d85a2ee10e15056a66a15e54236ac52406e9a8c3f706a82c4e47ea383ac341f8

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee1068c.exe
Size

20.2MB
MD5

e96ea3951a03b5debc4ba93248752a50
SHA1

6f841a37abecbaec6cfd2d86a19829739ddee29b
SHA256

d85a2ee10e15056a66a15e54236ac52406e9a8c3f706a82c4e47ea383ac341f8
SHA512

906c162610430d9320ebb845dd2b925c1b3492d62310968221053deea6949ca3527715d13d551a35092aef6814320859a2da3bf72a2283044ab6ebe917e097c2
SSDEEP

393216:tfue7yaMyDnEk+hn6AgU3E6Jk9oXW3iLjOFmwF8DIsLjra:oe75M/J9EfGnmzF6IsLy

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTGERIN.dll	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTAFPFONTS.dll	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTUnZip.exe	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-F7P8V.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\barcodes\is-V3T2O.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-4IIMU.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-8BD63.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-VSPCD.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-8RPO7.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\is-MBODK.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\barcodes\is-Q5SJG.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\images\is-HC99M.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-6AHI8.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\is-7AMHH.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\barcodes\is-197K7.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTAFPIOCA.dll	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTSEC32.dll	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTZip.exe	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-J0OFK.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-5HS40.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-4LJAF.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-631K2.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\PCL.exe	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTSTARIN.dll	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\is-NFOBP.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-BK9U3.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-0RCAS.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\EscapeE.exe	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTPCLOUT.dll	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTCANIN.dll	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\uninst\is-LRH7C.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-D0E10.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-MDTCL.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\barcodes\is-U7NFI.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\barcodes\is-8H9DP.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\addTxtCF.dll	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTEPSNIN.dll	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-0P8KK.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-1U6EQ.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTPSOUT.dll	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\uninst\unins000.dat	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-1GKBK.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-E7NG5.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTENV.chm	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-PHRIO.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\is-RGABP.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\barcodes\is-TMRTL.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-SQRG7.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\barcodes\is-8TPJU.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-CK5MA.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\PLUGINS\is-9P5BV.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\EEFonts.chm	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTAFPIN.dll	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-JOU3H.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-K35E5.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\Plugins.chm	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTERR32.dll	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTZJSIN.dll	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-5KU4Q.tmp	ee1068c.tmp
File opened for modification	C:\Program Files (x86)\RedTitan\software\RTEnv.exe	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-CKH3E.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-9Q32U.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-0EEAO.tmp	ee1068c.tmp
File created	C:\Program Files (x86)\RedTitan\software\is-003EV.tmp	ee1068c.tmp

Executes dropped EXE 3 IoCs

pid	Process
1092	ee1068c.tmp
1020	ESCAPEE.EXE
3720	EEFONTS.EXE

Loads dropped DLL 6 IoCs

pid	Process
1020	ESCAPEE.EXE
1020	ESCAPEE.EXE
1020	ESCAPEE.EXE
1020	ESCAPEE.EXE
1020	ESCAPEE.EXE
1020	ESCAPEE.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip\shell\open\command\ = "\"C:\\Program Files (x86)\\RedTitan\\Software\\RTUnzip.exe\" UNPACK \"%1\""	ee1068c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rtz	ee1068c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip	ee1068c.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip\ = "Program RTUnzip"	ee1068c.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip\DefaultIcon\ = "C:\\Program Files (x86)\\RedTitan\\Software\\RTUnzip.exe,0"	ee1068c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip\shell\open	ee1068c.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rtz\ = "RTUnzip"	ee1068c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip\DefaultIcon	ee1068c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip\shell\open\command	ee1068c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RTUnzip\shell	ee1068c.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1092	ee1068c.tmp
1092	ee1068c.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1092	ee1068c.tmp

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 1092	4412	ee1068c.exe	90
PID 4412 wrote to memory of 1092	4412	ee1068c.exe	90
PID 4412 wrote to memory of 1092	4412	ee1068c.exe	90
PID 1092 wrote to memory of 1020	1092	ee1068c.tmp	97
PID 1092 wrote to memory of 1020	1092	ee1068c.tmp	97
PID 1092 wrote to memory of 1020	1092	ee1068c.tmp	97
PID 1020 wrote to memory of 3720	1020	ESCAPEE.EXE	99
PID 1020 wrote to memory of 3720	1020	ESCAPEE.EXE	99
PID 1020 wrote to memory of 3720	1020	ESCAPEE.EXE	99

C:\Users\Admin\AppData\Local\Temp\ee1068c.exe
"C:\Users\Admin\AppData\Local\Temp\ee1068c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Users\Admin\AppData\Local\Temp\is-64D48.tmp\ee1068c.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-64D48.tmp\ee1068c.tmp" /SL5="$90188,20339386,832512,C:\Users\Admin\AppData\Local\Temp\ee1068c.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1092
- - C:\Program Files (x86)\RedTitan\software\ESCAPEE.EXE
    "C:\Program Files (x86)\RedTitan\software\ESCAPEE.EXE"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1020
  - - C:\Program Files (x86)\RedTitan\software\EEFONTS.EXE
      "C:\Program Files (x86)\RedTitan\software\EEFONTS.EXE"
      4⤵
      Executes dropped EXE
      PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\RedTitan\software\BACKBUTTON2.TIF

Filesize
24KB

MD5
6a6fba47ed69b5df65185a3e10124e9e

SHA1
8da496a70b2382f7fd76f6d28b7f141a263d2fa3

SHA256
9c87f8eaabddf005eee1f63160236580a54b6f9352b17d211ce521876db1ba1d

SHA512
121febf755ebe79873a588d54f02934208518b756a61b350957282d18a45917b6453a8baf109defe391d3a65bca21af9f9ff238d07361deb1ff4b500b494ceda

Download Submit
C:\Program Files (x86)\RedTitan\software\EEFonts.exe

Filesize
834KB

MD5
283d509e47b3a770ec0217d6c569980b

SHA1
e135e4a249f258c11bcbbd04dc7d43a22b0b9abe

SHA256
8b4fc8be58234433a233427a1b7e241abc690e93156891051cf5225691842222

SHA512
5589fffd4ce3b3c25864390b7a47e9b128686aafe858f422e1f915888b06894925c8995b9b57cced0cd245fb6a44770c1909ec6fe48765d262373355cffe7c40

Download Submit
C:\Program Files (x86)\RedTitan\software\ESCAPEE.EE

Filesize
2KB

MD5
e6b3bacfb22bdd71f57a1414cd0c0299

SHA1
7b971734eb412565c2a5576c570572bd060e237c

SHA256
c94bea6860aac8ea8ccb3bd945091e8e96a4baad49f138101a05ffa2b9d58b37

SHA512
b0b4bd164a7429ca0734680d8406557bfbdb53543d6096134cfb4409b5050e2c1017977c9af1ebfdaf8c94a92216b3d9200338c97ee089209177ff25730743da

Download Submit
C:\Program Files (x86)\RedTitan\software\ESCAPEE.MSG

Filesize
313KB

MD5
96d291f3b17462fbb3a0dbf8af7722d7

SHA1
49a4f8714340e6142ddd353490e0a81211f009a5

SHA256
b7c86dd3abbfd9d8b3758c4986057046086b300aacc2342dd70c6f064a78f8cb

SHA512
feba6b1d3320cad0ef0635160009dc14c35c0a8332359a4bebdf4e62520c77be7ab274878a42d9ebc936adcdbcc0553896d11722cb218fcec454822cb600bc5a

Download Submit
C:\Program Files (x86)\RedTitan\software\ESCAPEE.PRN

Filesize
161KB

MD5
5225ed54da4aa8d51258882911c29920

SHA1
9f3733f75721df470a7452b6d83c6c7ec1d826cb

SHA256
1aef43b51da25681b45e5602ea8ed9580ee5dfa122276c1bd9121992723e5b8b

SHA512
198b40bfa08a759c907c2e45c44e418bd25fc0bc95b119d9669325fd6a98bdf2812a5ec0c726b45dd4e210b86eaa02f36167e035f2b466f70be6b07108f795e3

Download Submit
C:\Program Files (x86)\RedTitan\software\EscapeE.exe

Filesize
3.1MB

MD5
683d1524110c6d696cca3c56d1527470

SHA1
9c7740dadf5b9d42a9480727ec7669279fdf4bc7

SHA256
86f795030c7e9f905432ecfb3a172d7fbcfe549dad46c785c72427fdfda63ec1

SHA512
b0913cda7285b3b2a7d5bbbf50fcf947d0b4b5cdb25a5b283f0df69f76e845c4ed86a49115883e19df4aab0d139973a561c10c5e3d29b13e626df537c37e56cf

Download Submit
C:\Program Files (x86)\RedTitan\software\FORWARDBUTTON2.TIF

Filesize
16KB

MD5
aaef0029a7b233df7d9de901f8aa11b0

SHA1
0392365cb53b2986593dfb0a52299a8dee1813d2

SHA256
30985ef7a235052701f8eb82c6d7617d8157a776d0aeba1de46f18d200ce0af0

SHA512
16fb9d30e7c1427b53701d1c98876ad6950e9f429eb826b55c6db946e2d859304932e259919c301eb304a03916ef852bd9687fba0d064648992ce878a7147b47

Download Submit
C:\Program Files (x86)\RedTitan\software\PCL.DAT

Filesize
12KB

MD5
e416dce9ea030585a30dc54cad830d51

SHA1
3ebdf57531390f79e8aa0c62cdc2702e97d85b89

SHA256
c748d9f572b2c351e6bfa2bf85b3fbb0971d49b5327c202592938b325ecf08c3

SHA512
3702213d640163ccd5352629605b1557710c1c643247cc292101ced4126d7cfd24f43e44abca134a8648c279838db6dfa0acd4a828099d41d628b24e9b1ed81b

Download Submit
C:\Program Files (x86)\RedTitan\software\PCL.KBD

Filesize
143KB

MD5
875368777dc842de7ff30df4688c5bca

SHA1
cfdbffbc7eb9f886c5ef4e6b77915ab010bc9464

SHA256
d535bf29a50f8e37568a2355e74034523b53c218485ee7595520d3b06661831e

SHA512
d5438f107c590b86fded8d458e103e1cacef779ba7c084e30f047468588cd22fb4853608789a2f2f0498255de2de1c954352656f1fc9af8dbebfc34fd203f551

Download Submit
C:\Program Files (x86)\RedTitan\software\PLUGINS\ADDTEXT.EEP

Filesize
119KB

MD5
4ef5e9d792e9438af7845cf9bac47db5

SHA1
27e4177c6c453238724652ab0ad76fcb31106273

SHA256
be6539315b77982ff466bb923d9628c07c0f2f514c08773a16cf66b2d8871b9a

SHA512
46549314a4913fdd640ba654760a3d919d6ddfb62614303358cca2292ca7760568caf661b1671e8bd10355b62084ae13b8444b98074e5f5a7708a4c9b95053ff

Download Submit
C:\Program Files (x86)\RedTitan\software\PLUGINS\addimage.eep

Filesize
115KB

MD5
4bd30b023b807e13c06defc2d25fdcb2

SHA1
5d10c9bf905e1090ab5ea95fa532e1e27c1042e3

SHA256
f80ecfe3ccf5a33f2b8c9159052d11601fb380ddc09a5e306a078e31ca99675d

SHA512
941b5c77ce3d78979dfe63cfc7cb26291095511efce4fd59c2edec9b35295f009e29526c2578983b71edb138e04baa7c8dff5a8ece85889da6588a613e0c5307

Download Submit
C:\Program Files (x86)\RedTitan\software\PSFONTS.FIF

Filesize
17KB

MD5
eb2b1033260bd76de503cee89e642466

SHA1
739963d57528a0deb5cee03feed618d7934593c2

SHA256
3d62d76a50ee39ab2980bd3e05931d90275b82ae390786927a52ef2a49fba8e3

SHA512
562ac8de2295558bb1f67471375658532ec93cb6ab5df5973c56d2b0ef7fed43a2b168ef46c2bc00fc041f2e66a039d99dcbff3a7282df45aa6be892be151cef

Download Submit
C:\Program Files (x86)\RedTitan\software\Plugins\plugins.ini

Filesize
798B

MD5
0c86ea650ab0fcfbae16da115c87faa8

SHA1
196403010ebf383401a7908c7b914bb67d5013ca

SHA256
7125c86275f2cd00748fa4b02c7302b84aebd0acb6b8b9437f9223837339916f

SHA512
d30351065c122346b89b78a0edbd1b15d0edbaf6fddd85f5bbda141316a3eb20b7220208fe3444c60e2b11fb6ed687c65a95f1969633bc1f9495ca31faec1f82

Download Submit
C:\Program Files (x86)\RedTitan\software\RTSEC32.dll

Filesize
113KB

MD5
ae95a58ceafc0e14f626f5f20be238cb

SHA1
ff4774a463f66cdf4c8fd092815e5d01cc7aadf7

SHA256
eb13435b26ff1792d7d9cd480e8dc2f9cb9bd33ae7e568480533bec74283d528

SHA512
bc764fb190ddd57d8b9a83280f4b50f407be79f82def48f5efb52d8352b34b03d90eea95bd0845e5ec15bba414a3d3f1ba91ebac21f7e2a199353680e9a9040e

Download Submit
C:\Program Files (x86)\RedTitan\software\WINFONTS.FIF

Filesize
187KB

MD5
757102e47701bf96bccf7735105b80aa

SHA1
5a8dc07375a605e541f183922ebddcc96642d36e

SHA256
50aa136d2d2d4266cac252e7467accc9c7cfffea996139b55b814c826ab96993

SHA512
593e54dbfd8482b4bb28395f7c5412dee2d3e332d0d75f59c344283ba6e8b2ebfb24d80669a685087facac426e5635cf44ab87b65b3480ecf31fd2f59e4cced7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup Log 2023-12-19 #001.txt

Filesize
72KB

MD5
effebf57ed1b58f139f71e7f03f958d1

SHA1
7d95d2040dba647499f2722f8372a9950165d93c

SHA256
1bb3189ee9d04a4412daeed60037b839dfd3d992e63301afdafad00b56a2ccf8

SHA512
605c77a51fcda17c8568709f15f3c2e1d6455c27069fa17dd5b1f6e1e498a999910f72d2639abf3891e5da7713a5cb53669eef5dfbc863124b36ab07d3a70a3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-64D48.tmp\ee1068c.tmp

Filesize
3.0MB

MD5
caee599d672b654c5d6ff6ccb7690c4e

SHA1
ec99b02fee1eb458b399ce384a8f081f9373d2a3

SHA256
cacac72b2a294954adb669fbc60d1c3fb4b0f5a253e1d200dc28f22f1f927238

SHA512
06cf546ebdf4c559e9b71e4ce1a889a0c16aabb6e2d123b41a60e0ae65c24fa4e5fd62f6fe37b089f81df40e01ac2bbc6a1c7da494b4e1592012439d0fed1448

Download Submit
C:\Users\Public\redtitan\RT.INI

Filesize
501B

MD5
a513543f4a1281b5de3360e1fe4f28d3

SHA1
6304cb02a5691a2010c58676ad2391b401a5a25c

SHA256
afe93f9a839ba3b6b426b78020401ccc6b0c8e435e958aa8858474d5497fa09d

SHA512
47fcb78ee65c54278a67c9112fea262cc3c299c008200f115a1a72bc0bc9421d03885646b4f24f85cff87d0084c7dd22f954f47ddef566442da03adc56283be4

Download Submit
C:\Users\Public\redtitan\RT.INI

Filesize
559B

MD5
be342452846564c0539ffeef34987610

SHA1
8d17564ce165004ffd014db5efcaea0908ec52b1

SHA256
86b9c200e9163aa6b0ac50d39709072f7bcf9b78be911e9b00662b1fa643eeec

SHA512
9673e59fdae3ab1124a1b72281e21182cc5701965be0558230b442cc323667f86d631710da8f779ff1a468cdf114efe1b551148e2b08216b41d4343c8abcfc52

Download Submit
C:\Users\Public\redtitan\RT.INI

Filesize
216B

MD5
e98e209afab8b75cd83220cc7a1ed3c1

SHA1
6216443c481d85d40dff6d43fb156a372fcf1938

SHA256
b754c0f0813f45ce14c3a310a0585c2a80e1da975898c1daef60c1497a731d43

SHA512
62b6ffd19e6932204dd3f539db927565836eaa29294b47a52526d871aa00aa45e9f4e1b3771ba55e1930880315db0a255b1ba9f2ac97dec50abb34c25857026f

Download Submit
C:\Users\Public\redtitan\RT.INI

Filesize
394B

MD5
8a811171ccc8710e9da80d476672ae91

SHA1
f8edfd794483976899b3228f8e2d448cb268d982

SHA256
4a62844d579c4d56e985ec48020c06be0ed82989fc8efb48a6f86c9dc3c86ebc

SHA512
95d9e271e738ab386623af1147b828ae1f7533bb03dfff9fe2d9b76857f92a14b881e9a6f215ed0b588b99f718fb9be5e1952ace82397da66f18e4aa754e0ecf

Download Submit
C:\users\public\redtitan\RT.INI

Filesize
551B

MD5
2f01abd1c4e68c0c1e599212054ec597

SHA1
7bf3b2a41787007cd2d3a871d3c277753aee3c53

SHA256
278cd8ee9b8b5a9126c7a5bd5942c3bc01387c7c1709c53ede0ba8840afb7a0a

SHA512
e3b5dab4667ee91efd983a7a6a378b74e032bb27bfcb9bc2225ae802cec1b66f414aee3188001772713da7fc86c7031c207d80f339bedc2904fdae77f293b1b4

Download Submit
C:\users\public\redtitan\RT.INI

Filesize
619B

MD5
36c790b58615c7693cc8f997e79295cb

SHA1
0c842fed3734f5f3f02ae3fe35e7e6d7eb1fb6dd

SHA256
3b171568452101fa6f61a5911fd591ead06306c3602db806e5afd54b07103b7e

SHA512
429569d75da50e46c6bb7a50a33ec0142fb9737e5fc5cc175aaf852f081a58e614dd94f9973691fd88c8e3a71bae02e14da87643f58d9325fe2f0f324c224ffb

Download Submit
C:\users\public\redtitan\RT.INI

Filesize
637B

MD5
1e503a15aec14b4ec667c51e484ab1cc

SHA1
a6d7c032409fb10637008b740ed4b0079a82935b

SHA256
c87bcb1a4405f92b6b262cd206f09bc269d9f12f40b74c643afe239d642b9995

SHA512
9c815a7b7455747c2884d35209df7a90ef8bfc59a0748ff7f4a53c1a6055b5e0e49f199ed98dfe8b95aa0ca4037dfee5dcd9f2c7d31118658b9c21f9efb66000

Download Submit
memory/1020-1977-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/1020-1978-0x0000000004FA0000-0x0000000004FA1000-memory.dmp

Filesize
4KB

Download
memory/1020-1993-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1020-1990-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1020-1982-0x0000000002DA0000-0x0000000002DC3000-memory.dmp

Filesize
140KB

Download
memory/1020-1955-0x0000000002DA0000-0x0000000002DC3000-memory.dmp

Filesize
140KB

Download
memory/1020-1959-0x0000000002DD0000-0x0000000002DF2000-memory.dmp

Filesize
136KB

Download
memory/1020-1983-0x0000000002DD0000-0x0000000002DF2000-memory.dmp

Filesize
136KB

Download
memory/1020-450-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/1020-1976-0x0000000002DD0000-0x0000000002DF2000-memory.dmp

Filesize
136KB

Download
memory/1020-1040-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1020-939-0x00000000042D0000-0x00000000042F1000-memory.dmp

Filesize
132KB

Download
memory/1020-1975-0x0000000002DA0000-0x0000000002DC3000-memory.dmp

Filesize
140KB

Download
memory/1020-1014-0x0000000004FA0000-0x0000000004FA1000-memory.dmp

Filesize
4KB

Download
memory/1020-1974-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1092-1031-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1092-6-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/1092-9-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1092-12-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/1092-1988-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1092-53-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/3720-1973-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/3720-1496-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/4412-2-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4412-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4412-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4412-1989-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download