Malware Analysis Report

2025-08-10 12:07

Sample ID 240222-y5xwtseg3s
Target CustomRP.1.17.20.exe
SHA256 8be0a8ba506a52d5cd53738635400ef35217ea3bf5ffceba8bc254a770b589fd
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8be0a8ba506a52d5cd53738635400ef35217ea3bf5ffceba8bc254a770b589fd

Threat Level: Shows suspicious behavior

The file CustomRP.1.17.20.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Drops startup file

Executes dropped EXE

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:22

Reported

2024-02-22 20:25

Platform

win7-20240221-en

Max time kernel

142s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe

"C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"

C:\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp" /SL5="$7011E,5484192,1081856,C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"

Network

N/A

Files

memory/2820-1-0x0000000000400000-0x0000000000515000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp

MD5 ae797b922f869db23978e6e7074af40d
SHA1 8aca07927d3d27f9400f2845aef507cf9461bbeb
SHA256 190f4c89821dc246ff73e238f9e50366e5f90b5558ad990acbc28922bef4b321
SHA512 6e32bb059a1eb93982318497932f5b329cba1b5287ee7f6cf9320d473fc4810b544ad792de79c5a32a89aeb58809b4103510d4b10632982391973ed80b6cedbc

C:\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp

MD5 f7ba41905e662677693a91ef6fba2f05
SHA1 441a13d49203643d89017bb7bcefd81c52c88457
SHA256 0a7296f78fb32fa5584ee2c525e785a926652d527643781ecb1d4c636692b9dc
SHA512 8a9f4e45dc60933da24ca152e123fce1e0d160c4f2dda162be8ca9efbd8f9d541c1b3a49d2dab55e23e73dc88ef66f344bdafbaa12c0ac9accb76666bd353128

memory/2216-8-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2820-10-0x0000000000400000-0x0000000000515000-memory.dmp

memory/2216-11-0x0000000000400000-0x0000000000751000-memory.dmp

memory/2216-14-0x0000000000240000-0x0000000000241000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-22 20:22

Reported

2024-02-22 20:24

Platform

win10v2004-20240221-en

Max time kernel

53s

Max time network

57s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CustomRP.lnk C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\CustomRP\\CustomRP.exe,1" C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp\shell\open C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.crp\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.crp C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\.crp\OpenWithProgids\CustomRP.crp C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Applications\CustomRP.exe C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\CustomRP\\CustomRP.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Applications\CustomRP.exe\SupportedTypes C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Applications C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Applications\CustomRP.exe\SupportedTypes\.crp C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp\ = "CustomRP Preset" C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\CustomRP.crp\shell C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe

"C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"

C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp

"C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp" /SL5="$501C8,5484192,1081856,C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"

C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe

"C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 167.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 in.appcenter.ms udp
US 40.70.161.7:443 in.appcenter.ms tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 7.161.70.40.in-addr.arpa udp

Files

memory/4896-0-0x0000000000400000-0x0000000000515000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RD1JL.tmp\CustomRP.1.17.20.tmp

MD5 0fb8cc7beee2d6899ea8a4a0856164a9
SHA1 d2a90065ca504db5bdae05d27329ace677669fac
SHA256 250996fc58e740424f7e7d269432ac60878e483f887d1d696e27e4b3369367af
SHA512 0a4df4497a3b5611b1cf7cf71b5444befb5705a3de0e4e20dc95d3e58d5e2e4382b3def4b0ef72d6d55e921c512565c8aea20dda9c67cc205a0e57195fee54c5

memory/1592-5-0x00000000008D0000-0x00000000008D1000-memory.dmp

memory/4896-7-0x0000000000400000-0x0000000000515000-memory.dmp

memory/1592-8-0x0000000000400000-0x0000000000751000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe

MD5 63af645411159b6af72bc5ca26830944
SHA1 f062b012d322722c1557ae23803153a5355ac2f2
SHA256 1f040321cc8a4c721e832db5a7fcbf9d71e840ecb93907ec8df0ef394a175a29
SHA512 fed156abe4b5f9f9b2860013ad0e5fcfe197461efd0cdb18e3d6cf227077e41fce740a1c5efda84e05e9d89dfe12437d8a61993ff2f9ea512442e768fe0c8b1a

C:\Users\Admin\AppData\Roaming\CustomRP\CustomRP.exe.config

MD5 b496e0b64ad960a0b13327a350ed89dd
SHA1 d84f215a7c6766c60bb27fc59bddafa6069830e1
SHA256 4691bf30db39d0cb27f0608e1c01de7865b9e7175667899c0dabc57b91908afb
SHA512 b548343b0188adb3c75557722c35d086365ac0a091bef8164a1ee3e52bf7455edbc17fe1d3297e8da117527afa8639de19aa10c875cacd644b5c13725d0727a7

memory/1844-197-0x0000000000EB0000-0x0000000000FDA000-memory.dmp

memory/1844-198-0x0000000072DD0000-0x0000000073580000-memory.dmp

memory/1844-201-0x0000000005F70000-0x0000000006514000-memory.dmp

memory/1844-205-0x0000000005920000-0x0000000005930000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\Microsoft.AppCenter.Crashes.dll

MD5 1fb364c1d622905aebd6e57500c169d1
SHA1 5423fb63ab28a24e1fdef3616e5e0e3301dbbc5f
SHA256 07125de19eb06c67010039448e898c7bb954d25cf0a77b05d95329ed575f24e2
SHA512 ae724010f049989ec006ce71990073834f8d58ebf1133a589ec3de839acde1c07b136deaf9e237c3b5a3d216ea9dbbc5aaaf482df1b549ee786a7a2e27d6bff8

memory/1592-206-0x0000000000400000-0x0000000000751000-memory.dmp

memory/1844-210-0x0000000005D30000-0x0000000005D58000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\Microsoft.AppCenter.dll

MD5 885481ebbec08fa817ada9a5f7a527ad
SHA1 c9390ecd62766338584a0ff45c71d6abd64db379
SHA256 82e14d7bada761bf353929163bde2cf5c12e41727937ae5f0c7314fcee8be029
SHA512 9b2a24f9d30886321e5961d5bd59377a4500bc5f9de23c5a217e94087a8f8742e3754cfaae8d93c6d3bdf7d6b1fa578a103bc6e98571bd201e1dc9564d38ed39

memory/4896-211-0x0000000000400000-0x0000000000515000-memory.dmp

memory/1844-212-0x0000000005E00000-0x0000000005E92000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\Microsoft.AppCenter.Analytics.dll

MD5 4f0eeea40634e091b149e22d098f0084
SHA1 8426f3f5a89dd8a32e07c54362a523825cdd4361
SHA256 29ce7dd433293977386ae132e3a72b60bf32559f5b56b555166b78953212743e
SHA512 415fe0ee2a36ae51420f11afb9d127bc41fba899274be097674059e5b50fc2a5ee206779160191c3cfb2a24f0c4c8799072ab013adae6a557754883066ad847d

memory/1844-216-0x0000000005D20000-0x0000000005D2A000-memory.dmp

memory/1844-217-0x0000000006710000-0x0000000006720000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\Newtonsoft.Json.dll

MD5 715a1fbee4665e99e859eda667fe8034
SHA1 e13c6e4210043c4976dcdc447ea2b32854f70cc6
SHA256 c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e
SHA512 bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

memory/1844-221-0x0000000009980000-0x0000000009A32000-memory.dmp

memory/1844-222-0x00000000098C0000-0x0000000009936000-memory.dmp

C:\Users\Admin\AppData\Local\maximmax42\CustomRP.exe_Url_r15q51hssngmokjllmk3xsx1r0qzuwow\AppCenter.config

MD5 b684055407f1c6f1a5a4409fcb892032
SHA1 bea3ccc460392870b7919405e88628fbd9c415a3
SHA256 990269e9c519a337e958051e7d1eac9c679326be41650170c411f40e87a1c066
SHA512 6516a57d863b3d93134a2c2144e0e1934287352ba1d222e2093db3cdd605f2a71c9a17dfb9cd46cedf7d54f07be181dace8e9bdb83ce39a211f3caf1a34c1965

C:\Users\Admin\AppData\Local\maximmax42\CustomRP.exe_Url_r15q51hssngmokjllmk3xsx1r0qzuwow\AppCenter.config

MD5 53f6807660d9d0184b90912edebcff98
SHA1 598e3e1dd3ee5fa90518759cec9ce121ab224f36
SHA256 f0d09c6030db95ff955ca67389ec8f578b562dd79e9b7bd70645b03844d811c0
SHA512 e3470a7aae17586c8b92eb3221beedec5431602d5cc8c8d56f62619a089ae6043014fdd3b727762e82637a8871decf4694459f1e213d5093c109edd062214a3f

C:\Users\Admin\AppData\Roaming\CustomRP\SQLitePCLRaw.batteries_v2.dll

MD5 59e7b8c38944a8d591363fb5874dc971
SHA1 fdfe99922a4e9aba60ed6b1859ed331bc5940faa
SHA256 4ed2707cc2644d63bbd27cf39840aaa4a8617b6b275008f031e16d3a76c75e4b
SHA512 5d2d3e138588352267ee8f21d02f7ee6dc9353ce4a22e9fcac56e0016bfcb52ffeb4c530dbd5c6d8d1e2fe0855a50fa909c0b3129eb4fb8e13376f4bfc684f9e

memory/1844-239-0x0000000009960000-0x000000000996A000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\SQLitePCLRaw.core.dll

MD5 5e45fcc43a6a54b13e1d384c3c6c6e85
SHA1 6b54a3602f37ec3b3204914c58fa53f6453ccd3f
SHA256 f424dc7b2ac7172e3041ac567603a0cea940fbfded8a2a8df53b2aa22d445da5
SHA512 0bb27e39263b2cac625761aeb0db80e4cf43b10573cd8126b250620f82be8508cda948f4dc23693956b39db0af4628f11abd5e28b5b8c6d7a024cf5b30fc7b3f

memory/1844-243-0x0000000009CA0000-0x0000000009CB2000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\SQLitePCLRaw.provider.dynamic_cdecl.dll

MD5 359189a6345d70dcb4703cd4b75b5be4
SHA1 afb93196574037c1c84a16892e57766097d579e4
SHA256 408749d563fcea1d444ffc35069cc0f9db4c7d10636e08c522b06368e90b5834
SHA512 9f729288d4953413abff0884cb88944b579adbb2ea43d49eeae560d0992ee71e9ef072c872e7edf22235e924ad4fbf41ddc063ad4858704cff4cb3166b7c7a22

memory/1844-247-0x0000000009CC0000-0x0000000009CD6000-memory.dmp

memory/1844-248-0x0000000009CE0000-0x0000000009CFA000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\System.Memory.dll

MD5 f09441a1ee47fb3e6571a3a448e05baf
SHA1 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256 bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA512 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

memory/1844-252-0x0000000009D30000-0x0000000009D56000-memory.dmp

memory/1844-253-0x0000000009D00000-0x0000000009D08000-memory.dmp

memory/1844-254-0x0000000009C90000-0x0000000009C98000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\runtimes\win-x86\native\e_sqlite3.dll

MD5 e52a4a0a6f61ec95aa51d8ffd682b72e
SHA1 6a3529c7ac873131a766415879b20925ff404b64
SHA256 7dd2e2923e9a988866d969bb5a76a9d3448a11a0f225b83c734161977db564a5
SHA512 0e91687ba8b36cc0a7019ba1bd819f538cd55649914319a074669b7a04fdc9a195d36ba1fd5eeeb6149bffdf46e6dccc6e8d4b8e1cce62aa13463f9410423883

memory/1844-260-0x000000000A110000-0x000000000A118000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\System.Runtime.CompilerServices.Unsafe.dll

MD5 da04a75ddc22118ed24e0b53e474805a
SHA1 2d68c648a6a6371b6046e6c3af09128230e0ad32
SHA256 66409f670315afe8610f17a4d3a1ee52d72b6a46c544cec97544e8385f90ad74
SHA512 26af01ca25e921465f477a0e1499edc9e0ac26c23908e5e9b97d3afd60f3308bfbf2c8ca89ea21878454cd88a1cddd2f2f0172a6e1e87ef33c56cd7a8d16e9c8

C:\Users\Admin\AppData\Roaming\CustomRP\DiscordRPC.dll

MD5 2e9f2a132f59cde7f3a888f5fa674cfc
SHA1 441271e6e1c2a65eb43ac8a76be8d7bf5f0b9a00
SHA256 84ef313d2525da8006167fdd8b78556f5038bf1571e3201e619b3d956fe6d842
SHA512 dd420ed1cfebb181c5706ebda1f88c267a40a158b5d22a6bea54710add2cee395a6dd67e9e04c96b387db791aea84ea3b124db5e424d8b3a2d5f1b807856534d

memory/1844-264-0x000000000A140000-0x000000000A15A000-memory.dmp

memory/1844-267-0x000000000A1D0000-0x000000000A236000-memory.dmp

C:\Users\Admin\AppData\Roaming\CustomRP\Octokit.dll

MD5 c8661cb616427ae0abd25b58e7c4540e
SHA1 5f9fa035ab86b9171c744920d3b84409574a9106
SHA256 c89ca50adab276a65db96b4fa378ec523948899f03fac2936265a58bf6424ca8
SHA512 dcefe8cf7f824ae7c6889f88d1d101540b03884b8cce2a82b3d1152f089483c8ff0cdbae13e8fb08a2149c9de1e83df7008456089d9df57263651c555c6ef39c

memory/1844-271-0x000000000A490000-0x000000000A5DE000-memory.dmp

memory/1844-272-0x0000000006710000-0x0000000006720000-memory.dmp

memory/1844-273-0x000000000A3D0000-0x000000000A3DA000-memory.dmp

memory/1844-274-0x000000000B090000-0x000000000B216000-memory.dmp

memory/1844-275-0x000000000A870000-0x000000000A892000-memory.dmp

memory/1844-276-0x000000000B310000-0x000000000B664000-memory.dmp

memory/1844-279-0x000000000BE20000-0x000000000BE3E000-memory.dmp

memory/1844-281-0x0000000006710000-0x0000000006720000-memory.dmp

C:\Users\Admin\AppData\Local\maximmax42\CustomRP.exe_Url_r15q51hssngmokjllmk3xsx1r0qzuwow\1.0.0.0\user.config

MD5 ba47aff15216dcd0915ade13a823f2ad
SHA1 dddcaa14d8b1ad3c135b264fe034746aca63363b
SHA256 044dc224fe8b17561cc5195c162bd5f8b46207c9b89acbcdbc16628cf633bcbd
SHA512 46ba460062f7a2c3829624efcd93ff85ad648d1e2a79e5ab1b1f0e06ac940f2652370fb8a0093d88c2abba7319b7878aac50ff4b9d55c0bdbd2174c9abc78ac9

C:\Users\Admin\AppData\Local\maximmax42\CustomRP.exe_Url_r15q51hssngmokjllmk3xsx1r0qzuwow\1.0.0.0\user.config

MD5 cd92285e69e8576a00f10db340bcc0f0
SHA1 7648f6ca89f96cda37b97489ed8b4461e260c90a
SHA256 2659761410aebac76cfc1e4763f0047d74a220b9ebe4192bfb80a3638c53abd0
SHA512 df50a7663d61f4f7f11b5c58fda2dc166bd269b7a9bce99be8ae9817ab090eb5abc104ed095d2db8970d05a48423aa363a2b4afcb0311dde4dd3f4740d56a27d

C:\Users\Admin\AppData\Roaming\CustomRP\CommonMark.dll

MD5 e39cd45b2e0390c91b34651c7dd0f7d7
SHA1 172a00f49e8ddb413ade56d46d10c59830ce9c69
SHA256 47c9f22684bae6afd08cdcca386edf8b47fa5e2a749faeb6499dc4b3ca6e5642
SHA512 fd25a41efc0e301049b8b19a7b3fc6122cf187045a32514396603a9ba4305a74c115041583fe86b2b581b2523107b2bd440c9a0e3a1b4d96b22ef632d607ae1d

memory/1844-296-0x0000000006750000-0x000000000677C000-memory.dmp

memory/1844-297-0x0000000006710000-0x0000000006720000-memory.dmp

memory/1844-298-0x0000000072DD0000-0x0000000073580000-memory.dmp

memory/1844-299-0x0000000006710000-0x0000000006720000-memory.dmp

C:\Users\Admin\AppData\Local\maximmax42\CustomRP.exe_Url_r15q51hssngmokjllmk3xsx1r0qzuwow\1.0.0.0\v2msyrmy.newcfg

MD5 df34e89aecd08a90302c4bbdcd6a5021
SHA1 e17e3daf2f5f0310ec712844fae69472c814a416
SHA256 ce48e3babc2f992843d804f6ca53a470693289d17870902a520b95b460276ca9
SHA512 f3c9fc01c0f827ed6e13afca39196d3ae297c779a03f0e63483828e20ebd530c30460be1d74bfa5dbd05957f5e31d22d1da4433d92e371cad65c2056acfe27da

memory/1844-316-0x0000000006710000-0x0000000006720000-memory.dmp