crimsonrat | da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678

Analysis

max time kernel
122s
max time network
150s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
10-12-2023 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Revised Posting Policy Offrs by HQ Dec 2023 final.ppam
Size

3.6MB
MD5

e05cfdcd11105776fb13edd620795551
SHA1

5b4584c6a419b08bb107e274d0ed2f24411ddbcc
SHA256

da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678
SHA512

925df1bf84404597bddb82db83896206435aaaca39a62846abe3ce3b1dbddc9b198f7caf76eac7294384682f49c0057d12b0b5ac81383f6ee8f51138781e4519
SSDEEP

98304:/S/mMAQoSERBI9w//t2M7rv/GkBqAnimQNX:LM/tQI9wXt2MjGEqAnINX

Score

10^/10

crimsonrat rat

Malware Config

Extracted

Family

crimsonrat

204.44.124.81

Signatures

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Executes dropped EXE 1 IoCs

Processes:

jevisvmansr.exe

pid process

2316 jevisvmansr.exe
Loads dropped DLL 1 IoCs

Processes:

POWERPNT.EXE

pid process

2980 POWERPNT.EXE

pid	process
2316	jevisvmansr.exe

pid	process
2980	POWERPNT.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

POWERPNT.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\MenuExt	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	POWERPNT.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	POWERPNT.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	POWERPNT.EXE

Modifies registry class 64 IoCs

Processes:

POWERPNT.EXE

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493456-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493465-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493473-5A91-11CF-8700-00AA0060263B}\TypeLib	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493488-5A91-11CF-8700-00AA0060263B}	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934F1-5A91-11CF-8700-00AA0060263B}	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934F8-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A78-F07E-4CA4-AF6F-BEF486AA4E6F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493462-5A91-11CF-8700-00AA0060263B}\TypeLib	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493468-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493498-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934E5-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934E6-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149347A-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149349D-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A63-F07E-4CA4-AF6F-BEF486AA4E6F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A74-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493467-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149346C-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934DD-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A5F-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A73-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "Point"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA72E552-4FF5-48F4-8215-5505F990966F}	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA72E554-4FF5-48F4-8215-5505F990966F}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493484-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934E7-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A67-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A6C-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "Interior"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A6D-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "LeaderLines"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493454-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493484-5A91-11CF-8700-00AA0060263B}\ = "TextFrame"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493493-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934B9-5A91-11CF-8700-00AA0060263B}\ = "Tags"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A6A-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149345B-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934CF-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934D5-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A5A-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA72E550-4FF5-48F4-8215-5505F990966F}\ProxyStubClsid32	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493452-5A91-11CF-8700-00AA0060263B}\TypeLib	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149348B-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C8-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934F6-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A51-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493451-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149346B-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493499-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A6F-F07E-4CA4-AF6F-BEF486AA4E6F}	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493494-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C4-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934F9-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A54-F07E-4CA4-AF6F-BEF486AA4E6F}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A68-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493477-5A91-11CF-8700-00AA0060263B}	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934DE-5A91-11CF-8700-00AA0060263B}\TypeLib	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934F6-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934F8-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934DB-5A91-11CF-8700-00AA0060263B}\ = "Diagram"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A5C-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493457-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149345E-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149346C-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493496-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934D9-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493486-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a"	POWERPNT.EXE

NTFS ADS 1 IoCs

Processes:

POWERPNT.EXE

description ioc process

File created C:\Users\Admin\Documents\532147\dowcxs.zip\:Zone.Identifier:$DATA POWERPNT.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

POWERPNT.EXE

pid process

2980 POWERPNT.EXE
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

POWERPNT.EXE

pid process

2980 POWERPNT.EXE
2980 POWERPNT.EXE
2980 POWERPNT.EXE
2980 POWERPNT.EXE

description	ioc	process
File created	C:\Users\Admin\Documents\532147\dowcxs.zip\:Zone.Identifier:$DATA	POWERPNT.EXE

pid	process
2980	POWERPNT.EXE

pid	process
2980	POWERPNT.EXE
2980	POWERPNT.EXE
2980	POWERPNT.EXE
2980	POWERPNT.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

POWERPNT.EXE

description	pid	process	target process
PID 2980 wrote to memory of 884	2980	POWERPNT.EXE	splwow64.exe
PID 2980 wrote to memory of 884	2980	POWERPNT.EXE	splwow64.exe
PID 2980 wrote to memory of 884	2980	POWERPNT.EXE	splwow64.exe
PID 2980 wrote to memory of 884	2980	POWERPNT.EXE	splwow64.exe
PID 2980 wrote to memory of 2316	2980	POWERPNT.EXE	jevisvmansr.exe
PID 2980 wrote to memory of 2316	2980	POWERPNT.EXE	jevisvmansr.exe
PID 2980 wrote to memory of 2316	2980	POWERPNT.EXE	jevisvmansr.exe
PID 2980 wrote to memory of 2316	2980	POWERPNT.EXE	jevisvmansr.exe

C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\Revised Posting Policy Offrs by HQ Dec 2023 final.ppam"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:884
- C:\Users\Admin\Documents\532147\jevisvmansr.exe
  C:\Users\Admin\Documents\532147\jevisvmansr.exe
  2⤵
  - Executes dropped EXE
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\DOCUME~1\532147\OLEOBJ~1.ZIP

Filesize
124KB

MD5
19c022f93cc903e2bc2685d315c5d673

SHA1
2bd842ece92c1ef777864ef2f7610bcc98621aa4

SHA256
9595b5768896a1b478460e500dc98cc7f752b3456fcfd5a7d2ecb1c03abd477b

SHA512
02f6a2502225418837cd53873f9ed7639fad34bcc74b0cec69d94f795e96467abd1eef760e797feeef3d2757b9faf1a225f7054d3fe96d3e2841ecdacdd05e18

Download Submit
C:\Users\Admin\DOCUME~1\532147\dowcxs.zip

Filesize
162KB

MD5
cb586601625e5a93c8fa2ac00fc43b93

SHA1
560068e3f9e70500b5eb680e71b751f460de5f75

SHA256
3e79e4082d190d00df0e0d1ad32b57e8bb1a07f764a501b1380994f996446976

SHA512
b3621fa83427b3674f85e705734f1644bc64c8f707c1091227e59ac77c23fe0fca84ccc11d1cc790958ed7c4f990304526fc805bd9ed5a8a5c75978b41f7439f

Download Submit
C:\Users\Admin\Documents\532147\dowcxs.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Documents\532147\jevisvmansr.exe

Filesize
599KB

MD5
e28dec2796a6f115d58322123309177f

SHA1
2d42afd51d20dfaa78151dc0721cf76556c23f58

SHA256
eace5dc95ef4b4bad4164816b39483ea6f2b1e9425d5bc284ea4fe5c406f5568

SHA512
0e50630918858d3b5adcb594ec84d9efc184749edc4715488495f23bb3b80b7323d8deaf406595a9cc47e914f4178ec5ac06f8aab52ba4496086e70543be1e89

Download Submit
C:\Users\Admin\Documents\532147\jevisvmansr.exe

Filesize
1.1MB

MD5
798cde23a44531e9fed67d3734a20fd1

SHA1
009306a56a3eb053996877bd03e386822a5b2e32

SHA256
9c34a316095e46465666870ac4cd205e44c801f809934d75d6378ad7baefacc9

SHA512
3dcce59ce9676f91f696b1c9a6734ade83fc3a38c4c899f4ddee59e0737862b9d484f8bd164c630379a8a32fd8cd7530d7e7ffc18de007af8489d28fc1367ef9

Download Submit
C:\Users\Admin\Documents\532147\jevisvmansr.exe

Filesize
414KB

MD5
81cb32ebb621c63fac4ba8b0f21b9bcd

SHA1
f630253adf81a15255f4c84982ca9eebb587cd27

SHA256
9fb569b52d5eb1492f32f6f83e7a9d833b5f59dc528e11e6129508abf3d1738b

SHA512
3f4460c804be31772c1a16dc7737af412927a5b3086e55caad6774764d54909b156a86e7dbec7d4fac6326f41c58b9219aced61f1da187cabdc009ac1fd44126

Download Submit
C:\Users\Admin\Documents\532147\ppt\jevisvmansr.zip

Filesize
124KB

MD5
d25e21ef762187e80e702bdd09d7b48c

SHA1
6478fdf147b1d64d8789a612202c084f89dc0cd2

SHA256
2f97191999f81d2a731c19c0dadd0afb2f4f23b189e9409eb7840a50c76dcefb

SHA512
88bcb9622696b79d917cf814dd9d8936f3f188e4b00c21f126b517663cbad2d0bcafd297fb2c0e77ea87d99ad57d9fbd2067e29cb6cdab3d6465696133daead8

Download Submit
C:\Users\Admin\Documents\Revised Posting Policy Offrs by HQ Dec 2023 final.pptx

Filesize
638KB

MD5
323eb5b7e66fbe2e1131c563144c0f4f

SHA1
a7a4511ded6d88bb047be976c18ae76c3d779c07

SHA256
b6b08b7be24a137191134a9ccd5e460547a7c0f425f061467f426a8703bfd22f

SHA512
2c1f0cd44ab7921e8a6a326cfcd884f8748f9a4745180cf49bf83984df979e1372b699efff75cdb867bad92120337c4ab81ee73be3009d971ee6f954e8d6f5b5

Download Submit
\Users\Admin\Documents\532147\jevisvmansr.exe

Filesize
2.0MB

MD5
5be77bb5c423a526e4833a93f0b64276

SHA1
2cc78e30fd5eead42edda98f50dcec63ce1a728f

SHA256
f8e1714ca5d1f412d86bbcec913c5efabfa374eff25def86214625a7f4ce8373

SHA512
04b88e44a20ff7bb66698521c28e95c75853e7923bddb59a19f8b3b3e65814acbfcd3df6d19a763a684f0d7f99545b3979e9da129f1e8c4f5c30efb9609636b8

Download Submit
memory/2316-231-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

Filesize
9.9MB

Download
memory/2316-200-0x000000001C4E0000-0x000000001C560000-memory.dmp

Filesize
512KB

Download
memory/2316-199-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

Filesize
9.9MB

Download
memory/2316-198-0x0000000000CB0000-0x0000000001DA0000-memory.dmp

Filesize
16.9MB

Download
memory/2980-7-0x00000000046D0000-0x00000000047D0000-memory.dmp

Filesize
1024KB

Download
memory/2980-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2980-2-0x00000000724AD000-0x00000000724B8000-memory.dmp

Filesize
44KB

Download
memory/2980-0-0x000000002D4B1000-0x000000002D4B2000-memory.dmp

Filesize
4KB

Download
memory/2980-32-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2980-229-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2980-230-0x00000000724AD000-0x00000000724B8000-memory.dmp

Filesize
44KB

Download
memory/2980-9-0x00000000046D0000-0x00000000047D0000-memory.dmp

Filesize
1024KB

Download