locky | 08170785465dc7f5faf49dd7eb3ee089cdcb5c0149e9170003554986f37fbd76

Analysis

max time kernel
150s
max time network
91s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
13-01-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RanSimSetup.exe
Size

8.7MB
MD5

39545865ce9ace414fc4f29ec6c8673e
SHA1

da14d58e6c74f9f7dbd2c5fd64a134cd79123125
SHA256

08170785465dc7f5faf49dd7eb3ee089cdcb5c0149e9170003554986f37fbd76
SHA512

2b9b9d1dbc70f248e6b690ca635f55f7cbeac0f7c3a07d69b2a82eda525273f8a6fe0e86738011ace8d16f255bf1ceba5e187bd5708567583e77b217ae84e1bf
SSDEEP

196608:iilHP1BcV8dMrQW71ngPly38QYx9d3Om3Hz2pzoHfvwPWUp9n:iCHt6V0iQWB0Qa9d3v3Hz2pzoXwPxPn

Score

10^/10

locky agilenet discovery persistence ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.

Processes:

cmd.exe

description pid pid_target process target process

Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 1524 4912 cmd.exe
Renames multiple (87) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

description	pid	pid_target	process	target process
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1524	4912	cmd.exe

Executes dropped EXE 19 IoCs

Processes:

RanSimSetup.exeRansim.exeLauncher.exeDataCollector.exeLauncher.exeLauncher.exeLauncher.exe1607416417_WeakCryptor.txr1250716324_ThorVariant.txr88311047_StrongCryptorNet.txr1495637413_StrongCryptorFast.txr1161552524_StrongCryptor.txr1373418316_Streamer.txr1286240011_Replacer.txr928323725_Remover.txr665415807_Mover.txr366073708_LockyVariant.txr1010884569_InsideCryptor.txr681103439_Archiver.txr

pid	process
1028	RanSimSetup.exe
3920	Ransim.exe
4548	Launcher.exe
1508	DataCollector.exe
4680	Launcher.exe
2996	Launcher.exe
2160	Launcher.exe
3708	1607416417_WeakCryptor.txr
768	1250716324_ThorVariant.txr
4880	88311047_StrongCryptorNet.txr
2440	1495637413_StrongCryptorFast.txr
3604	1161552524_StrongCryptor.txr
4536	1373418316_Streamer.txr
3208	1286240011_Replacer.txr
1108	928323725_Remover.txr
1720	665415807_Mover.txr
840	366073708_LockyVariant.txr
444	1010884569_InsideCryptor.txr
2312	681103439_Archiver.txr

Loads dropped DLL 37 IoCs

Processes:

RanSimSetup.exeMsiExec.exerundll32.exerundll32.exeRansim.exeLauncher.exeLauncher.exeDataCollector.exeLauncher.exeLauncher.exe1607416417_WeakCryptor.txr1250716324_ThorVariant.txr1161552524_StrongCryptor.txr88311047_StrongCryptorNet.txr1495637413_StrongCryptorFast.txr1286240011_Replacer.txr928323725_Remover.txr1373418316_Streamer.txr366073708_LockyVariant.txr665415807_Mover.txr1010884569_InsideCryptor.txr681103439_Archiver.txr

pid	process
1028	RanSimSetup.exe
4204	MsiExec.exe
4780	rundll32.exe
4780	rundll32.exe
4780	rundll32.exe
4780	rundll32.exe
4780	rundll32.exe
4204	MsiExec.exe
3120	rundll32.exe
3120	rundll32.exe
3120	rundll32.exe
3120	rundll32.exe
3120	rundll32.exe
3920	Ransim.exe
3920	Ransim.exe
3920	Ransim.exe
3920	Ransim.exe
3920	Ransim.exe
4548	Launcher.exe
3920	Ransim.exe
3920	Ransim.exe
4680	Launcher.exe
1508	DataCollector.exe
2996	Launcher.exe
2160	Launcher.exe
3708	1607416417_WeakCryptor.txr
768	1250716324_ThorVariant.txr
3604	1161552524_StrongCryptor.txr
4880	88311047_StrongCryptorNet.txr
2440	1495637413_StrongCryptorFast.txr
3208	1286240011_Replacer.txr
1108	928323725_Remover.txr
4536	1373418316_Streamer.txr
840	366073708_LockyVariant.txr
1720	665415807_Mover.txr
444	1010884569_InsideCryptor.txr
2312	681103439_Archiver.txr

Obfuscated with Agile.Net obfuscator 28 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
C:\Users\Admin\Documents\RanSim\RanSimDll.dll	agile_net
behavioral1/memory/3920-162-0x0000000004F50000-0x0000000004FD6000-memory.dmp	agile_net
C:\Users\Admin\Documents\RanSim\RanSimDll.dll	agile_net
C:\Users\Admin\Documents\RanSim\Launcher.exe	agile_net
C:\Users\Admin\Documents\RanSim\Launcher.exe	agile_net
behavioral1/memory/4548-178-0x0000000000480000-0x0000000000D9A000-memory.dmp	agile_net
C:\Users\Admin\Documents\RanSim\DataCollector.exe	agile_net
C:\Users\Admin\Documents\RanSim\Launcher.exe	agile_net
behavioral1/memory/1508-208-0x00000000001C0000-0x00000000001FE000-memory.dmp	agile_net
C:\Users\Admin\Documents\RanSim\Launcher.exe	agile_net
C:\Users\Admin\Documents\RanSim\Launcher.exe	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor\1607416417_WeakCryptor.txr	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptor\1161552524_StrongCryptor.txr	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor\1607416417_WeakCryptor.txr	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast\1495637413_StrongCryptorFast.txr	agile_net
behavioral1/memory/3708-1774-0x0000000000B00000-0x0000000000B48000-memory.dmp	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\ThorVariant\1250716324_ThorVariant.txr	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Remover\928323725_Remover.txr	agile_net
behavioral1/memory/4880-1782-0x0000000000420000-0x0000000000468000-memory.dmp	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptor\1161552524_StrongCryptor.txr	agile_net
behavioral1/memory/2440-1804-0x0000000000E50000-0x0000000000E98000-memory.dmp	agile_net
behavioral1/memory/3604-1792-0x0000000000E50000-0x0000000000E98000-memory.dmp	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Mover\665415807_Mover.txr	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorNet\88311047_StrongCryptorNet.txr	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Replacer\1286240011_Replacer.txr	agile_net
behavioral1/memory/768-1776-0x00000000004F0000-0x0000000000538000-memory.dmp	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Streamer\1373418316_Streamer.txr	agile_net
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\ThorVariant\1250716324_ThorVariant.txr	agile_net

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

RanSimSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\{5fcc8862-ce47-4f88-b5aa-011f4141417f} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{5fcc8862-ce47-4f88-b5aa-011f4141417f}\\RanSimSetup.exe\" /burn.runonce"	RanSimSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Drops file in Windows directory 20 IoCs

Processes:

msiexec.exerundll32.exerundll32.exe

description	ioc	process
File created	C:\Windows\SystemTemp\~DFE39F1573AE8F1A7A.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI752B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7ACA.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DFBB5E37A74A19B2E5.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI752B.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7ACA.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF90A7F85FD20F70D2.TMP	msiexec.exe
File created	C:\Windows\Installer\e587337.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI752B.tmp-\Cas.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7ACA.tmp-\Cas.dll	rundll32.exe
File created	C:\Windows\Installer\SourceHash{E6098775-CB4B-47F6-9FA7-473D542CB6F2}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF941AD62585320FF3.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI88F4.tmp	msiexec.exe
File created	C:\Windows\Installer\e58733b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e587337.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI752B.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7ACA.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 14 IoCs

Processes:

RanSimSetup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{5fcc8862-ce47-4f88-b5aa-011f4141417f}\Dependents	RanSimSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{E6098775-CB4B-47F6-9FA7-473D542CB6F2}\ = "{E6098775-CB4B-47F6-9FA7-473D542CB6F2}"	RanSimSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies	RanSimSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{5fcc8862-ce47-4f88-b5aa-011f4141417f}\Dependents\{5fcc8862-ce47-4f88-b5aa-011f4141417f}	RanSimSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{E6098775-CB4B-47F6-9FA7-473D542CB6F2}	RanSimSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{E6098775-CB4B-47F6-9FA7-473D542CB6F2}\Dependents	RanSimSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{5fcc8862-ce47-4f88-b5aa-011f4141417f}\DisplayName = "KnowBe4 RanSim"	RanSimSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{5fcc8862-ce47-4f88-b5aa-011f4141417f}\ = "{5fcc8862-ce47-4f88-b5aa-011f4141417f}"	RanSimSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{E6098775-CB4B-47F6-9FA7-473D542CB6F2}\DisplayName = "KnowBe4 RanSim"	RanSimSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{E6098775-CB4B-47F6-9FA7-473D542CB6F2}\Dependents\{5fcc8862-ce47-4f88-b5aa-011f4141417f}	RanSimSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer	RanSimSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{5fcc8862-ce47-4f88-b5aa-011f4141417f}\Version = "1.1.0.7"	RanSimSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{E6098775-CB4B-47F6-9FA7-473D542CB6F2}\Version = "1.1.0.7"	RanSimSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-894477223-740240645-3565689000-1000_Classes\Installer\Dependencies\{5fcc8862-ce47-4f88-b5aa-011f4141417f}	RanSimSetup.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msiexec.exeDataCollector.exe

pid	process
3716	msiexec.exe
3716	msiexec.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe
1508	DataCollector.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

RanSimSetup.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1028	RanSimSetup.exe
Token: SeIncreaseQuotaPrivilege	1028	RanSimSetup.exe
Token: SeSecurityPrivilege	3716	msiexec.exe
Token: SeCreateTokenPrivilege	1028	RanSimSetup.exe
Token: SeAssignPrimaryTokenPrivilege	1028	RanSimSetup.exe
Token: SeLockMemoryPrivilege	1028	RanSimSetup.exe
Token: SeIncreaseQuotaPrivilege	1028	RanSimSetup.exe
Token: SeMachineAccountPrivilege	1028	RanSimSetup.exe
Token: SeTcbPrivilege	1028	RanSimSetup.exe
Token: SeSecurityPrivilege	1028	RanSimSetup.exe
Token: SeTakeOwnershipPrivilege	1028	RanSimSetup.exe
Token: SeLoadDriverPrivilege	1028	RanSimSetup.exe
Token: SeSystemProfilePrivilege	1028	RanSimSetup.exe
Token: SeSystemtimePrivilege	1028	RanSimSetup.exe
Token: SeProfSingleProcessPrivilege	1028	RanSimSetup.exe
Token: SeIncBasePriorityPrivilege	1028	RanSimSetup.exe
Token: SeCreatePagefilePrivilege	1028	RanSimSetup.exe
Token: SeCreatePermanentPrivilege	1028	RanSimSetup.exe
Token: SeBackupPrivilege	1028	RanSimSetup.exe
Token: SeRestorePrivilege	1028	RanSimSetup.exe
Token: SeShutdownPrivilege	1028	RanSimSetup.exe
Token: SeDebugPrivilege	1028	RanSimSetup.exe
Token: SeAuditPrivilege	1028	RanSimSetup.exe
Token: SeSystemEnvironmentPrivilege	1028	RanSimSetup.exe
Token: SeChangeNotifyPrivilege	1028	RanSimSetup.exe
Token: SeRemoteShutdownPrivilege	1028	RanSimSetup.exe
Token: SeUndockPrivilege	1028	RanSimSetup.exe
Token: SeSyncAgentPrivilege	1028	RanSimSetup.exe
Token: SeEnableDelegationPrivilege	1028	RanSimSetup.exe
Token: SeManageVolumePrivilege	1028	RanSimSetup.exe
Token: SeImpersonatePrivilege	1028	RanSimSetup.exe
Token: SeCreateGlobalPrivilege	1028	RanSimSetup.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe
Token: SeRestorePrivilege	3716	msiexec.exe
Token: SeTakeOwnershipPrivilege	3716	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

RanSimSetup.exe

pid process

1028 RanSimSetup.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

RanSimSetup.exemsiexec.exeMsiExec.exeRanSimSetup.exeRansim.exeDataCollector.exe

description	pid	process	target process
PID 3760 wrote to memory of 1028	3760	RanSimSetup.exe	RanSimSetup.exe
PID 3760 wrote to memory of 1028	3760	RanSimSetup.exe	RanSimSetup.exe
PID 3760 wrote to memory of 1028	3760	RanSimSetup.exe	RanSimSetup.exe
PID 3716 wrote to memory of 4204	3716	msiexec.exe	MsiExec.exe
PID 3716 wrote to memory of 4204	3716	msiexec.exe	MsiExec.exe
PID 3716 wrote to memory of 4204	3716	msiexec.exe	MsiExec.exe
PID 4204 wrote to memory of 4780	4204	MsiExec.exe	rundll32.exe
PID 4204 wrote to memory of 4780	4204	MsiExec.exe	rundll32.exe
PID 4204 wrote to memory of 4780	4204	MsiExec.exe	rundll32.exe
PID 4204 wrote to memory of 3120	4204	MsiExec.exe	rundll32.exe
PID 4204 wrote to memory of 3120	4204	MsiExec.exe	rundll32.exe
PID 4204 wrote to memory of 3120	4204	MsiExec.exe	rundll32.exe
PID 1028 wrote to memory of 3920	1028	RanSimSetup.exe	Ransim.exe
PID 1028 wrote to memory of 3920	1028	RanSimSetup.exe	Ransim.exe
PID 1028 wrote to memory of 3920	1028	RanSimSetup.exe	Ransim.exe
PID 3920 wrote to memory of 4548	3920	Ransim.exe	Launcher.exe
PID 3920 wrote to memory of 4548	3920	Ransim.exe	Launcher.exe
PID 3920 wrote to memory of 1508	3920	Ransim.exe	DataCollector.exe
PID 3920 wrote to memory of 1508	3920	Ransim.exe	DataCollector.exe
PID 3920 wrote to memory of 4680	3920	Ransim.exe	Launcher.exe
PID 3920 wrote to memory of 4680	3920	Ransim.exe	Launcher.exe
PID 1508 wrote to memory of 2996	1508	DataCollector.exe	Launcher.exe
PID 1508 wrote to memory of 2996	1508	DataCollector.exe	Launcher.exe

C:\Users\Admin\AppData\Local\Temp\RanSimSetup.exe
"C:\Users\Admin\AppData\Local\Temp\RanSimSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3760

C:\Users\Admin\AppData\Local\Temp\{0C00A8B7-A64D-4ACD-B7E8-B94965B458E2}\.cr\RanSimSetup.exe
"C:\Users\Admin\AppData\Local\Temp\{0C00A8B7-A64D-4ACD-B7E8-B94965B458E2}\.cr\RanSimSetup.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\RanSimSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1028

C:\Users\Admin\Documents\RanSim\Ransim.exe
"C:\Users\Admin\Documents\RanSim\Ransim.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3920

C:\Users\Admin\Documents\RanSim\Launcher.exe
"C:\Users\Admin\Documents\RanSim\Launcher.exe" -d
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4548

C:\Users\Admin\Documents\RanSim\DataCollector.exe
"C:\Users\Admin\Documents\RanSim\DataCollector.exe" "Progress.csv" "Launcher.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1508

C:\Users\Admin\Documents\RanSim\Launcher.exe
"C:\Users\Admin\Documents\RanSim\Launcher.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2996

C:\Users\Admin\Documents\RanSim\Launcher.exe
"C:\Users\Admin\Documents\RanSim\Launcher.exe" -s
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4680

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3716

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EE507B14C58378F521A9CC8A5D6BA5B5
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI752B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240678453 2 Cas!Cas.CustomActions.CleanupPreviousInstallation
3⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:4780

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI7ACA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240679640 8 Cas!Cas.CustomActions.BeforeInstallationInitialize
3⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:3120

C:\Users\Admin\Documents\RanSim\Launcher.exe
C:\Users\Admin\Documents\RanSim\Launcher.exe run
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\RanSim\prepare.bat /S /Q "C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios"
1⤵
- Process spawned unexpected child process
PID:1524

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor\1607416417_WeakCryptor.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor\1607416417_WeakCryptor.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3708

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\ThorVariant\1250716324_ThorVariant.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\ThorVariant\1250716324_ThorVariant.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:768

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorNet\88311047_StrongCryptorNet.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorNet\88311047_StrongCryptorNet.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4880

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast\1495637413_StrongCryptorFast.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast\1495637413_StrongCryptorFast.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2440

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptor\1161552524_StrongCryptor.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptor\1161552524_StrongCryptor.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3604

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Streamer\1373418316_Streamer.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Streamer\1373418316_Streamer.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4536

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Replacer\1286240011_Replacer.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Replacer\1286240011_Replacer.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3208

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Mover\665415807_Mover.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Mover\665415807_Mover.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1720

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\InsideCryptor\1010884569_InsideCryptor.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\InsideCryptor\1010884569_InsideCryptor.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:444

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\LockyVariant\366073708_LockyVariant.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\LockyVariant\366073708_LockyVariant.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:840

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Remover\928323725_Remover.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Remover\928323725_Remover.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1108

C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Archiver\681103439_Archiver.txr
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Archiver\681103439_Archiver.txr
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2312

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58733a.rbs
Filesize
10KB

MD5
3f9eb6ab65825dbc1a861d5eecacb36a

SHA1
53be17207474c8f5dd630d9ea5ab0144664507f1

SHA256
d309e1c9f4d29f8b7da3c3135c0cd2f7d3279ef62f6f30124c03ebe01d9d8783

SHA512
8ef196458ff5d21c539bb3ebd97197e55e6ef515da9190d6c7b27f309c2d6819a8cf378be0cfbf672fbc240fde786444f2fa9744ae60def75f1c903f62029fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Launcher.exe.log
Filesize
642B

MD5
fd08d0d1c404b16d00be959c6656523f

SHA1
d4849d6219a49ab44a105a99d451ded26173470c

SHA256
07cd502f2fffb7c6a891a219527278857fed0061bac452445b945c4753899f2f

SHA512
2f788cb4d91b021966ae25ab68c7a0973cb1e5f53425e6324d5af71d6e0a5fcf8b15da341335acc30740a9aa4a6104502c377da1fad6e81f6460c5fd017329c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
Filesize
651B

MD5
c4ce6fd8431b5747fd7a4c401325fb3a

SHA1
2f227bb73b2fae1020ca2b8b95b5b73b8f35403a

SHA256
3c801df6bf214e7b7b80514241c3f6d0d250ddbefd8c3dcffc7402c2e755f970

SHA512
379915b75023e787a13d55c35bc64f48b23dc59dda5ea65aeab4815aeb45b676f7364e7c42acc416cb8b1f9142c4af89c2a193913a3cc01672e6bf2c9d9bda26

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\.unverified\Installer.msi
Filesize
488KB

MD5
30d81d8cf72cf9f005f338115fae30cc

SHA1
15875cb9a9869feb7f19558713326ddc221d9976

SHA256
37dd39a5f423df482d6cbbbc2e57a1ebef1bb9b77be8cc1f45b377201a6a901c

SHA512
1a87ec5e2d41e4a98390cdd5307e2df7afb74cabe9bd534d6bd1f559a5677c18995d6eb87bbbab44ca1cb91f5e6adf5b9848193efdbbd52628396b3cf4d8b50c

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\.unverified\cabE767AACAC1537EE2306B06C1286952AA
Filesize
2.9MB

MD5
d93f45395ff3a19ca24840c64df993eb

SHA1
12f4adc5285317f9a9fde1add52dbb6f4a4f97f3

SHA256
16c8419ad8ecbd9571caf06f757cef22ed524331627b493667ce58d457324a56

SHA512
019bbeb2c874286413f454230b218e0207838de9bd59d24d82de2e0f6a65b85042ad72de95e3d5d4e7bdfeeb942f8cfa2c04407623bca7f08b26cf76f6f12bd5

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\{E6098775-CB4B-47F6-9FA7-473D542CB6F2}v1.1.0.7\cab1.cab
Filesize
1.2MB

MD5
a65e4f575bcaf413009452aafa55c1f6

SHA1
23bde83be34f944760132fa0efbc19ae760bb02c

SHA256
3f128b877d69c382850ab39a10a9da6742fcc75cc68f685b100336f8a0d0b128

SHA512
f8308632bb29bb9905b4e2937dac8998cc3e5e1c5d2a6173272260d9e2f78b91cd2acc4c751902955c629e41832e2d64d8eac03eb2a746880c7ef2d3426f02d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\56799b37-40a2-4a2a-881c-80f5b7cdf8d9\AgileDotNetRT.dll
Filesize
134KB

MD5
5ce220e1334193b403e937ecca0b406f

SHA1
48c1d47e4a23ebfd739aa86830842d1ead7ced59

SHA256
c619f87556667f2c1799672d36d55172597f4fed158800d5622edc8abee930e8

SHA512
dad8694e72c58cebd4723f4a54dd92af3c36b7860044e092ca8e48588f841f699a72b749e81667851009107a367a1767ff507f861d919d43fc911696884a584a

Download Submit
C:\Users\Admin\AppData\Local\Temp\KnowBe4_RanSim_20240113232240_000_Installer.msi.log
Filesize
2KB

MD5
23148853b0777872b0279f796352aeca

SHA1
915a347deae69351ef9e6513631546ab838ba004

SHA256
a38066309bc20a06bc21e90b594c8dd9f820b706a99421a4139948413b8de39f

SHA512
f54fc08308a88cce0c3f76e17e6eaa3f5f7bb7a5d31bac8799840669816f50633eb15b60fef84eb0a3228c49e3a70b0c77fe1c554a47b38f8d008b667a6ceeda

Download Submit
C:\Users\Admin\AppData\Local\Temp\f65d8544-719f-420a-a98e-bb1b0f306d2e\AgileDotNetRT64.dll
Filesize
141KB

MD5
11f1f9a367de7093bbb3a95ab5373e03

SHA1
2282a0607c840be6fb2b6bbfb9da9eb6e237b35f

SHA256
557a7437f75b54ab49cc7579de23160ed30f0db61ef0d66501f3802cb3a0a3db

SHA512
a26f0d59f1589fff35fc1f37e1ab459e10fd6c820965a35fe5830265434b103cb60e7026a4f85412f14c133284085f3b66f7fb27964166b67a5d75b474141225

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0C00A8B7-A64D-4ACD-B7E8-B94965B458E2}\.cr\RanSimSetup.exe
Filesize
592KB

MD5
f97367b8d562c555d14d1e62fe7368cc

SHA1
3a163367f001baed5dd2146df17e92f1b84b9f8d

SHA256
66ab0d9015eeef3e8e63090b3369c09c82b1933811582dbce6a5d963b8aa029c

SHA512
731ec438c278fb77ba359381eb611e92cd5b765ebe037f77dd5aa642931733408477f07587ed9164d8835a0ac60c2b4391cc077f0de1206c72d4de2a0c5cedb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8590F626-26F6-4535-B211-2A00F09A62E6}\.ba\logo.png
Filesize
33KB

MD5
63a5f8b51b2402a9466f183e7c18a52a

SHA1
b489048bf8baacb27ba8bc6fed6bbcb66ce6630c

SHA256
7c7dde5b63deeb928787b95180da44b3494aa0ba5b1882c9506077def08463d5

SHA512
8dd10c9a0ef7660bdb2dd0aff1e797b2abde40a30cc32516e40edfb0968aa99a09eea1ed423e5c7a389abe5a721d08ed1ac1404c422cfd48c35ad69283e0c2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8590F626-26F6-4535-B211-2A00F09A62E6}\.ba\wixstdba.dll
Filesize
171KB

MD5
d69f6602abef3798bab0646d57dbde06

SHA1
b3fb498369fabde14837c202660e4c237b3d44a1

SHA256
9216632cdf31c511c8ab0859a9e2a9ea962af12529b91ac99eeb2c93738647af

SHA512
d3ade5f705e24864d049e463d492d3d92710a18eaaf8680dea4dbda5165447937318a22ad0d8f9b05690499489b76defec172b6020b8be4bf3b0ac87993164d6

Download Submit
C:\Users\Admin\Documents\RanSim\Common.UI.dll
Filesize
7KB

MD5
6644f5bbd5ba3c55ec22794a2dfe09b3

SHA1
29ff8c6e28746da7479f9ad0b81a157cbdd01281

SHA256
4218b80f3daeb577d922d9c60a324fa193eed7f3ae99a2477e95318d36baa71a

SHA512
00105bbf1d9c9058c2cc5b6d1b12c54e4600f4bd9fb284111d0296319c74995c9406a610e5af49cbd3c7035bb7fc6d5d3db8bc98819a0fbdd120e3e1d1cfb97f

Download Submit
C:\Users\Admin\Documents\RanSim\DataCollector.exe
Filesize
221KB

MD5
a277d4735263fb1280a4657ba5ebb956

SHA1
fe36f095b83b0091a8c77a3e69f340e9878a7a43

SHA256
d7eb6c06e01e09c17a2ffee78f5a0da26967e7f3cf17541d54a0515990b9ee20

SHA512
95832be641d877b1ea5e257168a5b8df200f9f68eead2feb1ab9c5534288e50763c3aa1aae924fd880a5222f71a268f3b5c3dd4e95ec8db14a80fe4b76c00ce4

Download Submit
C:\Users\Admin\Documents\RanSim\Descriptions.csv
Filesize
1KB

MD5
a8a646d3da6bec0fb606e0855d8309a8

SHA1
a39c9ed661b82f87509f211ba0eb27836132b382

SHA256
906d841393b1d5eafd3fc127852b780f60f36505e1462cda9a5a85f06eafdccd

SHA512
77a40744b007786c42ed656caf9fa413bd3daee41499d0f49ddfad3d6aa5eccd3e074892daef6ed590921d51542ef2aaa1929e89d569fb4d54b86a3e78339688

Download Submit
C:\Users\Admin\Documents\RanSim\Launcher.exe
Filesize
4.6MB

MD5
18e0dba9d3bef3b60cb2df56259e6be6

SHA1
5acde20f68c431b3262ab9a333ee1c5ad6104860

SHA256
9163997829b7dc1aefa84458444924a682ce86d5c52a8ea8384af1b3e39e2e0e

SHA512
8d48070a9afed47eed8ade0381826ccb578848ebac957086feaebe1dd4fc27ef1d61629542b486ab3b7ce307fe932e78f9d92d7bdefd2b7b1f8a4b2679c3c71c

Download Submit
C:\Users\Admin\Documents\RanSim\Launcher.exe
Filesize
3.9MB

MD5
033fa4cefa0d36cd6b693c60fac2678c

SHA1
c9949f95afae15cfa28f881efdd1583475db4564

SHA256
0b4b72e781a4b8e8e7a719973961d22f007624cab8be9c31ca339e70c13369b8

SHA512
cda2231406d5f755d87aae0a539519ca5f2c3088379a2ecfeee1475120aeffa0d2d13d6466486b3126bfee66e6dae7f480c5232ab11ed1370b4620536d24cb85

Download Submit
C:\Users\Admin\Documents\RanSim\Launcher.exe
Filesize
342KB

MD5
2dc445f87066f5c84d753a59e9fca942

SHA1
b94847e17999b1fe02359355b05cf492aad76ddf

SHA256
842b55ac535c2d1708ce2df6efef6587f248fb22d83b30b1054099192007c908

SHA512
2f41ced67c62ff9582fd4f1e55e536ee277058ce467dfa7dbbe17f913172eb80c7a9629819c1e20ef922298ee666a032b024c3cd22cede81f944b32a16491c45

Download Submit
C:\Users\Admin\Documents\RanSim\Launcher.exe
Filesize
264KB

MD5
07375c6130cb3f4b22567964843ff212

SHA1
fb3ecfdbf6cb229c23ce16b1e22fc95eda4ad547

SHA256
d1c30b2bf454266aa1657e99855079ab5507081e66c035c3f3b4e7df513cfae0

SHA512
1d50afac0272d5b8ac7b894020609f549954698c86da548fa1d2b7829333fa98fba799341d7cc2f0ae41752a08f9a21a2cb917c85baeacdc1c65dac6c3490ee1

Download Submit
C:\Users\Admin\Documents\RanSim\Launcher.exe
Filesize
1.1MB

MD5
7e75a3b6c05f71ceb23b6ef33b83fd69

SHA1
5053c0c87f6d43c039063f767bb5c66b7263696f

SHA256
da483b1802480d975e8e072cebe7aeb5de724d0794e83b00297c12741ba79dc7

SHA512
5238b40bd31c3e29dab9efcaef4e0716d643b519b0769c8ca57b9e5f262112418b49e4f3413a6ef8fe503af7f140f7bc6b6567b5054dd45dd46664b56aafa51b

Download Submit
C:\Users\Admin\Documents\RanSim\Progress.csv
Filesize
201B

MD5
12fcee538d76db60e8bfe0fad7956b8e

SHA1
a67bd37e5fc4fe64bcd392f4ebb91a3fac724c6d

SHA256
418a3d526443cbe08a3d1cb939c29317f489156d009326a04115d2798721f687

SHA512
b203a92aa578f34c383d9b2d0646f79a05c1264d0395069196b093b0941ff159fab22136e51ace9ee845531d231cbddfba7b1ddc7172cdf983e759b28878df9f

Download Submit
C:\Users\Admin\Documents\RanSim\RanSimDll.dll
Filesize
256KB

MD5
ed0b1996e5058868d3675aea7cd74292

SHA1
30a0037a4ac608551581871509ac972156b6c24c

SHA256
6b7fe1cec3c84df29917850013da114e74ad5e448190614c6a3091897399349e

SHA512
63b8617b530ecdd5eaeb4a7afbdb53143577b97c4f4b1c12c837cb8c20867c34a5ec24ebeda250b00bc709b367357c0e2860ba2949a28ea7140cafb6d27e451d

Download Submit
C:\Users\Admin\Documents\RanSim\RanSimDll.dll
Filesize
511KB

MD5
7535e32de07bd08b95dc17adc8299598

SHA1
dc662a1edb09706e32e18bc785f7d0f92fd6d380

SHA256
af7032f080f4b35e631e8a35559a9a5d2b6718f1a1ae41e121c01a33685b40bf

SHA512
c4ac4839040899e85d19c3864f3011fffd51e04e048fd7d28ef7e3ccfa4a7fd2e9b8c3658c507d3889e9c4efe4445140c3543d435d8207586af51e3d89e3c5f5

Download Submit
C:\Users\Admin\Documents\RanSim\Ransim.exe
Filesize
227KB

MD5
f763f0c9d0946e505c9da9b854e19f40

SHA1
47528b492f9d381723134c403ed6e7495da03edb

SHA256
a326384d695baf5cedaf8ac5e43523f9763bba804ed687ebe83cbd8d2aac72f4

SHA512
5796e813ee18079e1092dca220fc3c31918518cd45f749e8a1ad716df71d328f6b6ae8a2291a393cbb975277ae25506ab6b776534e1cef1f52008e270d355909

Download Submit
C:\Users\Admin\Documents\RanSim\System.Windows.Controls.DataVisualization.Toolkit.dll
Filesize
272KB

MD5
6813ebecd58e557e1d65c08e2b1030af

SHA1
4dc95c499cbe862d4c6a4fccde71b2869f07e279

SHA256
895819bde598f710ed62cee50e8bac05eefd42dda64de60e7d8de8898082cae4

SHA512
0bc8b0af27d565f604f49733bf5bf643f360f1c78fc29335f3415329c93dfaf4cdbc2923dcd1d3025249a64291c112893468b3ddd7bbf2050f8e671aa7ecc96e

Download Submit
C:\Users\Admin\Documents\RanSim\System.Windows.Controls.DataVisualization.Toolkit.dll
Filesize
248KB

MD5
ccfdbc4d33fc3c3b12deadf2dc9db44d

SHA1
fa18e35bc96f5ddc8dfc8617260b05b6b3858ff3

SHA256
751acf360c4f80acb421222677dc246924138225a8e99f85005de543b3c07048

SHA512
f4f7ee3b365638fead7b282babfd827b85be8b999a546f9cf7a538ad371e21c64ffa357214df82f193280f0f7d21426979ce4b7b3baaf9bd07b1abfa848fb44a

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Archiver\datarst.csv
Filesize
4KB

MD5
52171c149166c2ede8b405654d575717

SHA1
723ea8a4e8775b4f84a7f200cf4c8c412e9099bf

SHA256
c8c70b5e6c331cf39b4c3e1c830f4fd2d782e63e01c630279d6c910145cf6aab

SHA512
2d35d1871ec26bf83cf6e4818fd35c82b46451011156a75206068e41f382935a984f9d7fcff649f29d0be933cc2aece80e01b449b168505575ae3c5af04c392d

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\InsideCryptor\datarst.csv
Filesize
4KB

MD5
ebc880dc26e7f3121c76ea8344dcf7a6

SHA1
5f7ff91d65bad59c728ce0dc5a722d16ee9b31b1

SHA256
939f214ddef0e98597d3688346016c74a0cedecb753bae2431d3ab6d0790e037

SHA512
abd6aaf3434263cb1f5132af55906d813320d16865f22b12fcd51dddb5039d67212e71d5eb38aff5f0939f3cb56dd05630fc07bf17360f63ebbce4f4fdd49297

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\LockyVariant\datarst.csv
Filesize
4KB

MD5
c7366d33678d018be1239b35c48d4828

SHA1
ac61247d31493efeec2a6ef804e90866d476135d

SHA256
e281fa8dd0f84abbecaa315374a746598a097ca227e6d2580bda02265401a81e

SHA512
655dc9bac91e57c0395a79616a1a193f2cfe23b9a9ed692c7eb0848c3f951df1a33f07cc29baa061793b14a85f0acca17fa4fda3f9715d35958881791f790c63

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Mover\665415807_Mover.txr
Filesize
263KB

MD5
39f9c3461516beee1ae977e8c390c559

SHA1
01b434d041bcdec3bd9853d40d422ee2f1de8684

SHA256
91d62176bbc7e1fb566baeb231b8e253d743fc985e567705b5479aa7c154a380

SHA512
af3613c77887ff2ae551e2fb1bb983f53d74c8e5e29d4e45427c0b18379d1a2b4b1b37a5f87efcf7f1f03ea2dfe8d1be8de27459635f143ab163c56f66900703

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Mover\datarst.csv
Filesize
4KB

MD5
8a1636cb693a144dcfe937fcbbd4480f

SHA1
b769cea5820486dc8bfc04c15bed66b281f50ee5

SHA256
70d083fabc72c660b1975704cbf64c4afced7bb221d983d2200df3b5f3bf1efd

SHA512
07185f20990ea88a4bf9d4f91ce5378e941c480d65cd06ed6aaca8a02cb85bfb3d7cb69f56e846e64491bedda5011ed2cbf3af006895bf718914d28e9d0df13e

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Remover\928323725_Remover.txr
Filesize
59KB

MD5
900f09fd80cd99d57348021f75efcdfb

SHA1
ab73221a2e449a579c064db431e7239d82a3b148

SHA256
6e91f50845896033df847dcad8cee0c32b8271f0cc52b93b3d890a8499eec489

SHA512
026fe5b8270fe95c1698ee096d8161667c466f0cebf611a6ce853fcf50a0dadce1b049a23a3496ee76168bc230df76cb7a3b89f92bf5ac7ed682332c71e4b3ac

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Remover\datarst.csv
Filesize
4KB

MD5
e9837d1ea2b54d9f91df3afc090c84c4

SHA1
d7f55b40437c7182d6eb4b1d15999ff4fe40da7b

SHA256
4f5698c00817849a554bfc33627b1892c56d6dea40a46d2aa768a9441b40239c

SHA512
2c4f95af3831f58adb972ff929eb884dc3acbdb5d32747548edae385985d8c417f89d54ecf212133b1ef530729fb1c5e3247ff8deb729c7119bad3e864e112ca

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Replacer-TestFiles\c10.png
Filesize
87KB

MD5
6754144d7cc0f5d816590a7782dc546a

SHA1
652075d3d319f565fc900b49be56ac9c9a6b9de0

SHA256
fb3f1e69d02f700d7ddc6cbc90ae54edfe1e6158cbd22146dc4fdf17ff94082e

SHA512
9e27c468a14556ad0879b42810fab85763160f49540a27bf2d77bb43dc7e7f74d757aa343263f9262239090e24b3ea1d86a5fb9bf167b16c6963f8239de03b1f

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Replacer-TestFiles\img21.jpg
Filesize
24KB

MD5
8cc78ffd299a24e3c9297bf0fee2ba3f

SHA1
320bb164c96c648a1a7c4efb1ab69f577ba6d9ac

SHA256
1603e2a3d501585d95a27395d81dc745c1383cf839a1250f61abd2b9fc71513b

SHA512
660a8c49def32a0983b48249ce5d4e8899c8ce9e198b4010263e47cae81d97a9b7dcfd4c5693d5c901e434e6df2682589fbb545aeb668c4af203ae4028240cb2

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Replacer-TestFiles\test2.docx
Filesize
12KB

MD5
5c4b0db9ce1b3a639fd1276cf3e15aed

SHA1
bfe743982b4ee67bd779738213035bdda58b865c

SHA256
57ca054f715b0f37ac14f134da3a5ae30329dc39ac185d71e489e331b0d5f939

SHA512
3d7d1e1f6ffb3920712cbaa8624cf7b3e5c85e0818de41d9c3fc47c59d86384a65880021fdee5c4c3fd927bb925c9b5b1a500745da923f8b4e96d332922e5c4f

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Replacer\1286240011_Replacer.txr
Filesize
721KB

MD5
d1709e8170f76e6042a3624c48e29633

SHA1
51104db1843a25769356372499cad3302e4970b7

SHA256
a42e6b5f2cbe2440b63e0c3deefbbc0148a5369cf8ff3971748380077cb84bcf

SHA512
1507757f9adec09bb74986a656ab31d979461df1d3802b071a2fb8182dc194d3ea82c6dedf44b74e495a87036efd67816f0b8ddfab58ffdffe84c156abd10481

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Streamer\1373418316_Streamer.txr
Filesize
263KB

MD5
9efa8afa9b8e254ccb79239387be0a38

SHA1
9c0fb417c980adb446ae185451220b74a9378a4f

SHA256
33be174e1073fb3365172a1127ca8c44938bf237aec99613b5b48de87cd64786

SHA512
98eb00cc4fdace0ab63bf1e4816af3fc285d1a5541ff0b6e28c3c8e309f650aa542c2d63ea1e011ffe992ba07222695279cbf30179d0f7c90a919cbec27f66f9

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\Streamer\datarst.csv
Filesize
4KB

MD5
cfd6e6f0967e4673a1a2c15dad9cfa57

SHA1
51443f58df78a07c2a34c11a6ee4bce0b3111565

SHA256
7cfcf5ffacc798e728465a6d51b2dca8bd011432beb84d9b6655c600b0c278b8

SHA512
5743c41e244b7763147812cf8ecd1461371467e6a36dfc46e0c2edc941732cc0b13b2b8f72ebe8c5778d68f01cb8e87f628669f2c08221f091344fe309be75c7

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast-TestFiles\img10.jpg
Filesize
2KB

MD5
8b4fb93b59afea9addefbf0064131429

SHA1
ba8ede2f2fb5db8ac81eaab10cb8bacd3a4d9f9f

SHA256
1eca0d8cd72459f79f29c3304378ba665589d329aedae4ed7fa9f94f9606bc8c

SHA512
3c8c3431d4f12a5b66de84f2ed5668610de4df2a02c8c5a57274e52135db3999f7f7b0c0e13554f10c8aa5c786d9c84014ddf4bbd939e04ff525be65f0b4a9ae

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast-TestFiles\img11.jpg
Filesize
2KB

MD5
c452a18eaf31de6b55c98f86a4059685

SHA1
8f0a8d9e972e35e1f62c50a7eeb03cbd03237850

SHA256
f8d0d83c202baea33a6a246d13f7ca251ca9423610e4a48d663df349c6ccc47c

SHA512
9c9291bdda4e59d6c87ad34ed188f7af6a9b3c9f1466ed1f5601e4aa01472b41ef88fb3cc4c9dd7a0ef0cb98a439913725c3740cb07e43ce90d893c3bf8ff7a5

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast-TestFiles\img12.jpg
Filesize
2KB

MD5
4bf0d14f873e86c9895cb6e7ebac52a2

SHA1
aa5e44265c7098378adebd07f7c11c29ca162e36

SHA256
8c15e2e130c02eb9635678ff786924e9bc396995cb935510944d57b299357644

SHA512
3a7490fdf6c283b43b157ef7cfa6fab83f431998a729443ba9fadbd5503cbeb9f5be970ef5f91ceeaa67f780d32adec6e248a959846baf79e05cf5a4b072b123

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast-TestFiles\img30.jpg
Filesize
3KB

MD5
370fef203cf8838737f8001a2948d8c7

SHA1
39f10472dd55b6b7571959d1fd07f3a32407f653

SHA256
35e3f11be5ef89276b0b9199e4d1b87a3df686c9d50b4a9b3e704d1abad90fb4

SHA512
54396b48d7e8c235499f25766568c120277d6df6a8018c334ed55c7f60a4e35cd263ef2144cfd4df767e90b8b968f99982d2541de692572d8534f1e8728f9c62

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast-TestFiles\img31.jpg
Filesize
3KB

MD5
ee3b01951b4c654e77e42c8e51b33749

SHA1
7978f138fc337d0755a6af201d97958c87dc77da

SHA256
74ba4608db299cc3577dddfc186f6f0dbf0e4d0e0b16b259ff56f3859425f392

SHA512
3d0b639abaff18ed3449a617d7b87af958863b9c50d72e639bc8f3555b8f40c9bf4b39a2e0bc00878caf9f0a298ec5426de342e8dbb42ecd5cc6d187bdefe538

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast-TestFiles\img32.jpg
Filesize
3KB

MD5
7a1f5c71c90dc71d4b53f71535717316

SHA1
e9a7360dcf8430a57f8f664d4f1775bb6244548a

SHA256
d92697a4c9bf3584cb5f36e6d62699d7c46e2e4353390a1d820193dc59d18f52

SHA512
265ace4c81f45f1a013f7abc0162f691eb4966ade3d20ce51ddebd8cfdc2c5407cd43063637f1211b96573c1c1a97e8d0590b3aa823280504f1450ed00d2f2eb

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast\1495637413_StrongCryptorFast.txr
Filesize
263KB

MD5
a6dc889f392fb7b6c423825b2218d104

SHA1
4abaa61f1d8fb54e96265390234d0a950c8a18f7

SHA256
fda100eb1b06a4d70aedcdc65b539b79daf990e3e579f106a5df1dfe5bd4a2f6

SHA512
28a52dc3a67c1124356241084dce58f3661aea3b5d64205853bf795e3732bc0ecf4c843e30c693aefeef8321248f2b3ad0c2102ac01e61e1467d33ccae41a029

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorFast\datarst.csv
Filesize
4KB

MD5
ca95d67dec0cd112c39d8e25f2ed2174

SHA1
872d00d106077ee9e6762f1d237b6a08c1e54cab

SHA256
19f2ceef1c416c3986898da7a968a3f045492b5b83f96cbf6f5ea74c54cae3a9

SHA512
433f794679ff9f5038d3c1fef025ecdeb35ba6c5729ea908dea76f6ef96a2e1a48e22e56cc92535a3e5a2b08a16a621cdb309d294949da786bcb94e9d660e03f

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorNet\88311047_StrongCryptorNet.txr
Filesize
262KB

MD5
dd58edfc14c8b28fbd854e8ee08904f2

SHA1
f5e0704a1374fe737a0e90de945256f58663c01c

SHA256
2a13c10a57c43d6da9f01666ab395f635c569a063fe3d3f6b53eabd2d4a562ac

SHA512
7a74994ef84e65571ed628a0d13139e63c8bc4336977cbf6c7a31adb071a9dd4f5c748e7cb11b07242a397606e9dd2d8701c16253341a647562e4d0aab9fddbe

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptorNet\datarst.csv
Filesize
4KB

MD5
af6a4f79cdda7da67b09536c66cafeb1

SHA1
e6bc5020b4800fa126436efe49658c76cedb5796

SHA256
4a8e70b4402e4baf255d4c1f7bf8965159b6f423c794a99f3d51071c2b7b92bd

SHA512
6db1011c5f5c10a38b4d4f14ca3c5f978627ff329ed3531b60905fe02beee78a23712e2eaf08d8c3833d01e76b0d2e1a17dfc22a84ad4c3a4f171b86474cd1b5

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptor\1161552524_StrongCryptor.txr
Filesize
256KB

MD5
462195148e983d9efd4430ff8165ea10

SHA1
e4b4e1b360c8bdb691f9d9ad13c13a60a93784ef

SHA256
ae7f7905452ba6074250895e4f8410c315afa3c0c64aa2bcfc9082d50a6d8405

SHA512
29ec00137e2ef93c1d7aae6be8ea3fe2aeae9689ecf512f989ab49a55a0270fcca6567fb1339e083478fd62b60d8f64c8d94b222cf1057eeab0a8e1d7b6d5f51

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptor\1161552524_StrongCryptor.txr
Filesize
263KB

MD5
bc3291487d13f0a7f81de66db7f3425f

SHA1
addddc3c4c4449fd50bc19edff25c9c789984407

SHA256
cffaba62c1a921314adce237dadb54768900dd9d5b1a48f4dda427d2cff8b178

SHA512
832432961ce0b329e7b06b868ffb791df006968529c1f100bede3225e7fdac7c9893441302df78d2e6bd6e57dda2455338c328ae970c26f42ce9a1e01c8895cf

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\StrongCryptor\datarst.csv
Filesize
4KB

MD5
76be036c79499bd040fc7fe31e63993a

SHA1
68b53fda6de59a537c7e9089dec215055b71d7cf

SHA256
f750bdaee203fa8d7a6d0b779543080fcaceb4c8c9f7d79413d2dd92d82ffec6

SHA512
bf1b4dce932b420aa906a70f3f2868a284ac8fb6ca5be0f63d15acb78b41476933ea95c18ca4a33ac35988efcd3baf0dbdc30351e0fb179d4fc5c932c842fff3

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\ThorVariant\1250716324_ThorVariant.txr
Filesize
263KB

MD5
1f525c4ac1fd8c96df5b9dbe975080f3

SHA1
9ca7471c20fbc1d23436d5f77a0ac59c64c64f73

SHA256
855e9b55a2954d836e6c441df892fb4df8c108be56fa8cc14d46494bbe13bbca

SHA512
02611e5cf84cdf9f7a732ac29bc94fd0e4ea2828e8373857e2be1c7d87ca342a8f1ee8261e1d079cd83c0bc4a9a213c0045e800a9ecd44c0d84aab180e7b9087

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\ThorVariant\1250716324_ThorVariant.txr
Filesize
71KB

MD5
4b23526928c975d50c82d90cfee88124

SHA1
5e759a10558721ab420f5d1d3385682b6110df4d

SHA256
54c6bd73507ec23badca21600709ca401e4fadf5092d51600c839a56b1b22b64

SHA512
b4f8591bc3b236776c20976a7e5ff849a1ae81242dfc5cfcf54303c1d10dbee65b84dc5f43c2cefda3423916ba1f3d40e2315e7888af7b14259d7f4c7ad27483

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\ThorVariant\datarst.csv
Filesize
4KB

MD5
15451edb41673a58da0e495fd1f36c12

SHA1
29f1659d95f7a25b1f616cc40f80e5af9667fb96

SHA256
f373e179224b78b92c6218cc62e291426720b3ef5a11e6089e550397db25b0d1

SHA512
0e9f55051dd7c4f45c4a679c076746677acd772edb02fb4768fd8b20c280fec9587055be13777fc61d53b71ea55d71c2297f17e6f31a6d0901e96d248bc631ee

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA1.csv
Filesize
256KB

MD5
672b0849d1c9f1ad29f5c3021cb67c65

SHA1
09583607ebf487efa2505b493180d00b2164b477

SHA256
87fb1c1daa594bc75a6dd1fa047135a1e33adb9e118278dfa94ade58f4a86a09

SHA512
08db4df8c7d04ed9ba009923ef7848262fe60b020b77519d8de55e4792aafa23723372c7ca3bcb04fe55efbb25ab0f941b103d13df8935782cc1b8a0f8ad7ce8

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA1.docx
Filesize
259KB

MD5
e1a667a527d596839e9e146001e4b411

SHA1
1086abda4ea0dc6fb431c07c865cc8653d0c14aa

SHA256
e56e69d54e49bb971d2412f3ce3f1542c3be04528c5a7edddfaa991730852e77

SHA512
9462ae1d037d6ec210c0a17b2f6c521e08fa849970b7b35c1a4459627b0715f1abe59554f487a536bf2c102110f5b3bc892cbe9f6b28757e5ff284afcf84035d

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA1.pdf
Filesize
244KB

MD5
32153b8f6af9ef9a4b871ed6d88c6bf0

SHA1
beb5506b2d0aec51f0375488d976781729100016

SHA256
aac79369767434712e5accae1d5e1c9ecc81384f0d640b261cbd36dc4a8a679d

SHA512
bd105afb9e36aa503d5d3112e5070fcb03fe3fa501392adf624d2944b9f03d430a8c85e6e5b0fa9385d5f44a8d004e9aa88a0fbc8d8e2fc46a634627c830ca3e

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA1.pptx
Filesize
121KB

MD5
4a00ea5ebf09046bfc00d3a99438dba3

SHA1
b157fe25e105974b8f744ddbbe567d43bd79dc16

SHA256
59e7cd83c865b290a0f14620d7460cb05cc4c93ce4b0395934a433fa54a3aa88

SHA512
35e67a18a1e145dfcc9ff47ee43165aad36a350ae57570d012780432a0d031077ecd8ddedab7921881df57115dcc803b582ac46c1dd7a9bc5db057a3a7219646

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA1.xlsx
Filesize
100KB

MD5
5b9a2be7536f6d757d4dcb3a603db754

SHA1
7c9e5774b3a83789052656925b4a00682658c401

SHA256
7fbc2ee98ba0880076771e5d1fc6390ad3f93a4de96bdd6d2571de15237fc32d

SHA512
ae3dc7bbd0082698d2a9339f6be6177f53973ed69364a7f79c7f8284a7ade9d5504e1f36d5a7341aaf53bdb6cedb7cc9a7ff59c64be1b5ab25e9e5cf2abfab5a

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA2.csv
Filesize
258KB

MD5
3d9570bbaa71b90a64b8b7ebaa4e74d7

SHA1
3e5c9ab4fb67c9588bc8960ce86a62b554dd1c9c

SHA256
b282bad061d0ec88d862d70e6195fd762930a89f68d629e5f39807c6e3cada28

SHA512
f0efe93010b64fa2681e2878b37abc8ca0dd91c078e6758d52b46c3dc25cdb9d1395b34b68bbfb68a810830ef481063446de4bda0d0d117aaa3d41fa1f702962

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA2.docx
Filesize
207KB

MD5
2e7aefb4797dc3ebfdebfad4de549441

SHA1
a43c8afd40da0b13e7aa3793472f9fdc0f1f3bce

SHA256
29f32d90e7781ff61cfab9fada6690ebdce32e68e83ec4e1aca67d2e73818d44

SHA512
044e47b5b06f3482cc498ee54a54baf983e459f967c50eb5b51e176d61af66ed4474164b898465d50dd8f35707f63f6335225459854bf0021684d4e3b5e4807e

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA2.pdf
Filesize
244KB

MD5
85cbb4029ca6f6e91e1b978a030c543c

SHA1
c65fcb02faaf590512041e4092ac45078188b0c9

SHA256
65e942bd76bfa027c4084693c983aa1dc5562ac88f47ff488c12c435fba8c9f4

SHA512
f871f26e5d9d23f80a270d59691dab30114839f579a8190809cdc4259da4dc33b9bc25492ffc7df13ffe632ae6381a139fbf6721689c603129f4e780c64b2247

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA2.pptx
Filesize
122KB

MD5
beaee6bbf4bb45722d032c46d1a71205

SHA1
4ef58817473221271f33e15dea5d6f29d9af0b14

SHA256
af1fad2082d94e2affab5e1630a4b9eb9940d370756493b17d07837ded646848

SHA512
4c37fe7ef75ea505733ef9719a37a05408a7fb6ab798ee4f127112296ff480dd8ad9595ba95fd32d40761e9ba8fef458eff49095bf941e31b0930bf79bbf79c9

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA3.csv
Filesize
104KB

MD5
0b3f5aa92679ca4dec376912b56d852e

SHA1
ac9931fc59a5361de732fd4e87b8c52c6b51e541

SHA256
af14cee0326b33e9386a2b347f0f77b1d7ec80bc09cef8247599e2f3e8ab9f63

SHA512
c0f0ad1f7dfa1611b199d6e4d3f6e5eef853cb0ab78fcede3b2af187a11eedcbebc9a97483efdc39134823426427666ff5d97b840a7dfe5bdce28d3e297dace3

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA3.docx
Filesize
173KB

MD5
ad1cff3de3ca91a2cdabdacaf49b6129

SHA1
c3b08099beb027bacf7727e5ec234543f823f977

SHA256
552549c4c601024b540a77ab9dca2148e7cb6f6e6f76563c7a080068adfbe56f

SHA512
12716b453bd364660b8cd014aad58698383c217a761d859faefee6623f42b16f4d59501984e2b60c91bd86346e024b7f5ef9355a03c8ffa98b296533537eb067

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA3.pdf
Filesize
206KB

MD5
3382a1e51c6e0789fc4f2ad6ee1a4e79

SHA1
af9f1f3dbfd47849e1963fe7fa2607b7d0efe465

SHA256
1938eaae00d0cec219240df26f5d9b74f136f3fa0c9a2dc44cc870c94bbedf18

SHA512
f44a11bd17031c0a1518e7cf6efc841181b0df604b0986394cee629ec2b6fe3b67ebd06c0ccf9eedb07848fdcb1c1a25dbe0359d5c60e246cdc7ad47065103b5

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA3.pptx
Filesize
180KB

MD5
5ef8c1bb19af1bf210537b607983a149

SHA1
92d301e867c38ab6e671e760e75c7eb140d2c76e

SHA256
199b74fb89726c2380babad48d48803b8dddfeaed5f52a4a7625c44f46c377a2

SHA512
8562e197e4bca0b5397d97e663834a837ad3bc35b2a4f993cffc9eee44b02cdf22d4eb74b1ca32b5cd2fe5916b93789dff4f5d454960a080a6c8b34f57f0adc1

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\MOCK_DATA3.xlsx
Filesize
98KB

MD5
a2723c8d5e1c3782749bf43f6580595e

SHA1
c964f69c569cca2b8d4a440761323cee237827ed

SHA256
0ab3e22bd97aae0985e3b8a0b8c8f96502561fc39294a7cf2e1c15d33167198c

SHA512
b2c44116223f95c8e94c9385ffb158b425ea687762ddcf630835d0044b9afcfb370acb4c884eebaa49f48b5ac446134d6a4c186b006e04f771f01f9f63e664e2

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img10.jpg
Filesize
2KB

MD5
12d965235bdae414b01e6583f04362c5

SHA1
2dd6a09bb98ef856150d51a3c0e54b83b7974200

SHA256
f81e84953bc5373c7c9f2a7745795cae5ecc6040744cdbefa55ebb707fd17c39

SHA512
67fca281fa2e1d774bb2bf11f6fbc09378ee81ccec08f2f53740b29335464adccce173bfdb336ea5f0a2b51ebb8fc700915eb077026db467806060e1773388b7

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img11.jpg
Filesize
2KB

MD5
9547664ae94cb02dcaeca55d9abe67aa

SHA1
58aaa76aea2bb238f08646a52ce9785fb06535b8

SHA256
0b5e01d0790ff1ba4be08531f9b234a934c0d199e19e5cbd5550382b723f5956

SHA512
7806ec649681559b73ca5e73de3593f59194a8916bd826dc025533ed28b7f3f4c690fe6c7f6fbc1acab748f638d8b13ebcddf1d1fd536e56735df3f7ede6c743

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img12.jpg
Filesize
2KB

MD5
625a621bad83fe8bcaa76457a49963f8

SHA1
28f7edf737101e2baed0c3134ecca711b2cbd1d1

SHA256
03cc8b6f24c7fb715f331ccf0d71ecd7b1dec03e62918b9272ac6ac42cbeffa1

SHA512
014d9027f8b6c63ac5afd78982ed8c7048b3393740481195dabcc227484461c9b3c531dc868642a42fb84793f1d21c0f232ddfa7f64ab03276298ed789ad3586

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img20.jpg
Filesize
4KB

MD5
deaab2bfa7c781cef4e950edeeac3dd6

SHA1
f9e164e78e9c7c8656ba37aa52dcf59f812b445e

SHA256
43a704f79a151955707d4855acede1e3d02c834f682c3087c0e767d9b1936662

SHA512
01733e6b8ca3f19c1e01506d4f88027db2f7b2f5fde8679e1703e75df32550372e72af43ffb9380421ab38b7a391aa77f0fea7253c6009a10e971436e1b17e1a

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img21.jpg
Filesize
4KB

MD5
1d2d9e948d40cdb9f4cb7477c8e9f1dd

SHA1
dece6a7ce5d549f85b4035bc5ea1463166cd60f1

SHA256
b69c8746b59e2b7492ef3d1f97fe32cfd331ebe5413689f174ef3afeec029e3b

SHA512
eaa2db9d4dae914a84843622121187b67a5945c412ac968ce8cc149ca4bdd82c138ddde6edbe893157aaf857447446c469d24da228f6ea78d42ad08069e7615e

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img22.jpg
Filesize
4KB

MD5
73531b8b5bddb0221f180252e6f96122

SHA1
83d19454407fb29542e954110c0539a4ce9b0f89

SHA256
9d8c550f1d6cd6392e5f483e37b3a6b0d3dda919f971eda0a362beb309a77826

SHA512
d6fd2ed0e5f4f8e6b40b1c8ba2a5aac175c58bc2f0d5dcbd16f13b2de1f66735cbc770dcd6f37b96823665c050ec70f63e150f01b7465f0d012c31e96f6eb0e7

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img30.jpg
Filesize
3KB

MD5
82eabdc230b9703e07369f33d44004f1

SHA1
7534dcd113a2b86b35f8951285aaf519b5605f58

SHA256
8bce95cb45b45119c715fd76723c09c2cb95f6d24474f435e892a1b3418f17cb

SHA512
e072dab3585fdde49452108d877836fc782088f3d486a3e880d463b0d01eb84aad60ef98b9c35cb061e31fc6b60eaf983452841753ea8000a8aa4f047876451e

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img31.jpg
Filesize
3KB

MD5
9a6f0769da2b947aef4462eaead50485

SHA1
ab58e9126ce1e10835de95b90c5fb9bf97a13d9e

SHA256
6c49acfdd97e2a880a22ed3f3da6dd03eb707b50e1541ea55262b887298bf33f

SHA512
4986049b9690a044a5b87137b7bfee6ae259e413e5091e6e0ce2ab31086c15b2f07466064a3bea55a114c7439d3595f2300603d032644e1e9d4168d61d45e65c

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor-TestFiles\img32.jpg
Filesize
3KB

MD5
102487a05a6e7ea750d988cdc5eb59cc

SHA1
9b017ef690efbcabb411f011c518d750c54f6a3a

SHA256
c8f282fa46ba7a0d0ecb837cc5ab1f7f258dae0f41d8a05399a2516211548abc

SHA512
f18f03caad19f58cd1b85d9bf2f20d437f5c88f55c481dc26b922e9ca0ba1052a490d0cfdeb68f11084a628cb9390ff1dada79d90d5bf531ed5384e461fdc0f7

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor\1607416417_WeakCryptor.txr
Filesize
262KB

MD5
1082b7bc2b1545c285e00d3f499a5591

SHA1
6341d6d86631b7fe8d742a505bf0b3b7cd3c6cae

SHA256
8df12b2c67dff9d4f5724dac342a33a25576e07522f1d898d08f148a1b2ec44d

SHA512
83abe135e09089b3d50d7ede6da73105dafa7312e87b2b4e7dc1212f597b5ec52c84282e883ab51a8d370252e257e3e0a2b7bb5e1ba49f1c7f2d317dcfacca83

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\Scenarios\WeakCryptor\1607416417_WeakCryptor.txr
Filesize
257KB

MD5
735c817875d0016491df0762c9ee64da

SHA1
6681802795b2298ef086cc6c6dc2dc3d79d2bed8

SHA256
898b9f5720679ee8962872355f88e00cfc335acbed943a4fc3b64075f6b57bb5

SHA512
486ec3b18f2484681af327b5c1fcd8273422099100c0ca351172fdc81276c820012006f467779b5df70fbc7daaca06e56498471e20bdfefde3633267766193b8

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\TestFiles\c11.png
Filesize
87KB

MD5
6a9823c9e4324f13a1197bd8e24966aa

SHA1
da4912d94177c6b0bcdf31ee07198120614e7ad0

SHA256
37d2e302466777e70122313468028d6b2d53b1c5b3ed133f52f6aaca57f3569d

SHA512
f608f01a8ec4b45f0866fe7d51e7273fa0600d4d733e043276deebd95e83b3d6fb8d90d7c080e5a97cef462d79d56ae2f53ba6b48f2b593a3edbc83e0bf2c334

Download Submit
C:\Users\Admin\Documents\RanSim\TestDirectory\TestFiles\test2.docx
Filesize
9KB

MD5
68e8f1780c2b0eeb24f6a67139cedf01

SHA1
3188b945e3af39d1a9c86cf21216afb154236da7

SHA256
f284e785c056f98f7071e95cc6289e2ec87077c1b0b39c92df1f357756e61c23

SHA512
9084005841c08a3b0ffc993999ba0f602d703121dad8423fb208c701e138a46dcd16e608efc3f0e7debfbb445ccf02383a736a6cfc8de348c95e13c2b3e82730

Download Submit
C:\Users\Admin\Documents\RanSim\prepare.bat
Filesize
16B

MD5
1ee2deeedd9fad1f464f81ee4c0881f0

SHA1
384e59abe4faf3141ad72f44d1ea66439124b5ce

SHA256
ee80bb7f0db2a9241d7dec1782b9b7f7d954bde883dc8b2395b8023d0cf02e3f

SHA512
77c32d9c28d074488d178fc96176b3e022b18dc53eb7b65a94f58e260a3c6802eca9dd2cbebe3d504d24194ef544d78585ee2e67fd39a60cc6257d226645965e

Download Submit
C:\Windows\Installer\MSI752B.tmp
Filesize
237KB

MD5
c405fcc22f41ffff3590bf99e8955b2e

SHA1
f5b8dacea0643f2e3ebb1372bd84f6679a309123

SHA256
60a8104d6eb0946c2f28105455a0ae0ab2d7eef31851ca70c16528de1fc3ec65

SHA512
1446d40705c08aa112605d82e04b4404733a27cceced76c143a139099495cdc7714c7446064615869e0ac6cef67a6d2aa7b1cdff5aaa5ecbf40289543d429b0d

Download Submit
C:\Windows\Installer\MSI752B.tmp-\Cas.dll
Filesize
8KB

MD5
d69f7fc42e606f79979ae2f9aa70e002

SHA1
89c70f1d46d55281872ac68195973cf29dbe076c

SHA256
18a427e804cbd8ea9e74509a44e6e30138d9da93a9dfdbaba13d4f1aeeaac6af

SHA512
79ef9ecd192983b110a25f7ac5e22c30ebe1330f481faebf0365a4c04d1b35b5a93bb0896754cafd7c8f02f4c2719dc058d6635dd53b69b582cdef52fc16389e

Download Submit
C:\Windows\Installer\MSI752B.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Filesize
172KB

MD5
9cc443b70ea68fb136dd54d6daaeca0e

SHA1
20abab73d00b4bfc13b57471f41218fa89077949

SHA256
a1da28cb626cb52661d2d6e0a6fb14b97dca16d88ff755a967b7507d38998c44

SHA512
2508527543d36d855d6e07a39076a7549d7a8157ee52732e48ccb5617b0c8081797d0a2d5d053ea1aafd8bceaab7c67e3153f06b440a7a7f3e80b04e5e169eef

Download Submit
C:\Windows\Installer\MSI7ACA.tmp
Filesize
153KB

MD5
50d325dc966255a8baa1ad47861d85f0

SHA1
b0e0be992475a54cbf32bac2eb763b66e49a8790

SHA256
fb8eff606713ad8e432f65f0d0f09f36fb41b9696c24368ba7255dc9eb465cb8

SHA512
8405abf4e593706e9c00b9c51d54c1db2c5e221fb7084e16b60adacb33eda7181da18520831f879ba887702f7a1e48c1e0aedce16bc9a1050b3294dd833f230f

Download Submit
C:\Windows\Installer\MSI7ACA.tmp-\CustomAction.config
Filesize
1KB

MD5
4933c1e1be5973187e991ea2ed9e6451

SHA1
b16b52ba34a835b5bb8665f502e7e37985b6776e

SHA256
dc44fb3a0ce9cb88926b2d91ec3cc5a5c5d694b02415c4b2459090f08f08ed58

SHA512
766ed216354a9d0f681607577e586e89dc82729ced58c328676771178ba547cd87878a1f5955cd46b197672753bc693d08246a7a11ceb8a7f255e1321403e805

Download Submit
memory/444-1890-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/768-1798-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/768-1776-0x00000000004F0000-0x0000000000538000-memory.dmp

Filesize
288KB

Download
memory/768-1820-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/840-1873-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/1108-1854-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/1508-224-0x00007FF870190000-0x00007FF8701B7000-memory.dmp

Filesize
156KB

Download
memory/1508-817-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/1508-1207-0x00007FF870190000-0x00007FF8701B7000-memory.dmp

Filesize
156KB

Download
memory/1508-1206-0x000000001AF20000-0x000000001AF30000-memory.dmp

Filesize
64KB

Download
memory/1508-208-0x00000000001C0000-0x00000000001FE000-memory.dmp

Filesize
248KB

Download
memory/1508-220-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/1508-213-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/1508-223-0x000000001AF20000-0x000000001AF30000-memory.dmp

Filesize
64KB

Download
memory/1720-1884-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/2160-1806-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/2160-243-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/2160-245-0x00000000037F0000-0x0000000003800000-memory.dmp

Filesize
64KB

Download
memory/2160-244-0x00007FF873680000-0x00007FF8736A7000-memory.dmp

Filesize
156KB

Download
memory/2160-242-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/2312-1912-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/2440-1804-0x0000000000E50000-0x0000000000E98000-memory.dmp

Filesize
288KB

Download
memory/2440-1829-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/2996-240-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/2996-235-0x00007FF873680000-0x00007FF8736A7000-memory.dmp

Filesize
156KB

Download
memory/2996-236-0x0000000002E90000-0x0000000002EA0000-memory.dmp

Filesize
64KB

Download
memory/2996-233-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/2996-234-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/2996-239-0x00007FF873680000-0x00007FF8736A7000-memory.dmp

Filesize
156KB

Download
memory/3120-111-0x0000000072B20000-0x00000000732D1000-memory.dmp

Filesize
7.7MB

Download
memory/3120-95-0x0000000002F60000-0x0000000002F70000-memory.dmp

Filesize
64KB

Download
memory/3120-94-0x0000000072B20000-0x00000000732D1000-memory.dmp

Filesize
7.7MB

Download
memory/3120-97-0x0000000002F60000-0x0000000002F70000-memory.dmp

Filesize
64KB

Download
memory/3120-100-0x0000000002F60000-0x0000000002F70000-memory.dmp

Filesize
64KB

Download
memory/3120-101-0x0000000002F60000-0x0000000002F70000-memory.dmp

Filesize
64KB

Download
memory/3208-1846-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/3604-1792-0x0000000000E50000-0x0000000000E98000-memory.dmp

Filesize
288KB

Download
memory/3604-1805-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/3708-1774-0x0000000000B00000-0x0000000000B48000-memory.dmp

Filesize
288KB

Download
memory/3708-1822-0x000000001B860000-0x000000001B870000-memory.dmp

Filesize
64KB

Download
memory/3708-1778-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/3708-1791-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/3920-171-0x00000000742E0000-0x0000000074316000-memory.dmp

Filesize
216KB

Download
memory/3920-201-0x0000000005C80000-0x0000000005CB8000-memory.dmp

Filesize
224KB

Download
memory/3920-202-0x0000000005C40000-0x0000000005C4E000-memory.dmp

Filesize
56KB

Download
memory/3920-371-0x00000000049A0000-0x00000000049B0000-memory.dmp

Filesize
64KB

Download
memory/3920-200-0x0000000005C30000-0x0000000005C38000-memory.dmp

Filesize
32KB

Download
memory/3920-199-0x0000000005BD0000-0x0000000005C18000-memory.dmp

Filesize
288KB

Download
memory/3920-195-0x00000000049A0000-0x00000000049B0000-memory.dmp

Filesize
64KB

Download
memory/3920-158-0x0000000004E50000-0x0000000004EB6000-memory.dmp

Filesize
408KB

Download
memory/3920-203-0x00000000049A0000-0x00000000049B0000-memory.dmp

Filesize
64KB

Download
memory/3920-209-0x0000000072580000-0x0000000072D31000-memory.dmp

Filesize
7.7MB

Download
memory/3920-162-0x0000000004F50000-0x0000000004FD6000-memory.dmp

Filesize
536KB

Download
memory/3920-404-0x00000000049A0000-0x00000000049B0000-memory.dmp

Filesize
64KB

Download
memory/3920-231-0x00000000742E0000-0x0000000074316000-memory.dmp

Filesize
216KB

Download
memory/3920-156-0x0000000000030000-0x000000000006E000-memory.dmp

Filesize
248KB

Download
memory/3920-170-0x0000000074320000-0x00000000743AA000-memory.dmp

Filesize
552KB

Download
memory/3920-175-0x00000000050E0000-0x00000000050E8000-memory.dmp

Filesize
32KB

Download
memory/3920-157-0x0000000072580000-0x0000000072D31000-memory.dmp

Filesize
7.7MB

Download
memory/4536-1862-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/4548-179-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/4548-178-0x0000000000480000-0x0000000000D9A000-memory.dmp

Filesize
9.1MB

Download
memory/4548-180-0x0000000001700000-0x0000000001710000-memory.dmp

Filesize
64KB

Download
memory/4548-188-0x00007FF873680000-0x00007FF8736A7000-memory.dmp

Filesize
156KB

Download
memory/4548-187-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/4548-192-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/4548-193-0x00007FF873680000-0x00007FF8736A7000-memory.dmp

Filesize
156KB

Download
memory/4680-221-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/4680-212-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/4680-222-0x00007FF873680000-0x00007FF8736A7000-memory.dmp

Filesize
156KB

Download
memory/4680-225-0x000000001B850000-0x000000001B860000-memory.dmp

Filesize
64KB

Download
memory/4680-229-0x00007FF873680000-0x00007FF8736A7000-memory.dmp

Filesize
156KB

Download
memory/4680-228-0x00007FF85D720000-0x00007FF85E1E2000-memory.dmp

Filesize
10.8MB

Download
memory/4780-69-0x00000000028C0000-0x00000000028D0000-memory.dmp

Filesize
64KB

Download
memory/4780-81-0x0000000072B20000-0x00000000732D1000-memory.dmp

Filesize
7.7MB

Download
memory/4780-73-0x0000000002A80000-0x0000000002A88000-memory.dmp

Filesize
32KB

Download
memory/4780-66-0x0000000002A40000-0x0000000002A6E000-memory.dmp

Filesize
184KB

Download
memory/4780-68-0x00000000028C0000-0x00000000028D0000-memory.dmp

Filesize
64KB

Download
memory/4780-67-0x00000000028C0000-0x00000000028D0000-memory.dmp

Filesize
64KB

Download
memory/4780-61-0x0000000072B20000-0x00000000732D1000-memory.dmp

Filesize
7.7MB

Download
memory/4880-1818-0x00007FF86F2F0000-0x00007FF86F43F000-memory.dmp

Filesize
1.3MB

Download
memory/4880-1782-0x0000000000420000-0x0000000000468000-memory.dmp

Filesize
288KB

Download