Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    599s
  • max time network
    436s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    11/01/2023, 09:46

General

  • Target

    CR.6.04.ZDescargas.org.rar

  • Size

    24.9MB

  • MD5

    5a9d7261ca6fb48b5df18e3e5dcd12e4

  • SHA1

    c5e5601e995437ff625939876c7cf5a30d8e29ea

  • SHA256

    167b62bedf781e71f644e33476227dc1b1e1db76c887aa47ff77811172c2adde

  • SHA512

    f3a4ca9a591dae5c7ba50c048fdbfac6a7e2f12bf02df20cbde3c1cfe2707fb41a570cac5c7fb6cba0f4b4c7f57102967ffb98f318547efb5626c700c5e40177

  • SSDEEP

    786432:43bcW3YD1DksSfkRmxipxQxTQrutMNuOZ:ObcoukBk4Xxi9uOZ

Malware Config

Extracted

Path

C:\Program Files\WinRAR\Rar.txt

Ransom Note
User's Manual ~~~~~~~~~~~~~ RAR 6.11 console version ~~~~~~~~~~~~~~~~~~~~~~~~ =-=-=-=-=-=-=-=-=-=-=-=-=-=- Welcome to the RAR Archiver! -=-=-=-=-=-=-=-=-=-=-=-=-=-= Introduction ~~~~~~~~~~~~ RAR is a console application allowing to manage archive files in command line mode. RAR provides compression, encryption, data recovery and many other functions described in this manual. RAR supports only RAR format archives, which have .rar file name extension by default. ZIP and other formats are not supported. Even if you specify .zip extension when creating an archive, it will still be in RAR format. Windows users may install WinRAR, which supports more archive types including RAR and ZIP formats. WinRAR provides both graphical user interface and command line mode. While console RAR and GUI WinRAR have the similar command line syntax, some differences exist. So it is recommended to use this rar.txt manual for console RAR (rar.exe in case of Windows version) and winrar.chm WinRAR help file for GUI WinRAR (winrar.exe). Configuration file ~~~~~~~~~~~~~~~~~~ RAR and UnRAR for Unix read configuration information from .rarrc file in a user's home directory (stored in HOME environment variable) or in /etc directory. RAR and UnRAR for Windows read configuration information from rar.ini file, placed in the same directory as the rar.exe file. This file can contain the following string: switches=<any RAR switches separated by spaces> For example: switches=-m5 -s It is also possible to specify separate switch sets for individual RAR commands using the following syntax: switches_<command>=<any RAR switches separated by spaces> For example: switches_a=-m5 -s switches_x=-o+ Environment variable ~~~~~~~~~~~~~~~~~~~~ Default parameters may be added to the RAR command line by establishing an environment variable "RAR". For instance, in Unix following lines may be added to your profile: RAR='-s -md1024' export RAR RAR will use this string as default parameters in the command line and will create "solid" archives with 1024 MB sliding dictionary size. RAR handles options with priority as following: command line switches highest priority switches in the RAR variable lower priority switches saved in configuration file lowest priority Log file ~~~~~~~~ If switch -ilog is specified in the command line or configuration file, RAR will write informational messages about errors encountered while processing archives into a log file. Read the switch -ilog description for more details. The file order list for solid archiving - rarfiles.lst ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ rarfiles.lst contains a user-defined file list, which tells RAR the order in which to add files to a solid archive. It may contain file names, wildcards and special entry - $default. The default entry defines the place in order list for files not matched with other entries in this file. The comment character is ';'. In Windows this file should be placed in the same directory as RAR or in %APPDATA%\WinRAR directory, in Unix - to the user's home directory or in /etc. Tips to provide improved compression and speed of operation: - similar files should be grouped together in the archive; - frequently accessed files should be placed at the beginning. Normally masks placed nearer to the top of list have a higher priority, but there is an exception from this rule. If rarfiles.lst contains such two masks that all files matched by one mask are also matched by another, that mask which matches a smaller subset of file names will have higher priority regardless of its position in the list. For example, if you have *.cpp and f*.cpp masks, f*.cpp has a higher priority, so the position of 'filename.cpp' will be chosen according to 'f*.cpp', not '*.cpp'. RAR command line syntax ~~~~~~~~~~~~~~~~~~~~~~~ Syntax RAR <command> [ -<switches> ] <archive> [ <@listfiles...> ] [ <files...> ] [ <path_to_extract\> ] Description Command is a single character or string specifying an action to be performed by RAR. Switches are designed to modify the way RAR performs such action. Other parameters are archive name and files to be archived or extracted. Listfiles are plain text files containing names of files to process. File names must start at the first column. It is possible to put comments to the listfile after // characters. For example, you can create backup.lst containing the following strings: c:\work\doc\*.txt //backup text documents c:\work\image\*.bmp //backup pictures c:\work\misc and then run: rar a backup @backup.lst If you wish to read file names from stdin (standard input), specify the empty listfile name (just @). By default, console RAR uses the single byte encoding in list files, but it can be redefined with -sc<charset>l switch. You can specify both usual file names and list files in the same command line. If neither files nor listfiles are specified, then *.* is implied and RAR will process all files. path_to_extract includes the destination directory name followed by a path separator character. For example, it can be c:\dest\ in Windows or data/ in Unix. It specifies the directory to place extracted files in 'x' and 'e' commands. This directory is created by RAR if it does not exist yet. Alternatively it can be set with -op<path> switch. Many RAR commands, such as extraction, test or list, allow to use wildcards in archive name. If no extension is specified in archive mask, RAR assumes .rar, so * means all archives with .rar extension. If you need to process all archives without extension, use *. mask. *.* mask selects all files. Wildcards in archive name are not allowed when archiving and deleting. In Unix you need to enclose RAR command line parameters containing wildcards in single or double quotes to prevent their expansion by Unix shell. For example, this command will extract *.asm files from all *.rar archives in current directory: rar e '*.rar' '*.asm' Command could be any of the following: a Add files to archive. Examples: 1) add all *.hlp files from the current directory to the archive help.rar: rar a help *.hlp 2) archive all files from the current directory and subdirectories to 362000 bytes size solid, self-extracting volumes and add the recovery record to each volume: rar a -r -v362 -s -sfx -rr save Because no file names are specified, all files (*) are assumed. 3) as a special exception, if directory name is specified as an argument and if directory name does not include file masks and trailing path separator, the entire contents of the directory and all subdirectories will be added to the archive even if switch -r is not specified. The following command will add all files from the directory Bitmaps and its subdirectories to the RAR archive Pictures.rar: rar a Pictures.rar Bitmaps 4) if directory name includes the trailing path separator, normal rules apply and you need to specify switch -r to process its subdirectories. The following command will add all files from directory Bitmaps, but not from its subdirectories, because switch -r is not specified: rar a Pictures.rar Bitmaps\* c Add archive comment. Comments are displayed while the archive is being processed. Comment length is limited to 256 KB. Examples: rar c distrib.rar Also comments may be added from a file using -z[file] switch. The following command adds a comment from info.txt file: rar c -zinfo.txt dummy ch Change archive parameters. This command can be used with most of archive modification switches to modify archive parameters. It is especially convenient for switches like -cl, -cu, -tl, which do not have a dedicated command. It is not able to recompress, encrypt or decrypt archive data and it cannot merge or create volumes. If used without any switches, 'ch' command just copies the archive data without modification. Example: Set archive time to latest file: rar ch -tl files.rar cw Write archive comment to specified file. Format of output file depends on -sc switch. If output file name is not specified, comment data will be sent to stdout. Examples: 1) rar cw arc comment.txt 2) rar cw -scuc arc unicode.txt 3) rar cw arc d Delete files from archive. If this command removes all files from archive, the empty archive is removed. e Extract files without archived paths. Extract files excluding their path component, so all files are created in the same destination directory. Use 'x' command if you wish to extract full pathnames. Example: rar e -or html.rar *.css css\ extract all *.css files from html.rar archive to 'css' directory excluding archived paths. Rename extracted files automatically in case several files have the same name. f Freshen files in archive. Updates archived files older than files to add. This command will not add new files to the archive. i[i|c|h|t]=<string> Find string in archives. Supports following optional parameters: i - case insensitive search (default); c - case sensitive search; h - hexadecimal search; t - use ANSI, UTF-8, UTF-16 and OEM (Windows only) character tables; If no parameters are specified, it is possible to use the simplified command syntax i<string> instead of i=<string> It is allowed to specify 't' modifier with other parameters, for example, ict=string performs case sensitive search using all mentioned above character tables. Examples: 1) rar "ic=first level" -r c:\*.rar *.txt Perform case sensitive search of "first level" string in *.txt files in *.rar archives on the disk c: 2) rar ih=f0e0aeaeab2d83e3a9 -r e:\texts\*.rar Search for hex string f0 e0 ae ae ab 2d 83 e3 a9 in rar archives in e:\texts directory. k Lock archive. RAR cannot modify locked archives, so locking important archives prevents their accidental modification by RAR. Such protection might be especially useful in case of RAR commands processing archives in groups. This command is not intended or able to prevent modification by other tools or willful third party. It implements a safety measure only for accidental data change by RAR. Example: rar k final.rar l[t[a],b] List archive contents [technical [all], bare]. 'l' command lists archived file attributes, size, date, time and name, one file per line. If file is encrypted, line starts from '*' character. 'lt' displays the detailed file information in multiline mode. This information includes file checksum value, host OS, compression options and other parameters. 'lta' provide the detailed information not only for files, but also for service headers like NTFS streams or file security data. 'lb' lists bare file names with path, one per line, without any additional information. You can use -v switch to list contents of all volumes in volume set: rar l -v vol.part1.rar Commands 'lt', 'lta' and 'lb' are equal to 'vt', 'vta' and 'vb' correspondingly. m[f] Move to archive [files only]. Moving files and directories results in the files and directories being erased upon successful completion of the packing operation. Directories will not be removed if 'f' modifier is used and/or '-ed' switch is applied. p Print file to stdout. Send unpacked file data to stdout. Informational messages are suppressed with this command, so they are not mixed with file data. r Repair archive. Archive repairing is performed in two stages. First, the damaged archive is searched for a recovery record (see 'rr' command). If archive contains the previously added recovery record and if damaged data area is continuous and smaller than error correction code size in recovery record, chance of successful archive reconstruction is high. When this stage has been completed, a new archive is created, named as fixed.arcname.rar, where 'arcname' is the original (damaged) archive name. If broken archive does not contain a recovery record or if archive is not completely recovered due to major damage, second stage is performed. During this stage only the archive structure is reconstructed and it is impossible to recover files which fail checksum validation, it is still possible, however, to recover undamaged files, which were inaccessible due to the broken archive structure. Mostly this is useful for non-solid archives. This stage is never efficient for archives with encrypted file headers, which can be repaired only if recovery record is present. When the second stage is completed, the reconstructed archive is saved as rebuilt.arcname.rar, where 'arcname' is the original archive name. By default, repaired archives are created in the current directory, but you can append an optional destpath\ parameter to specify another destination directory. Example: rar r buggy.rar c:\fixed\ repair buggy.rar and place the result to 'c:\fixed' directory. rc Reconstruct missing and damaged volumes using recovery volumes (.rev files). You need to specify any existing .rar or .rev volume as the archive name. Example: rar rc backup.part03.rar Read 'rv' command description for information about recovery volumes. rn Rename archived files. The command syntax is: rar rn <arcname> <srcname1> <destname1> ... <srcnameN> <destnameN> For example, the following command: rar rn data.rar readme.txt readme.bak info.txt info.bak will rename readme.txt to readme.bak and info.txt to info.bak in the archive data.rar. It is allowed to use wildcards in the source and destination names for simple name transformations

Extracted

Path

C:\Program Files\WinRAR\WhatsNew.txt

Ransom Note
WinRAR - What's new in the latest version Version 6.11 1. Added support for Gz archives with large archive comments. Previously the extraction command failed to unpack gz archives if comment size exceeded 16 KB. 2. Archive comments in gz archives are displayed in the comment window and recognized by "Show information" command. Large comments are shown partially. Previous versions didn't display Gzip comments. 3. Reserved device names followed by file extension, such as aux.txt, are extracted as is in Windows 11 even without "Allow potentially incompatible names" option or -oni command line switch. Unlike previous Windows versions, Windows 11 treats such names as usual files. Device names without extension, such as aux, still require these options to be unpacked as is regardless of Windows version. 4. Switch -mes can be also used to suppress the password prompt and abort when adding files to encrypted solid archive. 5. Additional measures to prevent extracting insecure links are implemented. 6. Bugs fixed: a) if password exceeding 127 characters was entered when unpacking an encrypted archive with console RAR, text after 127th character could be erroneously recognized as user's input by different prompts issued later; b) wrong archived file time could be displayed in overwrite prompt when extracting a file from ZIP archive. It happened if such archive included extended file times and was created in another time zone. It didn't affect the actual file time, which was set properly upon extraction. Version 6.10 1. WinRAR can unpack contents of .zst and .zipx archives utilizing Zstandard algorithm. 2. Added support of Windows 11 Explorer context menus. Beginning from Windows 11, an application can add only a single top level command or submenu to Explorer context menu. If "Cascaded context menus" in "Integration settings" dialog is on, this single item is a submenu storing all necessary WinRAR commands. If this option is off, only one extraction command for archives and one archiving command for usual files are available. You can select these commands with "Context menu items..." button in "Integration settings" dialog. 3. "Legacy context menus" option in "Settings/Integration" dialog can be used in Windows 11 if WinRAR commands are missing in "Show more options" Windows legacy context menu or in context menus of third party file managers. If WinRAR commands are already present here, keep "Legacy context menus" option turned off to prevent duplicating them. This option is not available in Windows 10 and older. 4. Windows XP is not supported anymore. Minimum required operating system version is Windows Vista. 5. "Close" item is added to "When done" list on "Advanced" page of archiving dialog. It closes WinRAR window, when archiving is done. 6. "When done" list is added to "Options" page of extraction dialog. It allows to select an action like turning a computer off or closing WinRAR after completing extraction. 7. Switch -si can be used when extracting or testing to read archive data from stdin, such as: type docs.rar | rar x -si -o+ -pmypwd dummy docs\ Even though the archive name is ignored with this switch, an arbitrary dummy archive name has to specified in the command line. Operations requiring backward seeks are unavailable in this mode. It includes displaying archive comments, testing the recovery record, utilizing the quick open information, processing multivolume archives. Prompts requiring user interaction are not allowed. Use -o[+|-|r], -p<pwd> or -mes switches to suppress such prompts. 8. New -ep4<path> switch excludes the path prefix when archiving or extracting if this path is found in the beginning of archived name. Path is compared with names already prepared to store in archive, without drive letters and leading path separators. For example: rar a -ep4texts\books archive c:\texts\books\technical removes "text\books" from archived names, so they start from 'technical'. 9. New -mes switch skips encrypted files when extracting or testing. It replaces the former -p- switch. 10. New -op<path> switch sets the destination folder for 'x' and 'e' extraction commands. Unlike <path_to_extract\> command line parameter, this switch also accepts paths without trailing path separator character. 11. If 'p' command is used to print a file to stdout, informational messages are suppressed automatically to prevent them mixing with file data. 12. "Generate archive name by mask" option and switch -ag treat only first two 'M' characters after 'H' as minutes. Previously any amount of such characters was considered as minutes. It makes possible to place the time field before the date, like -agHHMM-DDMMYY. Previous versions considered all 'M' in this string as minutes. 13. Maximum allowed size of RAR5 recovery record is increased to 1000% of protected data size. Maximum number of RAR5 recovery volumes can be 10 times larger than protected RAR volumes. Previous WinRAR versions are not able to use the recovery record to repair broken archives if recovery record size exceeds 99%. Similarly, previous versions cannot use recovery volumes if their number is equal or larger than number of RAR volumes. 14. Warning is issued if entered password exceeds the allowed limit of 127 characters and is truncated. Previously such passwords had been truncated silently. 15. If archive includes reserved device names, the underscore character is inserted in the beginning of such names when extracting. For example, aux.txt is converted to _aux.txt. It is done to prevent compatibility problems with software unable to process such names. You can use "Allow potentially incompatible names" option in "Advanced" part of extraction dialog or command line -oni switch to avoid this conversion. 16. WinRAR attempts to reset the file cache before testing an archive. It helps to verify actual data written to disk instead of reading a cached copy. 17. Multiple -v<size> switches specifying different sizes for different volumes are now allowed also for ZIP archives: WinRAR a -v100k -v200k -v300k arcname.zip Previously multiple -v<size> switches were supported only for RAR archives. 18. Switches -sl<size> and -sm<size> can be used in WinRAR.exe command line mode when extracting archives in any supported formats, provided that such archive includes unpacked file sizes. Previously these switches could filter files by size only in RAR and ZIP archives. 19. Newer folder selection dialog is invoked when pressing "Browse" button in WinRAR "Settings/Paths" page, "Repair" and "Convert" commands, also as in few other similar places. Previously a simpler XP style folder selection dialog was opened. 20. When restoring from tray after completing an operation, WinRAR window is positioned under other opened windows, to not interfere with current user activities. 21. "650 MB CD" is removed and "2 GB volumes" is added to the list of predefined volume sizes in "Define volume sizes" dialog invoked from WinRAR "Settings/Compression". 22. "Rename" command selects the file name part up to the final dot. Previously it selected the entire name. 23. If SFX archive size exceeds 4 GB, an error message is issued during compression, immediately after exceeding this threshold. Previously this error was reported only after completing compression. Executables of such size cannot be started by Windows. 24. Command line -en switch is not supported anymore. It created RAR4 archives without the end of archive record. End of archive record permits to gracefully skip external data like digital signatures. 25. Bugs fixed: a) when editing a file inside of .rar or .zip archive, WinRAR created a new SFX archive instead of updating an existing archive if "Create SFX archive" option was set in the default compression profile; b) the total progress could be displayed incorrectly when using -oi, -f, -u switches or appropriate GUI options; c) "Find files" command with "Use all tables" option and command line "it" commands failed to find strings in UTF-16 encoding. Version 6.02 1. ZIP SFX module refuses to process SFX commands stored in archive comment if such comment is resided after beginning of Authenticode digital signature. It is done to prevent possible attacks with inclusion of ZIP archive into the signature body. We already prohibited extracting contents of such malformed archives in WinRAR 6.01. We are thankful to Jacob Thompson - Mandiant Advantage Labs for reporting this issue. 2. WinRAR uses https instead of http in the web notifier window, home page and themes links. It also implements additional checks within the web notifier. This is done to prevent a malicious web page from executing existing files on a user's computer. Such attack is only possible if the intruder has managed to spoof or otherwise control user's DNS records. Some other factors are also involved in limiting the practical application of this attack. We would like to express our gratitude to Igor Sak-Sakovskiy for bringing this issue to our attention. 3. Where appropriate, SFX archive displays the additional line with detailed error information provided by operating system. For example, previously such archive would display "Cannot create file" message alone. Now this message is followed by a detailed reason like access denied or file being used by another process. In the past this extended error information was available in WinRAR, but not in SFX archives. 4. Switch -idn hides archived names also in 'v' and 'l' commands. It can be useful if only the archive type or total information is needed. 5. If -ibck -ri<priority> switches are used together, WinRAR process sets the priority specified in -ri switch. Previous versions ignored -ri and set the priority to low in the presence of -ibck switch. 6. When using "File/Change drive" command, WinRAR saves the last folder of previous drive and restores it if that drive is selected again later. 7. Name of unpacking file is now included into WinRAR incorrect password warning for RAR5 archives. It can be helpful when unpacking a non-solid archive containing files encrypted with different passwords. 8. Bugs fixed: a) "Convert archives" command issued erroneous "The specified password is incorrect" message after succesfully converting RAR archive with encrypted file names if new password was set and archive was opened in WinRAR shell; b) if command progress window was resized up and then quickly resized down to original dimensions, window contents could be positioned incorrectly. Version 6.01 1. Ctrl+A keyboard shortcut selects the entire text in WinRAR comment window. 2. If -idn switch is used together with -t or -df in console RAR when archiving, it additionally disables "Deleting <filename>" or "Testing <filename>" messages, normally issued by these switches. Also -idn disables folder creation messages when extracting a file to non-existing folder. 3. WinRAR and ZIP SFX module refuse to extract contents of ZIP SFX archives if ZIP central directory is resided after beginning of Authenticode digital signature. It is done to prevent possible attacks with inclusion of ZIP archive into signature body. 4. Bugs fixed: a) "Convert archives" command could incorrectly convert Unicode comments in RAR archives. b) if two archive information windows had been opened from Explorer context menu, the compression ratio bar in the first window could erroneously display a value for second archive. It did not affect the ratio and other text details at the right of window. Only the vertical bar at the left could be updated to a wrong value; c) if "Wait if other WinRAR copies are active" option was enabled in extraction dialog, "Waiting for another WinRAR copy" title was not set in command progress window while waiting; d) when extracting a symbolic link, previous versions did not overwrite existing symbolic links even if user requested it in overwrite prompt. Version 6.00 1. "Ignore" and "Ignore All" options are added to read error prompt. "Ignore" allows to continue processing with already read file part only and "Ignore All" does it for all future read errors. For example, if you archive a file, which portion is locked by another process, and if "Ignore" is selected in read error prompt, only a part of file preceding the unreadable region will be saved into archive. It can help to avoid interrupting lengthy archiving operations, though be aware that files archived with "Ignore" are incomplete. If switch -y is specified, "Ignore" is applied to all files by default. Previously available "Retry" and "Quit" options are still present in read error prompt as well. 2. Exit code 12 is returned in the command line mode in case of read errors. This code is returned for all options in the read error prompt, including a newly introduced "Ignore" option. Previously more common fatal error code 2 was returned for read errors. 3. If several archives are selected, "Extract archives to" option group in "Options" page of extraction dialog can be used to place extracted files to specified destination folder, to separate subfolders in destination folder, to separate subfolders in archive folders and directly to archive folders. It replaces "Extract archives to subfolders" option and available only if multiple archives are selected. 4. New -ad2 switch places extracted files directly to archive's own folder. Unlike -ad1, it does not create a separate subfolder for each unpacked archive. 5. "Additional switches" option in "Options" page of archiving and extraction dialogs allows to specify WinRAR command line switches. It might be useful if there is no option in WinRAR graphical interface matching a switch. Use this feature only if you are familiar with WinRAR command line syntax and clearly understand what specified switches are intended for. 6. Compression parameters in "Benchmark" command are changed to 32 MB dictionary and "Normal" method. They match RAR5 default mode and more suitable to estimate the typical performance of recent WinRAR versions than former 4 MB "Best" intended for RAR4 format. Latest "Benchmark" results cannot be compared with previous versions directly. New parameters set produces different values, likely lower because of eight times larger dictionary size. 7. When unpacking a part of files from solid volume set, WinRAR attempts to skip volumes in the beginning and
URLs

https

http

http://weirdsgn.com

http://icondesignlab.com

https://rarlab.com/themes/WinRAR_Classic_48x36.theme.rar

Signatures

  • Modifies system executable filetype association 2 TTPs 8 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 15 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Identifies Wine through registry keys 2 TTPs 2 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • NSIS installer 8 IoCs
  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CR.6.04.ZDescargas.org.rar
    1⤵
      PID:2960
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4736
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4852
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4240
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.0.619202903\1987455879" -parentBuildID 20200403170909 -prefsHandle 1532 -prefMapHandle 1524 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 1616 gpu
          3⤵
            PID:3744
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.3.66328737\1429370571" -childID 1 -isForBrowser -prefsHandle 2224 -prefMapHandle 2220 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 2236 tab
            3⤵
              PID:4888
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.13.183710929\471315198" -childID 2 -isForBrowser -prefsHandle 3384 -prefMapHandle 3380 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 3408 tab
              3⤵
                PID:4044
          • C:\Windows\System32\rundll32.exe
            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
            1⤵
              PID:824
            • C:\Users\Admin\Downloads\winrar-x64-611.exe
              "C:\Users\Admin\Downloads\winrar-x64-611.exe"
              1⤵
              • Executes dropped EXE
              • Drops file in Program Files directory
              • Suspicious use of SetWindowsHookEx
              PID:212
              • C:\Program Files\WinRAR\uninstall.exe
                "C:\Program Files\WinRAR\uninstall.exe" /setup
                2⤵
                • Modifies system executable filetype association
                • Executes dropped EXE
                • Registers COM server for autorun
                • Modifies registry class
                • Suspicious use of SetWindowsHookEx
                PID:660
            • C:\Program Files\WinRAR\WinRAR.exe
              "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -imon1 -- "C:\Users\Admin\AppData\Local\Temp\CR.6.04.ZDescargas.org.rar" "?\"
              1⤵
              • Executes dropped EXE
              • Suspicious use of FindShellTrayWindow
              PID:4556
            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\reaper604_x64-install.exe
              "C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\reaper604_x64-install.exe"
              1⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Modifies registry class
              PID:4512
            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe
              "C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:2232
              • C:\Users\Admin\AppData\Local\Temp\keygen.exe
                C:\Users\Admin\AppData\Local\Temp\keygen.exe
                2⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of SetWindowsHookEx
                PID:2024
            • C:\Windows\system32\AUDIODG.EXE
              C:\Windows\system32\AUDIODG.EXE 0x3c4
              1⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:4560
            • C:\Program Files\REAPER (x64)\reaper.exe
              "C:\Program Files\REAPER (x64)\reaper.exe"
              1⤵
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Loads dropped DLL
              • Checks processor information in registry
              • Modifies registry class
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of SetWindowsHookEx
              PID:772
            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe
              "C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:4468
              • C:\Users\Admin\AppData\Local\Temp\keygen.exe
                C:\Users\Admin\AppData\Local\Temp\keygen.exe
                2⤵
                • Executes dropped EXE
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of SetWindowsHookEx
                PID:3144
            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe
              "C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:4784
              • C:\Users\Admin\AppData\Local\Temp\keygen.exe
                C:\Users\Admin\AppData\Local\Temp\keygen.exe
                2⤵
                • Executes dropped EXE
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of SetWindowsHookEx
                PID:2812
            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe
              "C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:1564
              • C:\Users\Admin\AppData\Local\Temp\keygen.exe
                C:\Users\Admin\AppData\Local\Temp\keygen.exe
                2⤵
                • Executes dropped EXE
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of SetWindowsHookEx
                PID:4436
            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe
              "C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:3656
              • C:\Users\Admin\AppData\Local\Temp\keygen.exe
                C:\Users\Admin\AppData\Local\Temp\keygen.exe
                2⤵
                • Executes dropped EXE
                • Modifies registry class
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of SetWindowsHookEx
                PID:4228

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\REAPER (x64)\InstallData\ColorThemes\Default_5.0.ReaperThemeZip

              Filesize

              13.0MB

              MD5

              f86bcaa4729be65ae17704b2ead9b3da

              SHA1

              5a0377c79e936523ca85e0bfcd660d148011470a

              SHA256

              ad682d5a49b70b425bbc8ba6e4820650767c6a6398b746298c5fef9830713d55

              SHA512

              916736806a429573b1e9155e9ed615d71b0ae5f23472a7bc86724a39b9c210fcfbb6cdc9b012302909c75ae2385836d5e388522c36f44631661e59db9396a566

            • C:\Program Files\REAPER (x64)\InstallData\ColorThemes\Default_6.0.ReaperThemeZip

              Filesize

              19.5MB

              MD5

              1178b264cea36b3fb3f5b68a708927fb

              SHA1

              bf16320b50fe9b2fc1a0afd89e903013d15fa459

              SHA256

              bf6d59af2268396e2f379a8674d4d6c49a6fc9be1097ff9c70d07a1bc03647f6

              SHA512

              78a16845545e6dc24be3481515510fc815315b324ea447be6a2216582c406fa59c6bc29291b751f55b50b74af81170fdb71201aa06c9673c1a7ff952ef936565

            • C:\Program Files\REAPER (x64)\InstallData\Data\GM.reabank

              Filesize

              4KB

              MD5

              6f06246f7851d562c3af5b83db135c86

              SHA1

              8aa60f82a9b2c7eaf431fdc0c79e8f7c08a733ea

              SHA256

              da43bce7a5cc96a01d5757a951cbaba2696408d6239bdf083aab079e07ef236f

              SHA512

              c9d01dc7170165715978ee8e9afd8e2825ed7edef0d318219dc90231fa554871edd6757111cc9eef24fa92b309bba744c1d02ac6d8873a8dec961a5f9a734c4d

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Dumble Overdrive Special - Tweed Deluxe.wav

              Filesize

              4KB

              MD5

              33b31fd3bf3a7fa66274b52374247898

              SHA1

              cbecbfe0271578087e192157ea5c6924bc44fc6d

              SHA256

              5a06fbba771a89783c957822e4dd92852ce12a1d47c604fdf220769f41b94480

              SHA512

              656f131e473ed3303538124e7823a03cbd00b33cc44ceb7783e2b7a53cd43c98cc4660b015265b191e8a7e652df85046415ee8f505c08fdfec50a92e1d7c9136

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Fender Bassman - Fender Bassman.wav

              Filesize

              4KB

              MD5

              bafd91a6f40032cd8ba1b760fc474c54

              SHA1

              b710a95cc80fc7a8cfd6a101d7b7e2dec3345438

              SHA256

              68d325d659b8adf3dbb6a421277d35e5f61dbb1373003a149eb2a3cbdd49be8c

              SHA512

              d8f5f358cb07f95e2b6f435e78716fe456209c9077e8a2b7d8b018a2ff116d7fe5863f32f18baee66ff9dbedb56d41256fb18bf54f0f6ba21dc7f27af45843b4

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Fender Bassman - Tweed Champ.wav

              Filesize

              4KB

              MD5

              1ae37d5cb7fae2fe6a44d705903d1d68

              SHA1

              dd5509f7e623352aa5249c9ea5fef2ced9602de4

              SHA256

              396bc77761daac4fc368a1d0c23ab9307941b6f3ea03b2502617c868f15c2b86

              SHA512

              018d3e0a7c12bbf35a95db636327afb89ae891f47f74276f0ac03ab9b08b2f349185c97a78a015ee13dc0357f3ffa28063a4e81f970db76cd30076f63ffa9a36

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Fender Deluxe - Marshall Stock 70.wav

              Filesize

              4KB

              MD5

              87638bf2893031b221af0922e973e21d

              SHA1

              da6640fe9cad53093a656f0d8656812813626ace

              SHA256

              59b067e001e9425b4c165b9a71ca5e0ea1aa839633dbe4252660c3fe87da1596

              SHA512

              f4d97c781b3f0e818b1d11e0a3744548d6603039fdecfe885b650c571bcb8bc6a86002f2b89785a9b40395a751b5c7801bb2c5280680e20c4bbbfafa074c8baf

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Fender Deluxe - Tweed Champ.wav

              Filesize

              4KB

              MD5

              8001985fc6d93b20ba5d4ad3eb837720

              SHA1

              65a143ebf17b9c1c6c4ee7237b2ebccc4f48cde5

              SHA256

              5e4a40b4d41bee5448885be5378ab93a3027fb4c13778aa6179ffdf28ded2f84

              SHA512

              67b1edad89d5936217f263ed1e409bc712ab6ae7388a6c5cdaecb17740c121d595d77e0d281f9d258a47afc004a32e0632bb80f110677eea4e80508012eb76cf

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Marshall JCM800 - Marshall Stock 70.wav

              Filesize

              4KB

              MD5

              f1cbfea4f4678704d895dc78cb24213a

              SHA1

              78515d6cd7d6911c40d4b7565a30121596c43a79

              SHA256

              48dcc27ee229502ec34ef863b8a867bb180156efccff2e2819260475a6f990c0

              SHA512

              e2196c00a1c49ad2a85b459f1139d9c7545f39ba6592e3d66e894200e33be6f2d4beafd62e2f0aa9ee1bd684f94d120623cd637394a52b405a2c8a5b3c090a29

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Marshall JCM800 - Matchless Chieftain.wav

              Filesize

              4KB

              MD5

              0dc1cdc06ecfdfa025de8c1bcf8c3003

              SHA1

              45a1a445aeebf56d9c45d4094532ab7954dd8fd2

              SHA256

              273250faa8df43799e9ba549544b8c4005bea371e4d6df537f1f9d97076a8636

              SHA512

              2a1ccbdbad13b362cf0adf1365b260e330f8e211a6a93a00ffd1a83c7c9f337ca9f4ada6f392999606ec8940df3ee8fc8c5738765c4d1a98d784cc8229a8f0b2

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Marshall JTM45 - Blackface Deluxe.wav

              Filesize

              4KB

              MD5

              5a37e73820fd7f3372fbba5edafe96ce

              SHA1

              ca3362c2870cac126af0f384eb49e168e28c8986

              SHA256

              98faf64b07b18df56c2d3f0c9044fa1f93926656697401dec5eeffbd8bd142d7

              SHA512

              e8ce11bcc9ef8084dcc197685b411596e47f2d1dde88989ddb1e24383b5f96a8b981c594855231ef29ec3841c1545e072a4cf7a866ca6a1c25e4ed2617b80c73

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Marshall JTM45 - Matchless Chieftain.wav

              Filesize

              4KB

              MD5

              14071c09dc0fcddc7c946ca2bffeb959

              SHA1

              a130721134a1a173a7a35ca9e01a386aa0089049

              SHA256

              f48c5bb9d4515a0de774181e043856e444d29adbb46ffb454480b2824e43bf42

              SHA512

              c98d75605173f67935f425dc37a8316c6e8f911daa1e7660d433e60b68c9d235a29ba205a8a9c4336bb86fbcf62398685aca5399f9f1acc638e9c08c757e919d

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Mesa Boogie Clean - Blackface Twin.wav

              Filesize

              4KB

              MD5

              2f8f67507f48ddcfe4fdd587289e5336

              SHA1

              accad4f1b2afa14f81a509222a6e54f49af9354f

              SHA256

              54296c71c65d48cc5faa5de35f2d96fc0fb118b8443a5fb2e9a72d063b3dc178

              SHA512

              ee87934dd7bea0f20ffbf696fa7c7f9c49ccc07a5d576950552fac1701f0ea6aa79ee2a7bf2830e225f7cd67eec74a18713b378a67b4899fa972a7237ab18315

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Mesa Boogie Clean - Matchless Chieftain.wav

              Filesize

              4KB

              MD5

              b61b501ae2d92985eaa6cde83264b3c7

              SHA1

              b2b449c2b3eb23cbe281591c146f49840632dcbe

              SHA256

              5dec239f08e4809a1492713973c04a10e5cc0e54b48b824616131deafab02935

              SHA512

              03f159278052bf008616587a6d1c5ebffddaf331089b398f23d7cf9de21183f1a30c363c383b255277435f3c25a95bd0a113a5b2a7b8ad306a45a4ce618591c7

            • C:\Program Files\REAPER (x64)\InstallData\Data\amp_models\Vox AC30 Non Top Boost - Vox AC30.wav

              Filesize

              4KB

              MD5

              15232e709d034a9d7e1abbefa11dea9f

              SHA1

              7a2f1ed27ccce9c7d18449e3d662b65740b34c80

              SHA256

              076519b0129fa16a806793b127928e72dba7c382ad876c43a8a1221450f5e0e6

              SHA512

              3fcc6f6c70b0188b34e2837a3504e89398ad153e331fb18788083ad75fab5b3ccabeeeea01cdcc8e056821cf0252d49b22f7ae9c6345ff6d974e1ae3ad481c4b

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_keymaps\00 - Default Mapping.txt

              Filesize

              1KB

              MD5

              c409830f40665b23b23b3eb7df86f85b

              SHA1

              7c5df34ddc9d0af01301146ac56c564e183bb200

              SHA256

              c0c705ad1bd1dacf4e175bbbf81c1ebf81b981d0bebf5357d1876abef8190dc5

              SHA512

              d3ac622e3277a4cd7fe41571cddac143c4fb9d6877f1cb39790732c4a8fb321e4463d3f0c75bbdf7d4d1bb80449723d8c87d6d3d08d511056755a1b5bd344520

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Chromatic.txt

              Filesize

              141B

              MD5

              74d1af1854860a7741e3741ae204ec30

              SHA1

              cbaae4d9a2bad8d07c62a4f36efb117e67c3407b

              SHA256

              c34979d66ce96127ee98248d90dddc51ddbb93135747a30ae70f6a21c7b65559

              SHA512

              9250a36db49e4ea247657e551c2ffd6c9820fa12c34671c08900f98a429d27ea1a9ad83ae662ba41fa5d30afec05f65c839f97cef6349d88ec0bfa0f87a2e7c0

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Dorian.txt

              Filesize

              125B

              MD5

              399c656e6864dac590f53d8f32492e82

              SHA1

              b0c585db9515f0b0d7b1a67cae9a3e11c3d7db20

              SHA256

              d4f12d3e28e91a4498d50ec6035765d904516a2cf6f545cf1131d307af1227dd

              SHA512

              0c66101042da787e676c288e4ed59196c1115d3f37c7ae749f880054dfe3bd8e38429c503dd76764d67cf645488df821365ac93ace22e757140147c8693e0d21

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Harmonic Minor.txt

              Filesize

              125B

              MD5

              f35f776aa037c5a58b695d4484479b1e

              SHA1

              0e65dd8670c1d4252ff759c5f6f05e378dff8969

              SHA256

              3d105fc263a2e5e0e0dfc4e69032b291061d6db6abc1052c4116d192ac6a4a19

              SHA512

              d657c15c8b77458ac61af88bd47d0b855b91dd36a17f21d6a0c21225ad8dbeda84f37d08a0d3113328ef6dc2b8a6d084f585b8ee801dc84353408e31e32a9022

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Locrian.txt

              Filesize

              125B

              MD5

              bbd204f44d1aaad0f5e7fa3c105865b3

              SHA1

              ede0f15ae357a8c0b47cefbf4eb31507d63473a9

              SHA256

              3a4785a998505b0936a84f67c6be2cfcd82fcaa47958931cb2819d780f7d22df

              SHA512

              5347f163193c91ed5ca1b20b1430623fcab67049e3f6432a63e4b1b41c67050ae75a06e07620e94978d963e5750f5c95d7bb3f6473d6fc884367886f86f2e6e0

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Lydian.txt

              Filesize

              125B

              MD5

              c88c9b0ac3686f513a3c7e6b61094f94

              SHA1

              6c41422ea2c5844af2dadc00da733b0a26e2c7b8

              SHA256

              b054cb588b0dd2aa4cf2aeb9b608c78691394f621ba00d0fa9ca3a618348c5da

              SHA512

              ba393f581d73e60691f071e2774f3b3f16d5faac24738035e0554ae353d11955ca33b89c1f9a7f1cb86508f2f7bd2318e6a9b07af85009a803baea45f85426f2

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Major.txt

              Filesize

              125B

              MD5

              4b5c1475ea5eb774e913c2d1323cb8de

              SHA1

              63a10472b443985c2dc3bce4951fcc00ce630dbf

              SHA256

              aa28e4017f05434d699dfc4b3555fb3c273894395c1f24a72437f331ce35b7f2

              SHA512

              9a69d3fdc35de94324ae40c20ddedfde0779d36ec74c46190623ba372c4683d4343009d09f3c1af7e96d52cefac585c0de249a72b9f43110d6463e1e3e217086

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Melodic Minor.txt

              Filesize

              125B

              MD5

              aad5b40d0a640fd88f363d42f3e67d7e

              SHA1

              2fcb2d74b95f9bbd69425e6421c97c62329f5f53

              SHA256

              57608f807c193eb739bbb3efb280098d07f7f1a8385beb59fd1d7b31e8ed8a15

              SHA512

              134be90a416577a07b71367003b9a35aebc7d9f65e832d3191596d76973912239f66088ce169f2dfb61a1b5d16ddb572bc2e328dfc2433b9969c7235e6772c7a

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Mixolydian.txt

              Filesize

              125B

              MD5

              797f34d8365c008320c9e2e16c72cf9e

              SHA1

              0f72b4434dda80121f54205be7574eb60ee319bc

              SHA256

              fafa2069bb8ffbcc5ff4e4d366698220c0ee06643ea325b83d0f3d2fe39be939

              SHA512

              8281e8a6ffb7d5eabe2281521ccb59c48ac27255799a82368cb85f99b421c46280b00bf6e882ab33fae077b1d972f6020e7e2671b5bf52f6fae3a776bebb83aa

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Natural Minor.txt

              Filesize

              125B

              MD5

              8cc780c962c78bfb7ff8c0d39fb5bbb0

              SHA1

              a9b2b8ae3d1537402f844ea822b3273e77a7ca9b

              SHA256

              2617b4b1e795b3a7ee8313947f9311e821f8df54897044514c226a9c2c2cf694

              SHA512

              8c833e43c4d8beda9b8e26ab82cd236a15f5f55f3c81a17d45c5aedfa65209ccc61f2145c3973bae53fa11e05e7e0b45a798dd9e4201f6180ca6814b3081be82

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Pentatonic Major.txt

              Filesize

              118B

              MD5

              a512923eba2712da7314df3cb02001e8

              SHA1

              ffe909ce16335f2b8dd06e6d46a32ceb58cd63e6

              SHA256

              e8a91ccc88c0d5d8b4573e8caa71f09a5edb014d8d6e20e8a6dcc218631c2ee8

              SHA512

              7eb44c79abcf09a8684a5380ca5e40252e210b01a951255a13067dda166d1918bf667823902728a0f37e971bc33b77f11da762eff1a731277f2dbac868fd2667

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Pentatonic Minor.txt

              Filesize

              119B

              MD5

              d04ac0c483db594fd055aff0203bf69d

              SHA1

              83be8777946648ed35be71199d93077317c483cd

              SHA256

              781be05ef2eebaf911af83f1029d8fa2b1461e28b9e58cc60a4b6828f3a89bb5

              SHA512

              efeb1a023d42db1eb44ec2a85fa82b97dff3d5f942b34af1f0dd7838c8c475f9b45821d5e7f28c0f9eea896b50c13b919f20b9746906d263d8f4ce95700576b9

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Phrygian.txt

              Filesize

              125B

              MD5

              0dfc28c2e8609a31f611997cb5b0e74e

              SHA1

              e2822c241dc2d81ea63ace5464660074ddaafed1

              SHA256

              1e5ed7f8f34114619b0d22cef43047c34163c8cb859cb89fa6664c836e84c91b

              SHA512

              52716bd2f10c23c75abc82df1d2a03b11a2a786bd4d99ee7654ea3da56e6800fd97afa41b867ae02954e205ae3b7943f96fa42646fa273613c51b1296c6adfcc

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_scales\Whole Tone.txt

              Filesize

              122B

              MD5

              a189001d457e937657faa53ba1c1277d

              SHA1

              cd560343d620ede958ebd116cd4bab1051b1fe99

              SHA256

              ce107f1d7f48699d558369d21f5bab0e5372d3a3df3b9bfb0bd840c66ccf956d

              SHA512

              28df764d9f4b9e239d94617749014bc983fdcb2b9933279c019afe6936b1259bc39a3409ce18457196cbef84ad04c143b767d3c7ddaf28a7fc1c25f351180acc

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_sequences\1 - All Notes.txt

              Filesize

              1B

              MD5

              c4ca4238a0b923820dcc509a6f75849b

              SHA1

              356a192b7913b04c54574d18c28d46e6395428ab

              SHA256

              6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

              SHA512

              4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_sequences\2 - Accent on 1.txt

              Filesize

              112B

              MD5

              57de5b6088805c01b0dd3b75430e6d50

              SHA1

              3096be92182b9d058914505ebe26fc8a2d4b523e

              SHA256

              825d22c68c00a40d4df93a0b6c57babd910dbca4b9a2a386e499185cd7d79d82

              SHA512

              c7e01e42c63db2dd44e2314e5879b41c3652607c7fdd2a47039a9d15da178faab622689c5b6fff2ffb75af360019c44b243a80189ff73de4834c63e1a2e928e2

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_sequences\2 - Accent on 2.txt

              Filesize

              112B

              MD5

              69e8b01cfcf0f550bb2604a868725c54

              SHA1

              85e552d6d088f1405e67348e2ef09a960f41ff57

              SHA256

              663a62ae5356a25940e50f6160f26c1955b573b3bd3a8b2f657e1b7834caef7b

              SHA512

              ba1bed8cf2508c561f3404063d4fe3968a6f6148e1e6255f7a91e5b7714664571e9eaae34ca203cc14d4d337511bf80b5c3ce86da4e28db4f0f586c85ce3bd0c

            • C:\Program Files\REAPER (x64)\InstallData\Data\ix_sequences\3 - Accent on 1.txt

              Filesize

              115B

              MD5

              30cec2b2fb018a4935070c8e41dc828c

              SHA1

              a5fd99de39ea9ef28ab4eb0d0dd9678877fba6cb

              SHA256

              58f33886b3eb21e2536ae77663049ada2be3ce307a2e88bcfd8281152c486b79

              SHA512

              81f11b94066f71add64ffbd33be6de1c054c70e40078a320a2e42e0ce8c001a1c60c9e9ebe0bb17cc90627b05891fa55a25baaf8dd885d218dbe858e94dbec9e

            • C:\Program Files\REAPER (x64)\reaper.exe

              Filesize

              13.0MB

              MD5

              2c8d70abc770859b1af2c20b05850e48

              SHA1

              0fb515818765e7b718694e3782c80cdf2dae6faa

              SHA256

              08f7fbc8469e8a6eeb8d6e845f540a5b42359dd96c7b47fd096d9dffe194a0df

              SHA512

              8931e4c1124839101ec0856ecf95ce293038d2c845dd0d73ab44911c211c4e9c9ebef0682fb331e629dd07bd1d46d9bd0517a68a8024f2371d032cc9831e5423

            • C:\Program Files\REAPER (x64)\reaper.exe

              Filesize

              13.0MB

              MD5

              2c8d70abc770859b1af2c20b05850e48

              SHA1

              0fb515818765e7b718694e3782c80cdf2dae6faa

              SHA256

              08f7fbc8469e8a6eeb8d6e845f540a5b42359dd96c7b47fd096d9dffe194a0df

              SHA512

              8931e4c1124839101ec0856ecf95ce293038d2c845dd0d73ab44911c211c4e9c9ebef0682fb331e629dd07bd1d46d9bd0517a68a8024f2371d032cc9831e5423

            • C:\Program Files\WinRAR\Rar.txt

              Filesize

              107KB

              MD5

              8933d6e810668af29d7ba8f1c3b2b9ff

              SHA1

              760cbb236c4ca6e0003582aaefd72ff8b1c872aa

              SHA256

              cd3ba458c88bdf8924ebb404c8505d627e6ac7aadc6e351562c1894019604fc7

              SHA512

              344d737228483add83d5f2b31ae9582ca78013dc4be967f2cdafca24145970e3cb46d75373996150a3c9119ebc81ce9ac50e16696c17a4dea65c9571ef8e745e

            • C:\Program Files\WinRAR\Uninstall.exe

              Filesize

              412KB

              MD5

              92667e28583a9489e3cf4f1a7fd6636e

              SHA1

              faa09990ba4daae970038ed44e3841151d6e7f28

              SHA256

              9147293554ad43920bcf763ffd6e1183c36b9f8156dc220548426a187a5f2959

              SHA512

              63555a15f153df59b2ca2ab56cd20d71420eb5c9977bcf774723d8484157172b027f71fb2f7a4692aecc6e471f50beec2e0f7a43e57449714caede1e9684c0b8

            • C:\Program Files\WinRAR\WhatsNew.txt

              Filesize

              95KB

              MD5

              d4c768c52ee077eb09bac094f4af8310

              SHA1

              c56ae6b4464799fcdc87c5ff5a49ac1ad43482b1

              SHA256

              8089dfbebdf2142c7f60f5c12098859417b3c997f0b24b696ccaa78a50f3726c

              SHA512

              5b794b19b5ff10f7356a46f02204d0df3183037bc89d32e3f2c2978ea8f90ac6367fcb225b476cb7c8a3035d82ca1e328791271d3a58b40b9759d4b65e83f847

            • C:\Program Files\WinRAR\WinRAR.chm

              Filesize

              314KB

              MD5

              81b236ef16aaa6a3936fd449b12b82a2

              SHA1

              698acb3c862c7f3ecf94971e4276e531914e67bc

              SHA256

              d37819e64ecb61709fcf3435eb9bed790f75163057e36fb94a3465ca353ccc5e

              SHA512

              968fe20d6fe6879939297b8683da1520a1e0d2b9a5107451fca70b91802492e243976f56090c85eb9f38fca8f74134b8b6aa133ba2e2806d763c9f8516ace769

            • C:\Program Files\WinRAR\WinRAR.exe

              Filesize

              2.3MB

              MD5

              0b114fc0f4b6d49f57b3b01dd9ea6a8c

              SHA1

              23e1480c3ff3a54e712d759e9325d362bf52fabd

              SHA256

              f0f312fe14599d7379aa247c1d0cc6100db45bfe7f277113134a8157950bcacd

              SHA512

              e31c3a3da5e72a9d72e245d6e5dcc7c92e4cfcbb6bdbb61061e0586e29f77e8b42a81a0bba99ce45e148a2423907878fb858c40cc1008ef9d90fb8e4e2fcd573

            • C:\Program Files\WinRAR\WinRAR.exe

              Filesize

              2.3MB

              MD5

              0b114fc0f4b6d49f57b3b01dd9ea6a8c

              SHA1

              23e1480c3ff3a54e712d759e9325d362bf52fabd

              SHA256

              f0f312fe14599d7379aa247c1d0cc6100db45bfe7f277113134a8157950bcacd

              SHA512

              e31c3a3da5e72a9d72e245d6e5dcc7c92e4cfcbb6bdbb61061e0586e29f77e8b42a81a0bba99ce45e148a2423907878fb858c40cc1008ef9d90fb8e4e2fcd573

            • C:\Program Files\WinRAR\uninstall.exe

              Filesize

              412KB

              MD5

              92667e28583a9489e3cf4f1a7fd6636e

              SHA1

              faa09990ba4daae970038ed44e3841151d6e7f28

              SHA256

              9147293554ad43920bcf763ffd6e1183c36b9f8156dc220548426a187a5f2959

              SHA512

              63555a15f153df59b2ca2ab56cd20d71420eb5c9977bcf774723d8484157172b027f71fb2f7a4692aecc6e471f50beec2e0f7a43e57449714caede1e9684c0b8

            • C:\Users\Admin\AppData\Local\Temp\BASSMOD.DLL

              Filesize

              33KB

              MD5

              e4ec57e8508c5c4040383ebe6d367928

              SHA1

              b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

              SHA256

              8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

              SHA512

              77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

            • C:\Users\Admin\AppData\Local\Temp\R2RRPRKG.dll

              Filesize

              232KB

              MD5

              42bd86289f5d56522d73f5b1d14a2300

              SHA1

              ec577994687bdac4fb5cd237f89583ea87fac5a8

              SHA256

              f4004b3d39093bd1ea159c285b12c3a94ed110d48f29d4548f4fcb891e6c6530

              SHA512

              686f9a8538b7603a43bd6266817f4c4d94b8186b5a9ac057bd100691add36253751a5d2455527353d61c3512cdb8658dec01cf490ba05fe36522674653077f57

            • C:\Users\Admin\AppData\Local\Temp\bgm.xm

              Filesize

              31KB

              MD5

              d7bf06611a3eb46e6caa92fa6e5f2103

              SHA1

              08adad693cc7455cfbbba9a77790a97fe493d5a5

              SHA256

              c6d3769490a754c5d878e1dc5fc059ce04570c595b573f254c0903db11decdee

              SHA512

              d915419126d4375c0711d2ca73e2220285558183ef5e4b30768df17c82d4303b754c725a815a003bb6bb3093f9a3ddc1ceccc37236f993e0bd88ca1935b623d4

            • C:\Users\Admin\AppData\Local\Temp\keygen.exe

              Filesize

              477KB

              MD5

              7867ffa49a15b1c1c98fa28f6f4915d5

              SHA1

              841ab6d9e30f89022129243cf7c15b7ce02b55c3

              SHA256

              11f7d1889f87bcdb136e2ffcd4d4dc6daddfaeee4c2d418585e11aeabf45afa3

              SHA512

              a705ef34997ed5a083e0c1436a707da0eeb00ee74da928f397cbd6fe5ef4c17e11f461092ac8cd395752b8a51bbb1d94537d1933c2316eacd1f5a06bba3d2712

            • C:\Users\Admin\AppData\Local\Temp\keygen.exe

              Filesize

              477KB

              MD5

              7867ffa49a15b1c1c98fa28f6f4915d5

              SHA1

              841ab6d9e30f89022129243cf7c15b7ce02b55c3

              SHA256

              11f7d1889f87bcdb136e2ffcd4d4dc6daddfaeee4c2d418585e11aeabf45afa3

              SHA512

              a705ef34997ed5a083e0c1436a707da0eeb00ee74da928f397cbd6fe5ef4c17e11f461092ac8cd395752b8a51bbb1d94537d1933c2316eacd1f5a06bba3d2712

            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe

              Filesize

              688KB

              MD5

              fd5a3b2e2933ea1151d71f9cefc9fbcf

              SHA1

              8c7596bc39e7945ac58396102386f77db6dda4be

              SHA256

              2a22be4c7e3a17d6a408b0c0547cc181e148ab20c2e3f048791b421280686544

              SHA512

              3299c6534b2a09158c3decdec536e4296c2a2a31f32edfb5da1de413036a0f9475549ad14a7b891c0e413839f1dbaf03e1bb75b576e545e6a4138650b3533a30

            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\Keygen\KeyGen.exe

              Filesize

              688KB

              MD5

              fd5a3b2e2933ea1151d71f9cefc9fbcf

              SHA1

              8c7596bc39e7945ac58396102386f77db6dda4be

              SHA256

              2a22be4c7e3a17d6a408b0c0547cc181e148ab20c2e3f048791b421280686544

              SHA512

              3299c6534b2a09158c3decdec536e4296c2a2a31f32edfb5da1de413036a0f9475549ad14a7b891c0e413839f1dbaf03e1bb75b576e545e6a4138650b3533a30

            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\reaper604_x64-install.exe

              Filesize

              12.9MB

              MD5

              017f659dd842cc0265f32b183e36a270

              SHA1

              c96b012f6e981a1817ecd4404bf21afdbd6cc8e3

              SHA256

              b1a1fdabd45db6fd58b49cc40f1e456fd017c9d81d73c300ef0ed32c20cf421e

              SHA512

              06138c505e628b65097912c8288ab3ac770f1060894bb01ccbf4cdad06364d49d81496d27c900573efb585ffee796990e538153cd1d1be0d434ccdeea8c48418

            • C:\Users\Admin\Desktop\Cockos REAPER 6.04 ZDescargas.org\reaper604_x64-install.exe

              Filesize

              12.9MB

              MD5

              017f659dd842cc0265f32b183e36a270

              SHA1

              c96b012f6e981a1817ecd4404bf21afdbd6cc8e3

              SHA256

              b1a1fdabd45db6fd58b49cc40f1e456fd017c9d81d73c300ef0ed32c20cf421e

              SHA512

              06138c505e628b65097912c8288ab3ac770f1060894bb01ccbf4cdad06364d49d81496d27c900573efb585ffee796990e538153cd1d1be0d434ccdeea8c48418

            • C:\Users\Admin\Downloads\winrar-x64-611.exe

              Filesize

              3.3MB

              MD5

              8a6217d94e1bcbabdd1dfcdcaa83d1b3

              SHA1

              99b81b01f277540f38ea3e96c9c6dc2a57dfeb92

              SHA256

              3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684

              SHA512

              a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

            • C:\Users\Admin\Downloads\winrar-x64-611.exe

              Filesize

              3.3MB

              MD5

              8a6217d94e1bcbabdd1dfcdcaa83d1b3

              SHA1

              99b81b01f277540f38ea3e96c9c6dc2a57dfeb92

              SHA256

              3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684

              SHA512

              a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

            • \Program Files\WinRAR\RarExt.dll

              Filesize

              632KB

              MD5

              650a771d005941c7a23926011d75ad8f

              SHA1

              84b346acd006f21d7ffb8d5ea5937ec0ee3daa4f

              SHA256

              b28d116dd3066e7a3c9f0cc2f63d34a7189c9d78e869d1255c9dec59172a9d5f

              SHA512

              4724bd81c26716f0ad59187c78fbb920fd8b251540e76c28d93e0afcce3ebe0e3e2b4605e9d444bbbc3e828ce11f2b73489404318ab11403eff94b42ef2c9bad

            • \Users\Admin\AppData\Local\Temp\BASSMOD.dll

              Filesize

              33KB

              MD5

              e4ec57e8508c5c4040383ebe6d367928

              SHA1

              b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

              SHA256

              8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

              SHA512

              77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

            • \Users\Admin\AppData\Local\Temp\R2RRPRKG.dll

              Filesize

              232KB

              MD5

              42bd86289f5d56522d73f5b1d14a2300

              SHA1

              ec577994687bdac4fb5cd237f89583ea87fac5a8

              SHA256

              f4004b3d39093bd1ea159c285b12c3a94ed110d48f29d4548f4fcb891e6c6530

              SHA512

              686f9a8538b7603a43bd6266817f4c4d94b8186b5a9ac057bd100691add36253751a5d2455527353d61c3512cdb8658dec01cf490ba05fe36522674653077f57

            • \Users\Admin\AppData\Local\Temp\R2RRPRKG.dll

              Filesize

              232KB

              MD5

              42bd86289f5d56522d73f5b1d14a2300

              SHA1

              ec577994687bdac4fb5cd237f89583ea87fac5a8

              SHA256

              f4004b3d39093bd1ea159c285b12c3a94ed110d48f29d4548f4fcb891e6c6530

              SHA512

              686f9a8538b7603a43bd6266817f4c4d94b8186b5a9ac057bd100691add36253751a5d2455527353d61c3512cdb8658dec01cf490ba05fe36522674653077f57

            • \Users\Admin\AppData\Local\Temp\nsm519E.tmp\System.dll

              Filesize

              10KB

              MD5

              56a321bd011112ec5d8a32b2f6fd3231

              SHA1

              df20e3a35a1636de64df5290ae5e4e7572447f78

              SHA256

              bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

              SHA512

              5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

            • \Users\Admin\AppData\Local\Temp\nsm519E.tmp\UAC.dll

              Filesize

              14KB

              MD5

              4814167aa1c7ec892e84907094646faa

              SHA1

              a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

              SHA256

              32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

              SHA512

              fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

            • \Users\Admin\AppData\Local\Temp\nsm519E.tmp\UAC.dll

              Filesize

              14KB

              MD5

              4814167aa1c7ec892e84907094646faa

              SHA1

              a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

              SHA256

              32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

              SHA512

              fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

            • \Users\Admin\AppData\Local\Temp\nsm519E.tmp\portable.dll

              Filesize

              24KB

              MD5

              c21805b3e5e2ec5c9525899fafbc494b

              SHA1

              f25dd93b54fc1c98c92cc8a26f325f1391067988

              SHA256

              e885d8f297f82abf7bb8eb9f263bfbe2a57868b05549fe476b5884d08e9b56b4

              SHA512

              65a86b21bc8a0df109c75350a4a731bad7364aab703bb652acfcd5d2f687d11e9a8253c734c3c550dc409c5d251a4deeb8a55fc1b9a470f8f0c569ba65ced849

            • \Users\Admin\AppData\Local\Temp\nsm519E.tmp\portable.dll

              Filesize

              24KB

              MD5

              c21805b3e5e2ec5c9525899fafbc494b

              SHA1

              f25dd93b54fc1c98c92cc8a26f325f1391067988

              SHA256

              e885d8f297f82abf7bb8eb9f263bfbe2a57868b05549fe476b5884d08e9b56b4

              SHA512

              65a86b21bc8a0df109c75350a4a731bad7364aab703bb652acfcd5d2f687d11e9a8253c734c3c550dc409c5d251a4deeb8a55fc1b9a470f8f0c569ba65ced849

            • memory/772-419-0x0000000140000000-0x0000000140DF8000-memory.dmp

              Filesize

              14.0MB

            • memory/772-545-0x0000000140000000-0x0000000140DF8000-memory.dmp

              Filesize

              14.0MB

            • memory/2024-327-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/2024-329-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/2024-328-0x0000000002190000-0x000000000222B000-memory.dmp

              Filesize

              620KB

            • memory/2812-704-0x0000000002340000-0x00000000023DB000-memory.dmp

              Filesize

              620KB

            • memory/2812-703-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/2812-743-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/3144-543-0x00000000022F0000-0x000000000238B000-memory.dmp

              Filesize

              620KB

            • memory/3144-544-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/3144-542-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/4228-1024-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/4228-1025-0x00000000005C0000-0x000000000065B000-memory.dmp

              Filesize

              620KB

            • memory/4228-1026-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/4436-841-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/4436-843-0x00000000009D0000-0x0000000000A6B000-memory.dmp

              Filesize

              620KB

            • memory/4436-910-0x0000000010000000-0x0000000010013000-memory.dmp

              Filesize

              76KB

            • memory/4436-911-0x00000000009D0000-0x0000000000A6B000-memory.dmp

              Filesize

              620KB

            • memory/4512-161-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-148-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-174-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-173-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-172-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-171-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-170-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-176-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-177-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-178-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-169-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-168-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-166-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-167-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-165-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-164-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-163-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-162-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-183-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-160-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-159-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-157-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-158-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-156-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-155-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-154-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-153-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-152-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-151-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-150-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-149-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-175-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-147-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-146-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-145-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-144-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-143-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-141-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-140-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-139-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-138-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-137-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-136-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-135-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-179-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-204-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-203-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-202-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-201-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-200-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-199-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-180-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-181-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-198-0x0000000002431000-0x0000000002434000-memory.dmp

              Filesize

              12KB

            • memory/4512-195-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-182-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-192-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-190-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-189-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-188-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-187-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-186-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-185-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB

            • memory/4512-184-0x0000000076F80000-0x000000007710E000-memory.dmp

              Filesize

              1.6MB