64

7

FakturaPDF.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-08-2024 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FakturaPDF.exe

  • Size

    992KB

  • MD5

    3d1c6d7d8127b4bee872fdc3100efc98

  • SHA1

    119d54287ef32c14f1bb3fc3acc5671b5a912300

  • SHA256

    629463eeaf09ac3f51a7adf9c29d43b73f06bb92448243f6c9b8c7b9c1efbcd5

  • SHA512

    ed341fd75106d1ee2efc863dcc4f8ca2f1ef145314effbf2b9a186307751d9979d0fee1e5747d9fa4723f76dabf4f5241b49f226b3da943f30b6210d94bbd27a

  • SSDEEP

    12288:AZ/oDqUctQOtY1TOu55f2bWlikyQjf9+Kofx8JqyT4AYG0p+E+kr:AZoDqBcSu66NygVoFGGb+kr

Score
10/10
netsupportdiscoveryratupx

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FakturaPDF.exe
    "C:\Users\Admin\AppData\Local\Temp\FakturaPDF.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Windows\system32\cmd.exe
      "cmd" /C start https://sx.ytmv5.ru.com/Faktura.pdf
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5036
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sx.ytmv5.ru.com/Faktura.pdf
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1584
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff788146f8,0x7fff78814708,0x7fff78814718
          4⤵
            PID:4304
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
            4⤵
              PID:4964
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:216
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
              4⤵
                PID:2172
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                4⤵
                  PID:4940
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                  4⤵
                    PID:3140
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                    4⤵
                      PID:3168
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5100 /prefetch:6
                      4⤵
                        PID:4896
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
                        4⤵
                          PID:4536
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
                          4⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:456
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                          4⤵
                            PID:3708
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                            4⤵
                              PID:3612
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                              4⤵
                                PID:5224
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                                4⤵
                                  PID:5232
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,12490282326308633942,15630806376874430027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
                                  4⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5652
                            • C:\Users\Admin\AppData\Roaming\windows2\adobe.exe
                              "C:\Users\Admin\AppData\Roaming\windows2\adobe.exe"
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              PID:5860
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3996
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2900

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                eeaa8087eba2f63f31e599f6a7b46ef4

                                SHA1

                                f639519deee0766a39cfe258d2ac48e3a9d5ac03

                                SHA256

                                50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                                SHA512

                                eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                b9569e123772ae290f9bac07e0d31748

                                SHA1

                                5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                                SHA256

                                20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                                SHA512

                                cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                807419ca9a4734feaf8d8563a003b048

                                SHA1

                                a723c7d60a65886ffa068711f1e900ccc85922a6

                                SHA256

                                aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                SHA512

                                f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                a2e71c95db92009520e07002d3a58d84

                                SHA1

                                2f0b7e4936dc24f71e450b64c72844dd2eff4f4a

                                SHA256

                                863e096f50ebae080a52a404458d95df677835779f3677f7accc86240715ac78

                                SHA512

                                0897e24fbf5f93c79488c411593dbcb7d9dfd6853ee51574d2667b1441c53cd4c1484a46ab94de30de32874a0a3a645a12aedb3e91271ce378abbe0cd132f92d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                7122f7c1ef7bc1ebf58780acb40de77e

                                SHA1

                                61b54a4995035253eb2ca95054e9d844c25c3940

                                SHA256

                                255041ebd2ba39fa27b1d044046f45757544b16b750d5c0bb5cbed1d70ab01f2

                                SHA512

                                e478ab88df579e3a67e4495fcb08436bbc6ecfe3c2fd54cf92504d3ddb8fb8b5e26a169ec18aa72bc7e7d98bb6187a1f0a32fd4bbca1db8432b5b0a3e0cc1d3c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                bda71bc4d6d5b0181ae7c6c4c09a2179

                                SHA1

                                1137eeff3ede1ef11335a028c682a824b5ac210e

                                SHA256

                                4a251b638f099c63e7220d2d77c137c07328b1abf719395d1c1d81850b8094f4

                                SHA512

                                46f53543d830a875e788f69cb4d9484bbfb8be9a5bce9bcc9195b95d6e1a31d103983f61b58fc0491c639818d630dbdae93990edfb955ce15d9d82e128c0e6db

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\HTCTL32.DLL
                                Filesize

                                316KB

                                MD5

                                051cdb6ac8e168d178e35489b6da4c74

                                SHA1

                                38c171457d160f8a6f26baa668f5c302f6c29cd1

                                SHA256

                                6562585009f15155eea9a489e474cebc4dd2a01a26d846fdd1b93fdc24b0c269

                                SHA512

                                602ab9999f7164a2d1704f712d8a622d69148eefe9a380c30bc8b310eadedf846ce6ae7940317437d5da59404d141dc2d1e0c3f954ca4ac7ae3497e56fcb4e36

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\MSVCR100.dll
                                Filesize

                                755KB

                                MD5

                                0e37fbfa79d349d672456923ec5fbbe3

                                SHA1

                                4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

                                SHA256

                                8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

                                SHA512

                                2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\NSM.LIC
                                Filesize

                                261B

                                MD5

                                886e4bb84e1ecc4a04ae599d76fcce1d

                                SHA1

                                3f0493bb2088af50bcc8223462db0b207354e946

                                SHA256

                                5eeb014e3b390e0c85ce72988d422dcd9de1520566b11755c70bdd9bb7376060

                                SHA512

                                f4db9038a113c4b1e2462b3e0becef2500c9532a79c8187f51d011d690bc68c6d1a99585e43136cb082bd6a232136546db50265f226ff19e67d8430306a8761f

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\PCICAPI.dll
                                Filesize

                                106KB

                                MD5

                                67c53a770390e8c038060a1921c20da9

                                SHA1

                                49e63af91169c8ce7ef7de3d6a6fb9f8f739fa3a

                                SHA256

                                2dfdc169dfc27462adc98dde39306de8d0526dcf4577a1a486c2eef447300689

                                SHA512

                                201e07dbccd83480d6c4d8562e6d0a9e4c52ed12895f0b91d875c2bbcc50b3b1802e11e5e829c948be302bf98ebde7fb2a99476065d1709b3bdbcd5d59a1612d

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\PCICHEK.DLL
                                Filesize

                                14KB

                                MD5

                                3aabcd7c81425b3b9327a2bf643251c6

                                SHA1

                                ea841199baa7307280fc9e4688ac75e5624f2181

                                SHA256

                                0cff893b1e7716d09fb74b7a0313b78a09f3f48c586d31fc5f830bd72ce8331f

                                SHA512

                                97605b07be34948541462000345f1e8f9a9134d139448d4f331cefeeca6dad51c025fcab09d182b86e5a4a8e2f9412b3745ec86b514b0523497c821cb6b8c592

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\PCICL32.dll
                                Filesize

                                3.3MB

                                MD5

                                e7b92529ea10176fe35ba73fa4edef74

                                SHA1

                                fc5b325d433cde797f6ad0d8b1305d6fb16d4e34

                                SHA256

                                b6d4ad0231941e0637485ac5833e0fdc75db35289b54e70f3858b70d36d04c80

                                SHA512

                                fb3a70e87772c1fb386ad8def6c7bdf325b8d525355d4386102649eb2d61f09ce101fce37ccc1f44d5878e604e2e426d96618e836367ab460cae01f627833517

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\adobe.exe
                                Filesize

                                101KB

                                MD5

                                c4f1b50e3111d29774f7525039ff7086

                                SHA1

                                57539c95cba0986ec8df0fcdea433e7c71b724c6

                                SHA256

                                18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d

                                SHA512

                                005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\windows2\client32.ini
                                Filesize

                                712B

                                MD5

                                14f8e0f5b04cf17366770cdaed40f420

                                SHA1

                                7362897e7d48934971dead1f0ae70f9db328017d

                                SHA256

                                248a22716a2b9555cd21cbe12506887db59f2a30441a1eae8781a31febbe710b

                                SHA512

                                6284b884a9c8892d50f161d9ffb80a51e26f71db90ff1c386d75a60b38d38e9e1151f864c45f8248f3e3acee666765c0b63a035ab9c19d884e00176f4e12f5ab

                                Download Submit

                              • memory/2700-76-0x00007FF649FD0000-0x00007FF64A224000-memory.dmp

                                Filesize

                                2.3MB

                                Download

                              • memory/2700-0-0x00007FF649FD0000-0x00007FF64A224000-memory.dmp

                                Filesize

                                2.3MB

                                Download

                              • memory/2700-56-0x00007FF649FD0000-0x00007FF64A224000-memory.dmp

                                Filesize

                                2.3MB

                                Download

                              • memory/2700-114-0x00007FF649FD0000-0x00007FF64A224000-memory.dmp

                                Filesize

                                2.3MB

                                Download