Overview

overview

10

Static

static

3

Lee Text Tools.exe

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    63s
  • max time network
    69s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-11-2024 01:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lee Text Tools.exe

  • Size

    935KB

  • MD5

    45c16f2c3c9f43bfaf3f4bbed777773a

  • SHA1

    9b4e4b6a6a79a3a668f63803d2a4d03a81589ad1

  • SHA256

    7f74247962c61d595001a2d02788e55290265ed177bc696802f6f4eca51e5796

  • SHA512

    7d7ae482968d38c98f947b87520817a6165148a3e66cf89352a96a4ed5d6d6ac6e8cfa843c819d711ef066df20195bfb93b571738519bc6751826fd7b9398538

  • SSDEEP

    24576:GkHfaEEJ40aLb49n5/hLEjaEEJ40aLb49n5/hgCFzwgy:GkHfaEEJ465/REjaEEJ465/9Zw1

Score
10/10
revengeratnyancatrevengediscoverypersistencetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

amazon.capeturk.com:100

Mutex

eea5a83186824927836

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lee Text Tools.exe
    "C:\Users\Admin\AppData\Local\Temp\Lee Text Tools.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4820
        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
          "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:4128
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      PID:3868
    • C:\Users\Admin\AppData\Local\Temp\Lee Text Tools .exe
      "C:\Users\Admin\AppData\Local\Temp\Lee Text Tools .exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4604
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/LeeSoftware
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ffcea8646f8,0x7ffcea864708,0x7ffcea864718
          4⤵
            PID:216
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7683717330609158119,3436015015293798617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
            4⤵
              PID:4684
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,7683717330609158119,3436015015293798617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,7683717330609158119,3436015015293798617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
              4⤵
                PID:1492
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7683717330609158119,3436015015293798617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                4⤵
                  PID:4620
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7683717330609158119,3436015015293798617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                  4⤵
                    PID:2272
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7683717330609158119,3436015015293798617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                    4⤵
                      PID:1904
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1616
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:5092

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Setup.exe.log
                    Filesize

                    408B

                    MD5

                    51fbf537495ca1436da5b32e47165ff5

                    SHA1

                    4d6e69858ce695fc5da1e08d5d10ee6becdce483

                    SHA256

                    dde87e310c52cee343267ddaafe6c23a40f83ef5d9549daecd85eb66d8fd6b81

                    SHA512

                    fab70ebac99f1466db371c4689a2807c4d6138a9072c68c354ebeb26f92417e42c346694868eac96b97f8ecfc0d4e2062a57af84b498eb37fb62544a7242faf6

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    6dda6e078b56bc17505e368f3e845302

                    SHA1

                    45fbd981fbbd4f961bf72f0ac76308fc18306cba

                    SHA256

                    591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15

                    SHA512

                    9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    f6126b3cef466f7479c4f176528a9348

                    SHA1

                    87855913d0bfe2c4559dd3acb243d05c6d7e4908

                    SHA256

                    588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4

                    SHA512

                    ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                    Filesize

                    48B

                    MD5

                    13f682a47c48832decd7946599936631

                    SHA1

                    4b62d22bf8849e4a09b819b0b1477da151107b9b

                    SHA256

                    cbc2a2da203282aed26caaad99c7f93b9c2bad9edfabee85fe68c760aa8cae68

                    SHA512

                    d05330145edad9db587d7f639cc78589c447eb6a713361b15aa9a8658953f8483c38f673c32138db0bab61d8430394ed829007ab8b3e6e71808a2ed38f60c8f2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                    Filesize

                    72B

                    MD5

                    660fa28d2fd46e214abac8c711186840

                    SHA1

                    428dfe7360b3867efc3491a7bee3a5d0a69b4750

                    SHA256

                    6e2d02d40080f9a979bf0463030e143c6a0a0fec60292f119e2de8616bba9fad

                    SHA512

                    07d8492da6b2c4cc164679a4f62da04a3ef3b7f086e2a4e359d0a84cbb14922098bddee750be8dd02ed4cdb086ac6d34b1b470b900e5d054226f30e8fc88ef1c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                    Filesize

                    70KB

                    MD5

                    e5e3377341056643b0494b6842c0b544

                    SHA1

                    d53fd8e256ec9d5cef8ef5387872e544a2df9108

                    SHA256

                    e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                    SHA512

                    83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
                    Filesize

                    8KB

                    MD5

                    cf89d16bb9107c631daabf0c0ee58efb

                    SHA1

                    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                    SHA256

                    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                    SHA512

                    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                    Filesize

                    264KB

                    MD5

                    f50f89a0a91564d0b8a211f8921aa7de

                    SHA1

                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                    SHA256

                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                    SHA512

                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
                    Filesize

                    8KB

                    MD5

                    41876349cb12d6db992f1309f22df3f0

                    SHA1

                    5cf26b3420fc0302cd0a71e8d029739b8765be27

                    SHA256

                    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                    SHA512

                    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    4KB

                    MD5

                    e0570d094d8f3a0f6ec0eee1515d678d

                    SHA1

                    719e16907d46f5912f591fad26da5430b9daf626

                    SHA256

                    1f7c9602a13ac82cd99e3afe03a66403d722c79c6619684b4042b0034918fa28

                    SHA512

                    a6fd0450d04a69a81f4ff52f8f5621f2b057bece0bd01ce75b5043f37b7dc4f9ccec230354a87dfb0fde0893badb6d48cccdcc1c87a60ba2927aaa804812db6e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    932b7c15182474255a11ca2cc7a9f716

                    SHA1

                    3215ff5d56e47f0d4350eeeb53f5a88f379c6064

                    SHA256

                    3e82f681bb05981c6a92c15acdc486a42df9bf34236cddfe9b02b3319f449e17

                    SHA512

                    019df9d9e2794819aba7f83884b6816b6e4865d13cbf2b245032ed016c96c70dde81612fb330fa6fc9c5885ac107fe5734299f95e8b1707b89d255be6c492dbd

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    24KB

                    MD5

                    90cc75707c7f427e9bbc8e0553500b46

                    SHA1

                    9034bdd7e7259406811ec8b5b7ce77317b6a2b7e

                    SHA256

                    f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb

                    SHA512

                    7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    24KB

                    MD5

                    931b19c22253dcfe30f857f91ee82dde

                    SHA1

                    6f678be94fd2f87c06b65b3004557833aedddc67

                    SHA256

                    6b18fdc7be76ebdab0b6368aa0cb6c7e9384f598bbd999237e470dc80470d416

                    SHA512

                    6cc75fae562dc84143154f782d0eb0fa4d3628fbb541f4b5a2ae2edf0168aa111b809eba4acdbdab943ecdd182c36b955cff08d00d8989809f6063b0449abb37

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                    Filesize

                    16B

                    MD5

                    46295cac801e5d4857d09837238a6394

                    SHA1

                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                    SHA256

                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                    SHA512

                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                    Filesize

                    41B

                    MD5

                    5af87dfd673ba2115e2fcf5cfdb727ab

                    SHA1

                    d5b5bbf396dc291274584ef71f444f420b6056f1

                    SHA256

                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                    SHA512

                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
                    Filesize

                    8KB

                    MD5

                    0962291d6d367570bee5454721c17e11

                    SHA1

                    59d10a893ef321a706a9255176761366115bedcb

                    SHA256

                    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                    SHA512

                    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    8KB

                    MD5

                    1584a0062982574856e1ea2fe2007c05

                    SHA1

                    47de12539d743f23e708e7776cc70c9762312692

                    SHA256

                    787982ca550a2fadef519ad6bdb107b38f385b25bc37d136f204f86d1c5e008e

                    SHA512

                    49b3780ad2ec9f46a1f1637bc656bddcb23e64e332cd922ececb082f66ca344e8c68bbf3f8845c3edc4aa2485430e9541b668829bffea1893463f3b53ca335f4

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Lee Text Tools .exe
                    Filesize

                    563KB

                    MD5

                    c6a289d6258169b171835ea60ab103eb

                    SHA1

                    ee3d99e430369f4487c411853f6ab0b74f6b2d85

                    SHA256

                    e3114f5d8ee3f633248221966a4cac29c6ea2423a264812ab52c4112b214e528

                    SHA512

                    8e0f2059455d27f3ad29e970b999d11d338b8fdf0a8e813e89d1d2d4a9b984279c32d1ee3c922a10dd162ea06574d33f405be86cabed502f9946a5aa5004a85d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
                    Filesize

                    356KB

                    MD5

                    fa0b327abd82686bb9d676a30fa89b46

                    SHA1

                    a5521f5e8e500f67b183542ffad65b83ebcb186f

                    SHA256

                    d01728070486e1abbf024db0eeeacf232e02fe326c4c0b762af73f728fc9392d

                    SHA512

                    ead84a6cbe44be5cb213154cf11f8cbe7cc992563549201500f11cf770e3b57b02da027fc982b436f8eebbfa60088f4dad8e10de1086dbb5781b2b3da004790d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
                    Filesize

                    63KB

                    MD5

                    d298454882caac154fc9217fc7e90499

                    SHA1

                    11970a2f8b9d1153fbc7fe925a846bd95e07e96f

                    SHA256

                    badaa2312457f3d08ca1f72287989456f9e62d6b417af6fb9b5e39ca1e8c8100

                    SHA512

                    e28a4d7c827b5c816503ddba4fee0bc82b16a0acb2eed9c81b20bb1b043d69b89cd3a1cf2beafb27a2471b6172f707d53e3c90568636b0c65e484e051dfde86f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
                    Filesize

                    256KB

                    MD5

                    c4e4407b5fcf49586ddd5d5573ae4b95

                    SHA1

                    0f60aaaaac09d4f9273207114fcc78c0bfb250eb

                    SHA256

                    8f1e6eb0269fbe449678ce4863d494fda78bc648f27ad1c129270575efce4f7a

                    SHA512

                    95a89aae7f135b3355f2f0f751607742d8dfa5dfb04bf86cad0fff99d6c687a18a2f0be30d92a79d004cba49823c73f0208f40bb5e9cff3b26f72d1fe5f3d47b

                    Download Submit

                  • \??\pipe\LOCAL\crashpad_2788_GQAIIJYLPVVVFOAD
                    MD5

                    d41d8cd98f00b204e9800998ecf8427e

                    SHA1

                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                    SHA256

                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                    SHA512

                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                    Download Submit

                  • memory/1960-0-0x00007FFCECC55000-0x00007FFCECC56000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1960-41-0x00007FFCEC9A0000-0x00007FFCED341000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/1960-6-0x00007FFCEC9A0000-0x00007FFCED341000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/1960-4-0x000000001BDB0000-0x000000001BE4C000-memory.dmp

                    Filesize

                    624KB

                    Download

                  • memory/1960-3-0x000000001B840000-0x000000001BD0E000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/1960-2-0x00007FFCEC9A0000-0x00007FFCED341000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/1960-1-0x000000001B2C0000-0x000000001B366000-memory.dmp

                    Filesize

                    664KB

                    Download

                  • memory/2156-68-0x00007FFCEC9A0000-0x00007FFCED341000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2156-65-0x00007FFCEC9A0000-0x00007FFCED341000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2156-42-0x00007FFCEC9A0000-0x00007FFCED341000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2156-34-0x00007FFCEC9A0000-0x00007FFCED341000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4128-128-0x0000000001670000-0x000000000167A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/4604-67-0x0000000004B80000-0x0000000004B8A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/4604-50-0x0000000004C00000-0x0000000004C92000-memory.dmp

                    Filesize

                    584KB

                    Download

                  • memory/4604-49-0x00000000051B0000-0x0000000005756000-memory.dmp

                    Filesize

                    5.6MB

                    Download

                  • memory/4604-48-0x0000000000240000-0x00000000002D2000-memory.dmp

                    Filesize

                    584KB

                    Download