parallax | 3fb4fc0859021fb29e961f4c7e5f8e16181a22a649feb9ba327a7eb6bb2922ae

Analysis

max time kernel
212s
max time network
218s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2023 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Paralxlax v1.0.7.zip
Size

24.5MB
MD5

d3f66b4ea50de8e14c209c9380981198
SHA1

f165a8eadf3d36d51fafc594f5b730f35f4d70dd
SHA256

3fb4fc0859021fb29e961f4c7e5f8e16181a22a649feb9ba327a7eb6bb2922ae
SHA512

1fbe3417bf9b1f21bbe22339e93e423522d4c199fcead4ebe0343c44ca3d7b25230a604776830391c2adba2c845c2620a9c077a61df7e01dd13551fb15aab358
SSDEEP

786432:jgXFshZRpdpCZdGsjPayytg/yiwD1i2l5NxAegUD9:UXFshZz2Gsb7ytN1i23gq9

Score

10^/10

parallax rat

Malware Config

Signatures

ParallaxRat
ParallaxRat is a multipurpose RAT written in MASM.
rat parallax

ParallaxRat payload 6 IoCs

Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

resource	yara_rule
behavioral1/memory/4168-331-0x0000000000D50000-0x0000000001A2A000-memory.dmp	parallax_rat
behavioral1/memory/4168-336-0x0000000000D50000-0x0000000001A2A000-memory.dmp	parallax_rat
behavioral1/memory/4168-356-0x0000000000D50000-0x0000000001A2A000-memory.dmp	parallax_rat
behavioral1/memory/6060-4584-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/6060-4630-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat
behavioral1/memory/6060-4673-0x0000000000400000-0x0000000000424000-memory.dmp	parallax_rat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	lmfao.exe

Executes dropped EXE 4 IoCs

pid	Process
4168	Parallax Launcher.exe
756	Parallax RAT v1.0.7.exe
5508	die.exe
6060	lmfao.exe

Loads dropped DLL 17 IoCs

pid	Process
756	Parallax RAT v1.0.7.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe
5508	die.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3A689C46-39E2-43F9-9FA8-EB1E43C7FB13}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 37 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "6"	Parallax Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Parallax Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	lmfao.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Parallax Launcher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{38C62A1A-BD61-4286-A140-3102F0993FE1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	Parallax Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = a000310000000000f9560c891000504152414c4c7e312e3743520000840009000400efbef956f888f9560c892e00000043330200000007000000000000000000000000000000d4bda00050006100720061006c006c00610078002000760031002e0030002e003700200063007200610063006b00200062007900200069004e00460069004e006900540045005f004f00500043004f0044004500530000001c000000	Parallax Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Parallax Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Parallax Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Parallax Launcher.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5508	die.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4168	Parallax Launcher.exe
4168	Parallax Launcher.exe
4168	Parallax Launcher.exe
4168	Parallax Launcher.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe
4044	msedge.exe
4044	msedge.exe
3752	msedge.exe
3752	msedge.exe
2408	identity_helper.exe
2408	identity_helper.exe
6052	msedge.exe
6052	msedge.exe
5148	msedge.exe
5148	msedge.exe
6644	msedge.exe
6644	msedge.exe
6644	msedge.exe
6644	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2156	7zFM.exe
5508	die.exe
756	Parallax RAT v1.0.7.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	2156	7zFM.exe
Token: 35	2156	7zFM.exe
Token: SeSecurityPrivilege	2156	7zFM.exe
Token: SeDebugPrivilege	4168	Parallax Launcher.exe
Token: SeRestorePrivilege	5512	7zG.exe
Token: 35	5512	7zG.exe
Token: SeSecurityPrivilege	5512	7zG.exe
Token: SeSecurityPrivilege	5512	7zG.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2156	7zFM.exe
2156	7zFM.exe
4168	Parallax Launcher.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
5512	7zG.exe
756	Parallax RAT v1.0.7.exe
5508	die.exe
5508	die.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
5508	die.exe
5508	die.exe
756	Parallax RAT v1.0.7.exe
756	Parallax RAT v1.0.7.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4168	Parallax Launcher.exe
756	Parallax RAT v1.0.7.exe
5508	die.exe
4168	Parallax Launcher.exe
4168	Parallax Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 756	4168	Parallax Launcher.exe	105
PID 4168 wrote to memory of 756	4168	Parallax Launcher.exe	105
PID 4168 wrote to memory of 756	4168	Parallax Launcher.exe	105
PID 4168 wrote to memory of 756	4168	Parallax Launcher.exe	105
PID 4168 wrote to memory of 756	4168	Parallax Launcher.exe	105
PID 4168 wrote to memory of 756	4168	Parallax Launcher.exe	105
PID 3752 wrote to memory of 2976	3752	msedge.exe	108
PID 3752 wrote to memory of 2976	3752	msedge.exe	108
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 3464	3752	msedge.exe	109
PID 3752 wrote to memory of 4044	3752	msedge.exe	110
PID 3752 wrote to memory of 4044	3752	msedge.exe	110
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111
PID 3752 wrote to memory of 1120	3752	msedge.exe	111

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Paralxlax v1.0.7.zip"
1⤵
PID:3788

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:1008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4548

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Paralxlax v1.0.7.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2156

C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax Launcher.exe
"C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax Launcher.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax RAT v1.0.7.exe
  "C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax RAT v1.0.7.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae18546f8,0x7ffae1854708,0x7ffae1854718
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7336250118176957687,11951365088097657597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\" -spe -an -ai#7zMap23297:116:7zEvent12465
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5512

C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\die.exe
"C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\die.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5508

C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\lmfao.exe
"C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\lmfao.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:6060
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\UN.vbs"
  2⤵
  PID:7104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9b43b9d206cd09784570c0c529cf2e11

SHA1
8580040814799c9b9b375321856f29ff3b5253ec

SHA256
bdc235cd39facbd6c45f828fb4ba8aba07456d49d62a064bada0bfd73bea5c37

SHA512
3531696cfd04698c56ee12632f916b97c3921eb4fedefe53d3ba3b8bd8c3919019612005ef860c3f6995b23b3169c8400fc6c403ada387dd159fef07b46b6644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
881B

MD5
dfbf4de417f22324069b2668034ba1bd

SHA1
f2f377326cfd2f5867f241b282d2f3bd11e9caad

SHA256
2c1c0d12a3262ec8ad8e8920b39c32d0ae629ea9abf77bc37c017897e8c5bef4

SHA512
dcf5bb2671204963443a93a83c61b0a43ce6264dbc9ec305f3120432207157a5da2106924596083525180bf43ced3681a38cdd5868803e62cb948dac099a175c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7db5b56088b726b5085b995543227178

SHA1
9b8ea139a3ef24c90187fec981a8641d667e5590

SHA256
7e12bc66f70dd56997bd46b6dbb0796aa6819bd4f654dbc792e1757afa321ee9

SHA512
27db4827fac2b02f667444b14c935f32f7e06999ef25094e69b96773871bcb8ece541491ddb15e68556befa7e1af893bd8794486ecc0869f18d9c18ec8c1db39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a1fa677deedb57b0bbc6b1aa9c15f04

SHA1
b7432d0167526e527aed7f60757b83c89e09d0a2

SHA256
32b4d0a4e12a09518c40804dffaf73cadfe80d7f2e7daace5647baa78ea43f43

SHA512
912c76455bba422308b30be3f4a364dda73dfb4bf498653538ccd640933e6dd9dd1485b618c1f156d20d690a5d54532f8f883bde2730fc610d5f0c865c7c75c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a7568f21792b3a6e155e27c8fa8d5f5b

SHA1
d94b25fa1ad48056ceb0902e4f18ee2975b57867

SHA256
675e4c0c30e480db8c9790d71078b229ac418e50f1b1a29023231fa7f405fb5e

SHA512
63641053d17ad43af64f8ae9f083347b5939c7b54e6cf5c3583e34d135a1384f7b91d9570441d70fb2607007488af6825f5b92d12e0f67f4b0293e95f6428a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39edbd5a01e21545f0c4276ef21ef5ca

SHA1
68915991229ed41fb3dd08289c08dc805639c1ea

SHA256
97dfda7445ba8535b3deb4efb24808cdf983119f09fac7651391a204ce0d9e60

SHA512
ac5fd0f94f6686968bc8519954657cf9b9fb78a0d887bf32e1db376ac9acf7b8680b7d728e10beb06de849c63388e0656c11172e7d9a453f8fc6207667870556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d13d93ba9f8b2fa6688af0b5442697c4

SHA1
870ad9444d51e62c4de86aa6b1497c771aa68cc6

SHA256
e1fd8c8bc47bec3e7166fc54a171a09cbccfb8ebfbc1245bbf53608affeb7d5b

SHA512
fe8c1d3fbd957210434631828201b50b1d320c6d6b42fea3985a859432bd0b405b752b5a7c25eeec8d86d5ff2046bfbbf3873dbd3e487340f82453496dba6239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfb7c5a176283679f69b483a5a941e54

SHA1
0c3d6415338aed7b4c046a23520bbfad876f9edd

SHA256
f08b39d38003ab013435dd6144271f0ebb7dcbb99bea70d4d26a547c03833c59

SHA512
caf2907d92fbed97b651a7eacd1083e5aa6514c2bad4ced31a97af084430b127a6ac272b1c3cc11a11b9cdf7c96355334759c814032372e9b4b1062fb6a16679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5938d9.TMP

Filesize
1KB

MD5
708af6cb672c116638ed355dcdd82102

SHA1
4940b7d0420d1d0e9375b59bed386b0ea2b842e6

SHA256
4086dd2b1e5a06e72663db07cd21cc163bfe0c16cc355ea04198ddef4ce5ee72

SHA512
eace74681f82a9f8186fa238228bed53ac991499a5ceb5b3239d9db647543834e5389b9fcbd7367ba95ed279134a8d9bccde9ff4a1e2597c44806fac7e25755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
298de8a10297aff720ac4e332daa8374

SHA1
66d62c40377a8171e78865b29c135d4e0067529f

SHA256
6933984512f08ba861ead4c5d9cf82289a16769924501f22841617ab540dee36

SHA512
f9df0b746dc9c1474e80e0de90e66634c2f6dbb1c163f40d54939c5ab9e3904e6174693a20c36d237560f0b730bb682e05e571de4db9576a10cb6f03b5414db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8ceca8db44002a04866f0d2ad9194385

SHA1
1d234264e27a28edd60472c92d6a827e7850258a

SHA256
8f844f60bdc7413d035f855c183f8ea31b12f440338ad417c0cc2000f476f758

SHA512
e72989b9a9b0485d1142e4792d328d6ca31665e04a6dc4544b8be0d206d056a5209873259712b32d3ace677fe8316e6d9ad6e341c3868d07715fbb03592e798b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
686fa42ab2916049a4a116ee7fba9dd9

SHA1
b188e65b628c716e368be8e2ea6ff1dc2d6954e3

SHA256
b5de24f5e6b6b7a1ddc6507890be61bfe9c4094a47964d32630ab6177729b831

SHA512
11238fde1fcba1db81e750b7653f69055ef5fffaf2f194b04efbffc11f03dc714556cf968fd41d65069a701d31ac8e7687c1eb8001e586783ea6ea5f79344019

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsuB3FE.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Config.ini

Filesize
497B

MD5
8aa7b4fa65bf9d9150af2ee5558a90ae

SHA1
01993db107ab274cd20f24aaae6c0365e412886f

SHA256
b7a3ae79fb674d45a51bf96de68f5c2e54b5d83b7a6029219ae6272c08e9cdf6

SHA512
afa65b50f9e7aedd9144b523e07ca4bce03cf74b47d785b4fd38234270424eae7a7ca625fc4b4242ba196e3117e8467f41366f82a771c949f9af30ef1c2fa058

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\PR\DLL\nss3.dll

Filesize
10.3MB

MD5
2a5f59271bbae886ac5c07404d837b71

SHA1
01807e5c0c379377503831f382cbb4f7f45f4067

SHA256
a2d42a0a8915ea00277e704a8eca93542cae687cf2cea2b3d5906511e83621cd

SHA512
cbd4bb3f608b3bd9fab1ed307d2bee686826c30ba0ad60f2eb931e4f04bf9b1c209c2cfa99026db36a8c8937e72fbdd93a40b58657fdbdf699733baf657e73ee

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\PR\DLL\nss3.dll

Filesize
10.3MB

MD5
2a5f59271bbae886ac5c07404d837b71

SHA1
01807e5c0c379377503831f382cbb4f7f45f4067

SHA256
a2d42a0a8915ea00277e704a8eca93542cae687cf2cea2b3d5906511e83621cd

SHA512
cbd4bb3f608b3bd9fab1ed307d2bee686826c30ba0ad60f2eb931e4f04bf9b1c209c2cfa99026db36a8c8937e72fbdd93a40b58657fdbdf699733baf657e73ee

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax Launcher.exe

Filesize
7.4MB

MD5
c4d58e19c0c592f727c1aafbd59e00c2

SHA1
6ac915c0765173ad48b9f87ad505442c2b23124e

SHA256
10f23c01099da2695eafc0bb1a5e3246c39645ce5bbf8f576b01816616fbb492

SHA512
c14df47df9b623ce44ca1d295a71a686b72b0b2d8f5a46bf67d8645a6e49cd9bd52307ee766125c6107792c06ab9b84b2679ca388e5fd190fca271edda009982

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax Launcher.exe

Filesize
7.4MB

MD5
c4d58e19c0c592f727c1aafbd59e00c2

SHA1
6ac915c0765173ad48b9f87ad505442c2b23124e

SHA256
10f23c01099da2695eafc0bb1a5e3246c39645ce5bbf8f576b01816616fbb492

SHA512
c14df47df9b623ce44ca1d295a71a686b72b0b2d8f5a46bf67d8645a6e49cd9bd52307ee766125c6107792c06ab9b84b2679ca388e5fd190fca271edda009982

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax RAT v1.0.7.exe

Filesize
8.5MB

MD5
e5e1e7932261d8315744de7ae93dad9f

SHA1
4c490ff552b208a46213d3bdeb1d23d257eeb287

SHA256
6c83819a7799e2ea39e5ad7109c8b0e17109386d07823609ef57799b7091735a

SHA512
9abc8dad1951716ca7f9d5aca77cbb0ca3f40f5a8ff0a488d6e9ee0cb7c69f49b2943adec31f7cd1b21126ec78e4fd1aaef604bbf5f3e229cf48675d20bbcfd9

Download Submit
C:\Users\Admin\Desktop\Parallax v1.0.7 crack by iNFiNiTE_OPCODES\Parallax RAT v1.0.7.exe

Filesize
8.5MB

MD5
e5e1e7932261d8315744de7ae93dad9f

SHA1
4c490ff552b208a46213d3bdeb1d23d257eeb287

SHA256
6c83819a7799e2ea39e5ad7109c8b0e17109386d07823609ef57799b7091735a

SHA512
9abc8dad1951716ca7f9d5aca77cbb0ca3f40f5a8ff0a488d6e9ee0cb7c69f49b2943adec31f7cd1b21126ec78e4fd1aaef604bbf5f3e229cf48675d20bbcfd9

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64.zip

Filesize
19.3MB

MD5
9a9cb3a5c451d7c2cca7f7257442d387

SHA1
b2212e62bc0ac0b7347c78fc2a6adf0e483a9c71

SHA256
a6b9ea7ea2e06a048ac4aef3d27020fbc383bbad448da6c767118ebfd2449d5e

SHA512
4485b6d12b2eb035ab627feebd89a9e27bf9c0fa97ecbafe14b6e09e84b6afbf2ea661c9b8eb08dc9d5542d8736aa31f19fd9cb46b8e605422d0d059a0543295

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64.zip

Filesize
19.3MB

MD5
9a9cb3a5c451d7c2cca7f7257442d387

SHA1
b2212e62bc0ac0b7347c78fc2a6adf0e483a9c71

SHA256
a6b9ea7ea2e06a048ac4aef3d27020fbc383bbad448da6c767118ebfd2449d5e

SHA512
4485b6d12b2eb035ab627feebd89a9e27bf9c0fa97ecbafe14b6e09e84b6afbf2ea661c9b8eb08dc9d5542d8736aa31f19fd9cb46b8e605422d0d059a0543295

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\MSVCP140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\MSVCP140_1.dll

Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Core.dll

Filesize
5.7MB

MD5
817520432a42efa345b2d97f5c24510e

SHA1
fea7b9c61569d7e76af5effd726b7ff6147961e5

SHA256
8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a

SHA512
8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Core.dll

Filesize
5.7MB

MD5
817520432a42efa345b2d97f5c24510e

SHA1
fea7b9c61569d7e76af5effd726b7ff6147961e5

SHA256
8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a

SHA512
8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Gui.dll

Filesize
6.7MB

MD5
47307a1e2e9987ab422f09771d590ff1

SHA1
0dfc3a947e56c749a75f921f4a850a3dcbf04248

SHA256
5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e

SHA512
21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Gui.dll

Filesize
6.7MB

MD5
47307a1e2e9987ab422f09771d590ff1

SHA1
0dfc3a947e56c749a75f921f4a850a3dcbf04248

SHA256
5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e

SHA512
21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Network.dll

Filesize
1.3MB

MD5
3569693d5bae82854de1d88f86c33184

SHA1
1a6084acfd2aa4d32cedfb7d9023f60eb14e1771

SHA256
4ef341ae9302e793878020f0740b09b0f31cb380408a697f75c69fdbd20fc7a1

SHA512
e5eff4a79e1bdae28a6ca0da116245a9919023560750fc4a087cdcd0ab969c2f0eeec63bbec2cd5222d6824a01dd27d2a8e6684a48202ea733f9bb2fab048b32

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Network.dll

Filesize
1.3MB

MD5
3569693d5bae82854de1d88f86c33184

SHA1
1a6084acfd2aa4d32cedfb7d9023f60eb14e1771

SHA256
4ef341ae9302e793878020f0740b09b0f31cb380408a697f75c69fdbd20fc7a1

SHA512
e5eff4a79e1bdae28a6ca0da116245a9919023560750fc4a087cdcd0ab969c2f0eeec63bbec2cd5222d6824a01dd27d2a8e6684a48202ea733f9bb2fab048b32

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Script.dll

Filesize
1.2MB

MD5
03c6c0a60c0d3e7fa86b4388f4cbccb6

SHA1
cddaa47fd8c1a7de32c2376f27edcfc594e92074

SHA256
0b58e5e79df13110a8258f14d7b3658d1dd0c8dddc337a164b89d4ac12a0638f

SHA512
a297db87ee1055190580ad2bc539e89e38729dcb9ea9075dc535b05cb45c62f1b0fc99d8866047383cf519d7dde4016cc4ee0d5796190635aeb3d5c2f5e7cd2b

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Script.dll

Filesize
1.2MB

MD5
03c6c0a60c0d3e7fa86b4388f4cbccb6

SHA1
cddaa47fd8c1a7de32c2376f27edcfc594e92074

SHA256
0b58e5e79df13110a8258f14d7b3658d1dd0c8dddc337a164b89d4ac12a0638f

SHA512
a297db87ee1055190580ad2bc539e89e38729dcb9ea9075dc535b05cb45c62f1b0fc99d8866047383cf519d7dde4016cc4ee0d5796190635aeb3d5c2f5e7cd2b

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5ScriptTools.dll

Filesize
555KB

MD5
dd9fecbf34374972577a058e5a4c7c3d

SHA1
16c3114a75a2eced0104428dc779a3dbda951cc0

SHA256
ad25c27bc99075b4883a9bf7943954094885798969038d46785e0fd1ec1ccbc2

SHA512
8aeeca34b63930564d42056ca1b7d3c59d6fe017b19e86fb294fafab982a014b09bbc40f32a9cc5d36c8afa13d7863ba4f144ab6a4af465acbc8a6a72f6d8554

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5ScriptTools.dll

Filesize
555KB

MD5
dd9fecbf34374972577a058e5a4c7c3d

SHA1
16c3114a75a2eced0104428dc779a3dbda951cc0

SHA256
ad25c27bc99075b4883a9bf7943954094885798969038d46785e0fd1ec1ccbc2

SHA512
8aeeca34b63930564d42056ca1b7d3c59d6fe017b19e86fb294fafab982a014b09bbc40f32a9cc5d36c8afa13d7863ba4f144ab6a4af465acbc8a6a72f6d8554

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Widgets.dll

Filesize
5.2MB

MD5
4cd1f8fdcd617932db131c3688845ea8

SHA1
b090ed884b07d2d98747141aefd25590b8b254f9

SHA256
3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358

SHA512
7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\Qt5Widgets.dll

Filesize
5.2MB

MD5
4cd1f8fdcd617932db131c3688845ea8

SHA1
b090ed884b07d2d98747141aefd25590b8b254f9

SHA256
3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358

SHA512
7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\die.exe

Filesize
11.5MB

MD5
962f6f5f863d09ed484d9d50ca71feda

SHA1
57587d009f67f3987d1e7fda6a0115e579cb79f6

SHA256
5b45b70dcd897e9b89a28bcbbbda50fa777e539b59fa95bc3e8dc48afb520931

SHA512
7304f64be9fb26a60b53c34d04da4c19752b01315a5426f37025fd64712278d4496daa8f6daa84665d2c2ca9d07be85e05b48e4545304e1ea4cd6e1abed15527

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\die.exe

Filesize
11.5MB

MD5
962f6f5f863d09ed484d9d50ca71feda

SHA1
57587d009f67f3987d1e7fda6a0115e579cb79f6

SHA256
5b45b70dcd897e9b89a28bcbbbda50fa777e539b59fa95bc3e8dc48afb520931

SHA512
7304f64be9fb26a60b53c34d04da4c19752b01315a5426f37025fd64712278d4496daa8f6daa84665d2c2ca9d07be85e05b48e4545304e1ea4cd6e1abed15527

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qgif.dll

Filesize
38KB

MD5
52fd90e34fe8ded8e197b532bd622ef7

SHA1
834e280e00bae48a9e509a7dc909bea3169bdce2

SHA256
36174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d

SHA512
ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qgif.dll

Filesize
38KB

MD5
52fd90e34fe8ded8e197b532bd622ef7

SHA1
834e280e00bae48a9e509a7dc909bea3169bdce2

SHA256
36174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d

SHA512
ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qico.dll

Filesize
37KB

MD5
a9abd4329ca364d4f430eddcb471be59

SHA1
c00a629419509929507a05aebb706562c837e337

SHA256
1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b

SHA512
004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qico.dll

Filesize
37KB

MD5
a9abd4329ca364d4f430eddcb471be59

SHA1
c00a629419509929507a05aebb706562c837e337

SHA256
1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b

SHA512
004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qjpeg.dll

Filesize
411KB

MD5
16abcceb70ba20e73858e8f1912c05cd

SHA1
4b3a32b166ab5bbbee229790fdae9cbc84f936ba

SHA256
fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158

SHA512
3e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qjpeg.dll

Filesize
411KB

MD5
16abcceb70ba20e73858e8f1912c05cd

SHA1
4b3a32b166ab5bbbee229790fdae9cbc84f936ba

SHA256
fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158

SHA512
3e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qtiff.dll

Filesize
380KB

MD5
9c0acf12d3d25384868dcd81c787f382

SHA1
c6e877aba3fb3d2f21d86be300e753e23bb0b74e

SHA256
825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d

SHA512
45594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\imageformats\qtiff.dll

Filesize
380KB

MD5
9c0acf12d3d25384868dcd81c787f382

SHA1
c6e877aba3fb3d2f21d86be300e753e23bb0b74e

SHA256
825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d

SHA512
45594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\msvcp140_1.dll

Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\msvcp140_1.dll

Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\platforms\qwindows.dll

Filesize
1.4MB

MD5
4931fcd0e86c4d4f83128dc74e01eaad

SHA1
ac1d0242d36896d4dda53b95812f11692e87d8df

SHA256
3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85

SHA512
0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\platforms\qwindows.dll

Filesize
1.4MB

MD5
4931fcd0e86c4d4f83128dc74e01eaad

SHA1
ac1d0242d36896d4dda53b95812f11692e87d8df

SHA256
3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85

SHA512
0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\Downloads\die_win64_portable_3.08_x64\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
32d51f857b3dbae62a0bd2ced4ab42b9

SHA1
f0018fe5e7c3e12c336769684fdab60a6f9d3b6f

SHA256
36d2744607b8a6ace9fb7849de40c6a62446ffefc99d505bb1aedde7d5a8109f

SHA512
8914cea247c9632115365d4b870b140142842a08d9f4a38970813eda3e6f7b787020aef409cab02809ef5d9705374e1b9b14d2ac13e4a02a05fef30a66fb1206

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ee2730be161c39ef74c093d6410af750

SHA1
e4e3ff601ee440d403606eadf3bf592a983e934e

SHA256
cd8fd89f62bea7411ea6fa1f0c13831943021f889db68d0e2d8036d68049f980

SHA512
b5a0231e7da19f773b09ea2921bcf81af4834dcc7f6867ca2dc1b6002d4ac4fe08bb96df7176eb78e67be2697524055e81a9dee7ba635bbd33680fcbfd745257

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
2655362b383ffcecdbda65eab2f00fb0

SHA1
cbcddece83ac60387b63fa4ab6eb5ae649c768d8

SHA256
dacf7a75c258ef9a894cea17565898194eb71f2f1eb2ed326634387aadddbba4

SHA512
4a7ae34d6a497662aaab0cb812d5e2aa2f498008c06dc425ee825524f8e131844810137751e5df3bfc16359a5fc597c1d886ecfc273f468794af6e9b131a452b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
9a0715d0439fedb99bd9dce806efc858

SHA1
3f17a49e60ebe29f00c4e48e5531bd67df72c42d

SHA256
ec89a0686825ba9633e1696edeb20eaaca53620fe81027218f15d95284dcbd3f

SHA512
b82fc28604cbe1c804f07b95838612df7334dc20557bb07a0eccddb49e88aca7109b160f64916b273f90d381f18b38d8c9b14dd3b1a57ff6eb6a30cc68296a7d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
6eeeee9c442ec499b341740ab18050a9

SHA1
fd582a5b28c9c069bda37fb41f9aa5a0c6487804

SHA256
b9dfaa895c381a75bc5a7cd820b8aa888c9d2072d2c5b0280373a2060a39e689

SHA512
0a6b1ece99d1a3fbf5fb79e2a3d5a5640334b1f12401da87c8bd3b318fefaf2b6f63a97d167b49c4a8e2deac51fd21f3134efe5096f69b70dea8ef3cbc7c399e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
a1f6fc421a675f644e6c50dec85a96b5

SHA1
91f585e379e53f42604689ddac709df5167718a8

SHA256
90e5133e76c914c36af94dcd7cec7b51010ece895d1d03eb9890f2a1d1d8820a

SHA512
8de0b4256b71be951d528b7e9999091caa3e56ff02ab8502aa78a733169a2f529b05880c6f36511ead0d96909c185645dcf51877c1d1c114f01ed6e881116878

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
3150a710908d506e759ed08986d4c163

SHA1
cb8befe570df8c9fe5cc72979e3db601301fcf67

SHA256
352d4478fc027c870f334bccedc8c0589cfe6bbac496ec1a5dfb52a86ca1bb52

SHA512
6c73b3c1dd5b60b1031b477c27145e356945413a2f26a64c786ab3d249b8f290242a7447aa7d58c6565a14190870f09b38c43c2a80eaa39b43345652bd722520

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
6d72fdc448856066151f3082462528c8

SHA1
e7f28e7a282279bad5c0917f34f07a8597faa4c7

SHA256
16bb12d171dfe2bec259f32411c109f55ffa44be8c63a3c70d75bf88551ba80a

SHA512
6eba087d019d097e6f4c34fe073d749792d4cdb5897da669b6087e88b85a1ba0d3d0fe722ee19d500b600f891653ebde8ffceedb36c105418e35366541cbf987

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
3b5af99e44f009fb2cf575a3d8e341f2

SHA1
2c21df84b33643f69824e1edbe9cc7447a4bdddf

SHA256
d8af6430c0b0f47412a2241c43b5c84ec0523079d0c80ee06190f292ef2d299a

SHA512
1659e8e05ede689fb471c7475e875186492ca3b6a1c0593d099526b438d4cbc0f7351c6945df09266fec43b9d95f489294bb09b39e5966910a841d65c182bfa4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d821084907e91f421e02c38d8289fdde

SHA1
63b8e993da43385f350cda145724167781178475

SHA256
6a90c69124befa701a169af0b03f32d39b3b26bdc0afa5c2fdf8763e461c9895

SHA512
872a0e2d6e738ab04c58654a578c5e5914e170c3f5a5bd7cababe40069db34af5acb81feb4b9cf2620a618514c0fa3d64fc6d0fc217f80f7d6b3b5bf96aac8cc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
4cac6f2fd71971aa41f63dc8c06cf967

SHA1
ebdd3c08df230085bd3d962db09fdf0cc0bc49f4

SHA256
bf3551b3976ec85a302edde352945d7e937f82f5a59b4ba006a530abbdf853d4

SHA512
7ae3fb7df5378fb28b9c2e5a82051c0175917e41a97a849f93c73666407ae8d29acf9e710092effe98b7fe8b4200db5f6da3372c4e329e55f2b3992b55570ebd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
15f8160027e0f81406ba8c7ab40b82e6

SHA1
a576243c9f17e57a784b5cc321fa234a62f01c56

SHA256
ab3d1e113612763a3991377046dccedb603e53d1351aff30a9caabbb3d701cbe

SHA512
f29edca623fa12dfe9286e78e23046e49d20820993a0c82393c69bd3756febef4babdadfb53d679168f0cdd579f0f9cb6f4f53cf993fd14f3e9dc028612dc369

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
bfd35b66e7cf3553c58ee1565866c0aa

SHA1
21f26d23a5fa8f74f526978fda2ec4d4bb8d0833

SHA256
74a8c8bcc88950f25aaff5c2912b73721cbd2c4abb4e0f65bc846f4e07ab872f

SHA512
ce9cc3eaed9cac13223af11e097d6301127a06ba8e883f5daea70b68669a440b2bd4f97d41307bf8c9daee1605baaf2b05193e6c592836b671c3ac604751d86d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
82cdf5a353af9151b5f2ff9859404fa1

SHA1
69adc498c44c71ee01b3342a880ea9a4464925da

SHA256
645d8cf6ed5e58f62e0e7381321945ea50fc717f6f4e16c1fa795d7ae39be2b5

SHA512
01a3c84b6c5648f90710ed96004b54f47353e7576ca8c8918636f45e46331239ed5d065295b33a00db156565555257e510ead84fad73bca56c48b1b8b6763092

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
36f0e82e84a5838a6c3c3d08db267939

SHA1
eac6cd652f390864a37b5ca8a01b317721a38476

SHA256
a1d52fba5aed1be7ff63ec667ceb7db904722c12a7921af3e5bbaf8ef519c6dc

SHA512
60fbcfaa99f0e0975c06fb4c8dc9efe7807fd311a671d5160f989c7ead9717ff776fb9716f7169c037983e2f51f5989e385c52862a2d7c9a8dbe71332ef2b602

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
77054e1a53e53c8603251c28d1de0115

SHA1
ba04d9b27575bebacd0675c4ded26fbf69c1f8e2

SHA256
d44bc14b4ed9f127debe09aa83233ee635bd590ef3209135d1f768c28be35202

SHA512
3f62e37295101d376eab5077b19f60b5e68997586104c59b11e1a0245d3891b0d35e474703f45d214f4c8ba9f2b0ced67442b7c51f2d0286cdd6d97a69e0e4c8

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
3e4179f6a2ccf16bf42cfaacdaaee8ef

SHA1
f0f4a9849a73a85d4d20a582015fc1f3f9eeca62

SHA256
f48b66ed5cbeda4449d10a679afa42013b5664fe6cf81471e33abfb663be8254

SHA512
e2fee72c8721d7b33ad9c665708c21279796a4c101f87bb2a02e1a7149ca08121b8b3fa7dcde6db0962cab5820954a040acb9682056b738449eec13b30ddc013

Download Submit
memory/756-460-0x0000000006490000-0x0000000006491000-memory.dmp

Filesize
4KB

Download
memory/756-394-0x0000000000400000-0x00000000016F2000-memory.dmp

Filesize
18.9MB

Download
memory/756-351-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/756-355-0x000000006C810000-0x000000006C820000-memory.dmp

Filesize
64KB

Download
memory/756-354-0x0000000010000000-0x00000000100F4000-memory.dmp

Filesize
976KB

Download
memory/756-485-0x0000000000400000-0x00000000016F2000-memory.dmp

Filesize
18.9MB

Download
memory/756-492-0x0000000004C30000-0x0000000004CA0000-memory.dmp

Filesize
448KB

Download
memory/756-481-0x0000000004C30000-0x0000000004CA0000-memory.dmp

Filesize
448KB

Download
memory/756-468-0x00000000064E0000-0x0000000006513000-memory.dmp

Filesize
204KB

Download
memory/756-467-0x00000000064D0000-0x00000000064D1000-memory.dmp

Filesize
4KB

Download
memory/756-466-0x00000000064C0000-0x00000000064C1000-memory.dmp

Filesize
4KB

Download
memory/756-493-0x0000000004CA0000-0x0000000004CB4000-memory.dmp

Filesize
80KB

Download
memory/756-465-0x00000000064B0000-0x00000000064B1000-memory.dmp

Filesize
4KB

Download
memory/756-498-0x00000000064E0000-0x0000000006513000-memory.dmp

Filesize
204KB

Download
memory/756-461-0x00000000064A0000-0x00000000064A1000-memory.dmp

Filesize
4KB

Download
memory/756-360-0x0000000000400000-0x00000000016F2000-memory.dmp

Filesize
18.9MB

Download
memory/756-399-0x0000000003E90000-0x0000000003E91000-memory.dmp

Filesize
4KB

Download
memory/756-361-0x0000000010000000-0x00000000100F4000-memory.dmp

Filesize
976KB

Download
memory/756-459-0x0000000006480000-0x0000000006481000-memory.dmp

Filesize
4KB

Download
memory/756-508-0x0000000004C30000-0x0000000004CA0000-memory.dmp

Filesize
448KB

Download
memory/756-502-0x0000000004CA0000-0x0000000004CB4000-memory.dmp

Filesize
80KB

Download
memory/756-458-0x0000000006470000-0x0000000006471000-memory.dmp

Filesize
4KB

Download
memory/756-509-0x0000000004CC0000-0x0000000004D00000-memory.dmp

Filesize
256KB

Download
memory/756-447-0x0000000004360000-0x0000000004361000-memory.dmp

Filesize
4KB

Download
memory/756-398-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/756-450-0x0000000004380000-0x0000000004381000-memory.dmp

Filesize
4KB

Download
memory/756-451-0x0000000006430000-0x0000000006431000-memory.dmp

Filesize
4KB

Download
memory/756-397-0x0000000001A70000-0x0000000001A71000-memory.dmp

Filesize
4KB

Download
memory/756-453-0x0000000006450000-0x0000000006451000-memory.dmp

Filesize
4KB

Download
memory/756-584-0x0000000073950000-0x00000000743A5000-memory.dmp

Filesize
10.3MB

Download
memory/756-393-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/756-422-0x0000000010000000-0x00000000100F4000-memory.dmp

Filesize
976KB

Download
memory/756-454-0x0000000006460000-0x0000000006461000-memory.dmp

Filesize
4KB

Download
memory/756-452-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/756-449-0x0000000004370000-0x0000000004371000-memory.dmp

Filesize
4KB

Download
memory/756-448-0x0000000073950000-0x00000000743A5000-memory.dmp

Filesize
10.3MB

Download
memory/756-446-0x0000000001A50000-0x0000000001A51000-memory.dmp

Filesize
4KB

Download
memory/756-400-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

Filesize
4KB

Download
memory/756-401-0x0000000003EB0000-0x0000000003EB1000-memory.dmp

Filesize
4KB

Download
memory/756-402-0x0000000000400000-0x00000000016F2000-memory.dmp

Filesize
18.9MB

Download
memory/756-4360-0x0000000000400000-0x00000000016F2000-memory.dmp

Filesize
18.9MB

Download
memory/756-395-0x0000000001800000-0x0000000001801000-memory.dmp

Filesize
4KB

Download
memory/756-396-0x0000000001A00000-0x0000000001A01000-memory.dmp

Filesize
4KB

Download
memory/4168-334-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

Filesize
4KB

Download
memory/4168-329-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/4168-356-0x0000000000D50000-0x0000000001A2A000-memory.dmp

Filesize
12.9MB

Download
memory/4168-330-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/4168-331-0x0000000000D50000-0x0000000001A2A000-memory.dmp

Filesize
12.9MB

Download
memory/4168-332-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/4168-337-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/4168-333-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/4168-336-0x0000000000D50000-0x0000000001A2A000-memory.dmp

Filesize
12.9MB

Download
memory/4168-335-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/5508-4322-0x0000029616BB0000-0x0000029616BC0000-memory.dmp

Filesize
64KB

Download
memory/6060-4584-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/6060-4630-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/6060-4673-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download