crimsonrat | 4bf92841621b08ec1796fa380fd71bd9f6fec65b923aec1dbd5b074f062eaf21

Analysis

max time kernel
203s
max time network
204s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
29-02-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Koid.exe
Size

1.5MB
MD5

15ec276e3c1d3d757eed8698c59c1095
SHA1

28be0d3db48ef6423c2c4e222f5f949b8ed6e845
SHA256

4bf92841621b08ec1796fa380fd71bd9f6fec65b923aec1dbd5b074f062eaf21
SHA512

467196ee35523d4a24bd3746a9785040e092e4aba096c4e342ce1dfe2a9c3b1ca61f207b4581ac97a3861f12f714581854339727681aba1ba93d8e36ef9eb671
SSDEEP

24576:u06LkHhLdZYQVoNVePYOEOKTyBHJsXoAFWlT4Adw/u1/XFlwTUOcA5qmr37Pn6:unkHhLdpPYO1M+Brgdhwmzrn6

Score

10^/10

crimsonrat aspackv2 persistence rat

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

Processes:

resource	yara_rule
C:\ProgramData\Hdlharas\dlrarhsiva.exe	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Downloads MZ/PE file

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 898301.crdownload	aspack_v212_v242

Executes dropped EXE 6 IoCs

Processes:

Avoid.exeWindowsUpdate.exeCrimsonRAT.exedlrarhsiva.exeAdwereCleaner.exe6AdwCleaner.exe

pid process

2948 Avoid.exe
3236 WindowsUpdate.exe
4536 CrimsonRAT.exe
568 dlrarhsiva.exe
2624 AdwereCleaner.exe
772 6AdwCleaner.exe

pid	process
2948	Avoid.exe
3236	WindowsUpdate.exe
4536	CrimsonRAT.exe
568	dlrarhsiva.exe
2624	AdwereCleaner.exe
772	6AdwCleaner.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

6AdwCleaner.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto"	6AdwCleaner.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

9 raw.githubusercontent.com
35 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
9	raw.githubusercontent.com
35	raw.githubusercontent.com

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 280356.crdownload	nsis_installer_1
C:\Users\Admin\Downloads\Unconfirmed 280356.crdownload	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Avoid.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 83522.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WindowsUpdate.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 811412.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 280356.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\AdwereCleaner.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 898301.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1020	msedge.exe
1020	msedge.exe
2516	msedge.exe
2516	msedge.exe
4676	msedge.exe
4676	msedge.exe
2360	identity_helper.exe
2360	identity_helper.exe
2560	msedge.exe
2560	msedge.exe
5000	msedge.exe
5000	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

6AdwCleaner.exe

description pid process

Token: SeDebugPrivilege 772 6AdwCleaner.exe

description	pid	process
Token: SeDebugPrivilege	772	6AdwCleaner.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exeAvoid.exeWindowsUpdate.exe

pid	process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2948	Avoid.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
3236	WindowsUpdate.exe
3236	WindowsUpdate.exe
3236	WindowsUpdate.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious use of SendNotifyMessage 15 IoCs

Processes:

msedge.exeWindowsUpdate.exe

pid	process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
3236	WindowsUpdate.exe
3236	WindowsUpdate.exe
3236	WindowsUpdate.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

6AdwCleaner.exe

pid process

772 6AdwCleaner.exe
772 6AdwCleaner.exe

pid	process
772	6AdwCleaner.exe
772	6AdwCleaner.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2516 wrote to memory of 1296	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1296	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1028	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1020	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1020	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe
PID 2516 wrote to memory of 1640	2516	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Koid.exe
"C:\Users\Admin\AppData\Local\Temp\Koid.exe"
1⤵
PID:2112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa00723cb8,0x7ffa00723cc8,0x7ffa00723cd8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Users\Admin\Downloads\WindowsUpdate.exe
  "C:\Users\Admin\Downloads\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Executes dropped EXE
  PID:4536
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,13052645173258679317,7421915705641440237,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512
- C:\Users\Admin\Downloads\AdwereCleaner.exe
  "C:\Users\Admin\Downloads\AdwereCleaner.exe"
  2⤵
  - Executes dropped EXE
  PID:2624
- - C:\Users\Admin\AppData\Local\6AdwCleaner.exe
    "C:\Users\Admin\AppData\Local\6AdwCleaner.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
263KB

MD5
4389c79edcfbe5a608555a37e2b088ba

SHA1
1e1872ed77f737ca131cb7139cb76447c5efeaac

SHA256
dbbb947ee3dfa391131d85e9bec5ce5a8ba872b672d1363eb6bd9e23547ad33c

SHA512
86dee4c892bde1c64c348b8ba6ec4f6d9ef9853ffa06b018e36eac4e0ff90f8e1321ab34ee2b8bf8551a103dd5d87c1dfd500cf87c50425f3d1233fa3e1186fa

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\6AdwCleaner.exe

Filesize
168KB

MD5
87e4959fefec297ebbf42de79b5c88f6

SHA1
eba50d6b266b527025cd624003799bdda9a6bc86

SHA256
4f0033e811fe2497b38f0d45df958829d01933ebe7d331079eefc8e38fbeaa61

SHA512
232fedec0180e85560a226870a244a22f54ca130ed6d6dc95dc02a1ff85f17da396925c9ff27d522067a30ee3e74a38adff375d8752161ee629df14f39cf6ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a653164-00d6-4296-b3d6-e2df218ddf15.tmp

Filesize
5KB

MD5
39f89b99d0c6042d1fb50af2206076dc

SHA1
7ff3e0ba84993087c85be36beded3e5b1ad5217a

SHA256
dbe00ce6ee1db669843416083a7d299fc3ae09c4c613eb26e993ec195696b736

SHA512
cd25ffe1ced3c1d94f05a8e0f1fd88e31a5109ae51d1ea7b604af958b014241c1793296f07cd954b37149db5c405aacf66c0f780cd4b52ce28065614fbec2c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
624ded2758d87ec6691898f404574c14

SHA1
1702ab511ac154aa7e0de8d67e35c218fd413502

SHA256
b79c5788c9e16d4431777599e4dc3650335535986e2014197a79daf7daaa115b

SHA512
5af06d07ff8d52467dac8e525183b67e18a770226bf3ad01dd69a1743df7596762b5877a857e18533c3e8f2ba7342a62935e78a4105f3b609edddc1a3ed182a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
869B

MD5
775052e5da001a934fb28052c05eb904

SHA1
817ae19d2bc6cff209f40da23726449712aa2767

SHA256
815df60e117fc5bb71aae19db51ca4ebc1ade1958d754d09ae66e84dd958232a

SHA512
3594761895993d2fdf81744dabb36cf50667de3a2a7dee3bf115460307a2df78ef26e700f6d3c5519d4036fbe096b5e9a81df50ad44a3244c5b96ad8f58b466d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03c74efcd094747f7b424991886b7680

SHA1
009f2fb6fe264b0859d85912d4f4f6a28dc6e8ba

SHA256
6e9bb04540b4c15c50755f51503ecba1f74466d3d642cb8b7400d40f86561bb4

SHA512
d04ee0caefa273a5793478fc3a029e73e958016c57d2c698c5bcf90b79a94bbf34e381b4502e4c589e87f44422348c945bfd23d25cd458ceca0dcef0d0ff0f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4829acf50bad99e7e3ded1aa84e41af3

SHA1
4f9bce9a109258f9dd9a1e561d5580e897698da7

SHA256
192b34ebd4f3619ad15c78c3cae5a587d8b9d49381a94c5c3a13d0117c5b0402

SHA512
e0db5777cca08d446e20ef56fb51d579fc175ca7933b7b13ed13e17d84ac615f90b1c96f5e22894461a2dd2a7197ee2059ca26f24d4bde060c3a203f889df0b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91a4da5a3d410c76e0d90c6f7d9a09fa

SHA1
68afce6b4c88a567249f123a7dc810543c1d3c73

SHA256
c505e961f44fbbbace8d63e2b7abf59bd41254a31ef60f776781d045656dcd89

SHA512
1734b847eb94244596ebfd6e1c68dda54fd1f9e7636ee6ad5613bc5a4a040aefc5db72e7df9be44dd368b3a83d7e250794a1257967ee2132037ebb5b5ee61289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38cc4de662386cde08c6bbc7507c17ad

SHA1
6f91dec3594ff6ae40ac4295a5bc67ff8c2a5203

SHA256
098c2d9cb983dd69fcbc8a48121aeaa39f412e063901a4685d7d5e6419249258

SHA512
d49793791c7bd63069d56158de9a6c140926d1ed11ef15092d0d84f3495a29cdcd6b47862992b165070d7db0fa341b1ace078ce82f0e926ffda58c696fe1290f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd04c3ed38242a68cb3075d2016e806b

SHA1
28167a2844549ac7666c9686d193d4915e836e74

SHA256
76142e6f759a15011ef8f3938d2b8d4b2404d4dc66d464e395ed6090b6be3279

SHA512
83f25de5c61f8e0c672e1f0cec7fb1b5267ff99b0234468a3d947103e2f836c45c688058941126ddd4e059188635b447670b2d3155a43a7fc2dcacc90bf72e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e8078014e29535d7c63ee3a18702eb5

SHA1
ca3176d6e3680c8da4ceeaef96ff7b0ca9d0224a

SHA256
6a88895fe5c4ea91f3a9958c7fd73bc727ace0aed7bd00184a748d0c270cfa2b

SHA512
2388f4cbe6e5a88d4ec83ddbc91766deb25452ba6ef142bd62e593e3968bd7d9b56ccc4842620563350c017fa22f0b0bdfb3ebc7ba4f81a6375a3e88deade0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf80cca1333507b458a3fcc5da2ed112

SHA1
6ffd6a67ffb162d358b39a9bdccd5b4f49cea6b0

SHA256
3142f5b886a9257023c411acdfa6ad75fd0f463dcb567e243a792f4c0d6024ee

SHA512
d90c88d1e59630ab5636d229a8a09186bfbfd8b2827f9e74d32f67f11007e1c7952ab0755cd9ef467a8dabb1e19662dab4e7f33a54edf7a6f674aa79a738ae9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580134.TMP

Filesize
1KB

MD5
ac38b9f468f3d6ac8b3f24370a7583d0

SHA1
642228af7e8bfb5e06f8044856a2fd259faeeeab

SHA256
3af8be00176e6a94f6304c62d6c6d5e61b706eed77ef775888f792586468b430

SHA512
3c01ab91f17fa5b90923569cafb06b7eab3f904eacffb9378cc28d3cf98ebf7063a1dbdbf674dac173ed47564721bed816feb1813dcd1d5b04ca7201fd227353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bc019582913fc3857f4901f6a245740e

SHA1
50a5cde8564ab9986b59e83c2c79662cf1ff990b

SHA256
8809d89ec93562226eeeabd48f96cb56de0cf9907715c2c7006222e5fa5c2dac

SHA512
531f17021c399968d1ed917ece637bc862f89993b1fb2a9ba3929fff08632e378527ae1522674bd4e2f3e2e8ee5cc6c0f8bf14041db96c914f7fdaddbb2b2aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ba289c52cd157f037b4f7dcb08d2c153

SHA1
5cccaf257456d2649d797029dc2f5abf4f7c2888

SHA256
89f23b1bd3906f9b9d371ef571b028f01ec1f146e5387501928c77f60690a83d

SHA512
2d3a7f3bd588bfc3b58c991363e9d8be246ffebcd0fee30406ded77030b48976d9c22f6a21d2a07173f330775f9609cfde6724457be4879fff36a12572bbef4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0de174e4cc84df19f3a0d7d68ad48e7

SHA1
f9870152bd87cd11134d94401dd83316fb656542

SHA256
fe6d78db26faa13a34ebf5a42ace981b19f2ef2c5d4012f34a8115e5bc581730

SHA512
1bfe596baf68f6aa4936f7dd3a939055beb9a109688f1b6e36994c7092e49ee77fe9a2321a78084135aaecb12100b4a3cb631f6dde8033c59689ed092dcfab7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc8fd8ad85caadd7c7a0badcab40bc4d

SHA1
8d83500ef6a613f00674dac3933da684431a0d68

SHA256
efc3ceee0c2d5c18540d10bd0893490ae07769924859d98ef79ee2eae35d4237

SHA512
1b26bae428ad46dc976767c7b07039b4d5a09a04060128723879b66edc6a63198e0289cca91541160bf0126537b547491f4c7110a0db3fce37ff295a58b67d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d275d32d85b0f8669cf547ba313b00ee

SHA1
a4d7159dfcdd7bb4fe8a549dc4a65a394025b275

SHA256
968501d703d65866448a9ef142aaa14add221adaa0c88441dd31fc5fb4c15d12

SHA512
1852e319c882eaaca37111a64663a9a3b6c58616b5d60b884f209588a1414b7537395c9873abbca2b7b94ba786b11e25ac3915e5bf2fb7160dc34fef6d145f65

Download Submit
C:\Users\Admin\Downloads\Avoid.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\CheckpointExit.au3

Filesize
483KB

MD5
f6f7c785034f70805b19aeebf1de4a90

SHA1
4d0dc5f92dd8699990d09db5032ea41182428abd

SHA256
1fb0ee031cd0a077ffe5a11b09a577505d623b9fe26df5c22ef72ec86b7896c8

SHA512
7961f997ab05977ea956a9e0de5c1ab99aa58e8d68f7c5fd60b40edeade47ab32b7fccad8108db5d57dc1bb5a70c3022363892f8dab60295194de25487820aab

Download Submit
C:\Users\Admin\Downloads\CloseOut.pot

Filesize
830KB

MD5
ac8cbcef071250148c7daf377ae2bd5c

SHA1
aaa2c130fbe2f4ca8e910f4078ebedadf9fcf373

SHA256
d0f31e2168d12919539c893b02e95639a30a56b3b7b78d5006555d37625af8c3

SHA512
acece9beb6c8713fd8e39656d930a933117215dc3e2e2b5f866f3a17fcfe44e0cb2b8d7d6f828bae11eb4e03c0347931be66f12902b7d94626f6569fbf170a0d

Download Submit
C:\Users\Admin\Downloads\CompareRevoke.m3u

Filesize
508KB

MD5
a9535d6c486a17a816971decb1cca401

SHA1
7e3c3063364cf118bf258c577eacc5b5ee46a646

SHA256
c5130740bb427b1ccce046fe924cfed3a36e3757707c5bb615bd3e2371e47235

SHA512
b71d04253c8fb81746a70e975e1e2bd28bd050ee3a63db63582acdf783d21a867a32217ed7e111d96dd7cc3ceacd0c8f94b3fef98d5c99f163c45f810774d0bd

Download Submit
C:\Users\Admin\Downloads\ConfirmApprove.docx

Filesize
372KB

MD5
40dd5539e2dfbf82c1053e44dae5d87b

SHA1
6a468a09d6bdaa65c5efd06942e8b52ce9ef0678

SHA256
381696f3a4b25d9921bd830ef02ba98df5cd3ead52ea575e6f2de0f0e7491e02

SHA512
62e1992148cb8cb484b55c304618e1866e9492e5fff3b6b430446d64a483886b82269504f5f5e643387467d0e7ac0fb5bf6807cd7063fef142e913baabe5bfb0

Download Submit
C:\Users\Admin\Downloads\ConnectDismount.pot

Filesize
210KB

MD5
4963f84558c42fa6af33120098d0faed

SHA1
987894b2997bb3b8f1fc08666cc7000a4116d2c1

SHA256
a97d3736b30a99ca4147590cec7289f3a3f28539f51811afda4c3bb4670cd0ec

SHA512
699c2eb96d11b606ac68223487ce4e885cf366bf368bb564ceb7b06d5c57fc129edf204053d66c9b038747397a584a530808c15d8eb13d165a19b77d4ec903cc

Download Submit
C:\Users\Admin\Downloads\DebugProtect.dib

Filesize
421KB

MD5
8ceab9692e073f53bc9ddebfc9ed4d02

SHA1
cafb88cfd76d524a2225fed484d1849d5fc10845

SHA256
32800d96d9d51ebde40473b0c2c8b04d72beca3c58abd7c7c5065d50e9bcd283

SHA512
a3ca4c50672d84da2d75edc184ef5d637a20528ec100f842ed7f0a53a5224bbf4bcfe14544f37431857c0e6825902e084ce87f20145eba40972aaad453fc8123

Download Submit
C:\Users\Admin\Downloads\FindGet.TTS

Filesize
496KB

MD5
26f4c4ca24d42142a713906d76493c02

SHA1
042f777b3e6c499af6043a4feeede6ac6a2fd832

SHA256
c0368129ff2d7b4549af2a8baf23d5ce5c6ff3a0547036825cc7863cb43b6783

SHA512
e306d0b293c1d2b992082d37f62d5fb92bed4b9a69cf62b8abce9b4b4d0d4d39efc3439d3bbd14b2ae568df7f5f5d400ffca42dd738766125846eaa8b155b139

Download Submit
C:\Users\Admin\Downloads\FormatSearch.cr2

Filesize
545KB

MD5
fddc4133fc0e35d73262e0e5a2cc739a

SHA1
281d69aa3e8ad622c4054e5d7519f04ae12dc111

SHA256
6626f47ab3b21e57f48e90fe01a1ca5c79399fd2132cd7801ccbe4d9738b77ea

SHA512
e6087810afb9b133ae5a859341b445490b07f6ea85ae2d3b0eea3f28967372fe7f1be8cec3131a2a35858ff099549f6b493531336b1d17eab31a60a69c542627

Download Submit
C:\Users\Admin\Downloads\HideUndo.rtf

Filesize
384KB

MD5
c085ebeaa390fa053e9c6f3e0a8ce4bf

SHA1
069f047c5912406bf80747f295bfd3a6a97814c1

SHA256
fd0d1cfd3048f691764be27f7d14e6a61e7942d62ec7b31cec09218008794f4e

SHA512
d3440c91e03acad984c468ebf19b0195e0e36a62866d6c38a786c4943fd0fe4e72be709863f9f68d883065d7fe6326786ecd3ca81009117e63638ad1bb139db0

Download Submit
C:\Users\Admin\Downloads\ImportUse.crw

Filesize
558KB

MD5
9bd4d6f81d6eb405cba1286a4fe88f7d

SHA1
bef56a19bbd66e42668540244f1347f48f596bee

SHA256
96c2b70c90fda9d7aa47208009731801664520f5328b096a41c87b5bd527ebbc

SHA512
29b9f0e94529efaaa4461f1c3422cf935dbe95e185ac7f729f319f6a340c80b24720184f15beb445fb0a3d8faa61364dde3c3746d635c799a22a997b007312ba

Download Submit
C:\Users\Admin\Downloads\InitializeDebug.potm

Filesize
248KB

MD5
74f3588fc09cdc96d1c3316073c1a8e0

SHA1
6e97989b6753f014ae37d24715f5fda98fabda43

SHA256
9618f39ce1834b3a66340db657a289dbc616dc3bdeec51d140c136561925bdab

SHA512
4bc48782d2361c250fa7f36c9d86bf533dc3b1c655dd7464fc78a04a3595903f9f367aa40621c45a0ffc247215958647784bf09f43fed65ea5260e3490afa64f

Download Submit
C:\Users\Admin\Downloads\LimitLock.svg

Filesize
260KB

MD5
94246fd1413727b6fed4db0512ce4a50

SHA1
94f81ef9d879c00563c5b335eb250dc02be7703a

SHA256
707e0c6d5c8f53418567839b88aebf364be2a37df8be47669131c0a59545c900

SHA512
def75aafb45822c6d389219f24d2535bb308b9edd1d9dbb3be481e9d0d92d7a9246f9f06f8416b8e65212a58f7e8ce2dddbf3a250538ca0dceb1dcdcb1a55b79

Download Submit
C:\Users\Admin\Downloads\LimitRestore.mov

Filesize
235KB

MD5
50afb162d79e27d6a4c6ed15da368117

SHA1
f3e4c3054caf81b11e41bd0dc16af683a25bffbf

SHA256
502fbe3ddb5b87358e5e9783c7dadb1f64f4f3bba2aa7f77249d43a5833e99f3

SHA512
4e2aabc047c0b2ea39e8f90fac3e7808db447dca391002f069c8730d78c20c4d8462714ee2bafede1b4c7f802687851e4e453a0cbe01873ad9f4f32543d06227

Download Submit
C:\Users\Admin\Downloads\MeasureUndo.emf

Filesize
520KB

MD5
fa1d56c08ce3e6cdc56e1c7cac931ad3

SHA1
fcc54a88e85fb4cacd70936ec3bcfe843207fc6c

SHA256
33db4b1de28c83091c52fe8ddebd59d90ab371a29909795364ebfaa19407181b

SHA512
8835aeafb803a2b16cdf0678c0a23b7a6ab4344d72f571b65a559ee09a6defe7bda0be6c405f0f7e8a64dbe13085836f916e2fbad3bcac517e9bdda59c544d7f

Download Submit
C:\Users\Admin\Downloads\MountHide.css

Filesize
570KB

MD5
3b4379aeecca304b99edf9cb09ec50bb

SHA1
cdb9c0b2356a2256b52d92dd77e840f9e5267895

SHA256
119ad668ebd9b9ce3538936d08cecfc8c14191f3690a285a8e74cb2cb9c56731

SHA512
bc3d34a35979992e50f8c4504c8c152447018ec04be127b7440748ea175c08761effaa8c64d20f8ce7090e05bdf5eefaeb115b5b66cd8e350a41f8987abaaad3

Download Submit
C:\Users\Admin\Downloads\NewEnter.vb

Filesize
471KB

MD5
1a1135963c9bbc22a30c96d734d2a6fc

SHA1
8a32bb1ac39b4af3d699aa68f32a94f6b9229584

SHA256
e1a2330e214865bd188bfaa4e249f47a3783ed81143ea80aea934c7c4b082a16

SHA512
e188da319821717d406ab7c8b5837fdee9ef5fb4894f315152af598a7b065b729d321cbe91e7767c0424297b91ad3c21262256ab0551e22b198a2f4b7ef4655f

Download Submit
C:\Users\Admin\Downloads\ProtectApprove.png

Filesize
434KB

MD5
87a9b6eeab3ebe95557ae591474a5834

SHA1
cfae1bcb9ce86070fce2dd326ca9672c2255e9e0

SHA256
adde3c0111c2a2f79f51b3dc7889c8f3e55098585fecf150a49d2d1690c702dd

SHA512
cbabfc7065f63871105947b7baf01d9be461075b19bf10f18088b5a67c6c40292a811bd97a39ccafc70901c5c5826e54da800be9402a8dc9a2f71883788e1735

Download Submit
C:\Users\Admin\Downloads\ProtectRename.snd

Filesize
223KB

MD5
f00670b5470d371fd186aa28e03cfc52

SHA1
c31845ee7a4f4b714e72d6b0c0cdbc36aed57f2d

SHA256
7d03e2d7e9859dd05351089fe51b2eb795fd7f1afddded80ecd2378cff575155

SHA512
1ebe90cb5efd912b4ce4f92c107deaa0c2d89dcda1714761a1dbd8df3e072ffb4dbb0e1c47e43e428739d4468290eff1c670cd5a3030b9f4a81ddc322142f2a5

Download Submit
C:\Users\Admin\Downloads\ReceiveTest.ttc

Filesize
458KB

MD5
ca61ebcf649d9ade7eb70311ad34b61c

SHA1
7f41a1f2aeebd01c7fcb510cb3c0277bd8a3a2e5

SHA256
71473fed50add8c002ab4e4c33fc1c3a4f45bdb8922870aee661d2def6050ec7

SHA512
fad6244ed0ca6c06a75db9eb4013f61ded546131040903353ce2083b74d939253ba6ab4fe384286db890f4412e173fd2e59e4e0ff800449197f5d7de449f5fba

Download Submit
C:\Users\Admin\Downloads\RedoOpen.php

Filesize
285KB

MD5
0ed2661909b3bc6c3ea1c1ab3519fe96

SHA1
73603b1dca0a83720dcb86d13f3d3cd7f8a927f9

SHA256
b72476f5161c82a0795e68beaf0a0543b94ee00b8791df23d696fa7f2ab81aaf

SHA512
55396c5dc743991cf0e153577262a8e86437d1e7337c3d77b379f0e5cd85304b2469e6b5e8e78347aa1e66927c64f674577c26b691d6268297a0f6f9afd90d2e

Download Submit
C:\Users\Admin\Downloads\RequestStep.odp

Filesize
446KB

MD5
1541a7fd3ee61e2e4dabfb3312b4658d

SHA1
df9513c9cf1f0320d349ef9cf3cf55f1ac0673c0

SHA256
30ba13a08b4f8d6d3c4525f44afb12f9661e01e5c5d06bee4312db090f38fc41

SHA512
1acdbe68f54727a8c81e65fccc36aa87d28018345470be452f70ff7c90f6d49f4076bc068e290590adab3da4b4111cfa94b5973b510b628c3e85af386f785a11

Download Submit
C:\Users\Admin\Downloads\ResumeDisable.wma

Filesize
272KB

MD5
25727447b9a9ae9bbaafe6678e95a8ed

SHA1
b649490141fe4d897d5ad80f1987def26ff13032

SHA256
96a7e4f6695435ea2823c80e14089e045f568de46bac829a6b261006474bd026

SHA512
4297d915571eb0f85fa8df630cadb82310f75885c37312c78747256651568d56f1d591992e7b668822cf4cb9fec6301d177fe5b3274da278a1c08f270e777cdf

Download Submit
C:\Users\Admin\Downloads\ResumeDisconnect.DVR

Filesize
409KB

MD5
54129bfa34742f27e73b69504156217f

SHA1
c3837ef93c9fc8832dd161bac2be56153f223a0b

SHA256
48e396bbd823753b1edbbec7adf76da0ce4989db120a779302f5afe1782162b6

SHA512
3dcce8a084f3410a7ff4faae1b955ff6f95a3b4f931ca086cc85bad8c47470fde114f961c780742abddbc809e1e374b45142aa89c33c2481a6dbe3629e3d2276

Download Submit
C:\Users\Admin\Downloads\RevokeRedo.vssx

Filesize
322KB

MD5
8f1ee0fab00fbe58001bc99fbfce801c

SHA1
f28757261242296737056fa445eb854d3be94008

SHA256
2aeb49af7a05801153889c66776c513f897b1a7eb8fe020644df46e825fef4e5

SHA512
deefec9c81b219b313820941cdc07c501723a90b7d80e5d52cbf5594d4013f793bc9e47ec45c2e9f1b39eea2adfa0d5e1c41abcf750eb3d9f4663e666164164d

Download Submit
C:\Users\Admin\Downloads\SplitUndo.vdw

Filesize
359KB

MD5
e8ac27e2aa040659e9e696c3f2f4de7a

SHA1
7ec259bb973d0c8c5c9e054e9643a417d547b2d0

SHA256
a14a8ad846ff83634440fd99c1dc4bde899400b29b610459f36e8d8cc556880e

SHA512
2a49dce1af9e873683b90a77c8fe3eec0a1b125c042c54188c420728dc567095661697cc77fa11fa570463ad8b53226fe176db7a8294ccce28da2be3baf09163

Download Submit
C:\Users\Admin\Downloads\StepWatch.mpe

Filesize
297KB

MD5
d1221f6f873f299f4d46001724d3fe57

SHA1
a93cd82a6c69990374d18b1e1c8b7c3b5abbcb91

SHA256
b1cfdfcab131786ced5b0b58f8f6f8f4e6214ad7fb1a54894f68abd3fa17ee15

SHA512
121dd45b5aaf16d572daa9d3ec6e9391686c04bed5311a8afa0f3ad103b266f58520ff030e04f825a8a4f2de35611fcee2b3203e5a6b3441b05cad0e5f0eb6d6

Download Submit
C:\Users\Admin\Downloads\SubmitDebug.emf

Filesize
595KB

MD5
076d47ef774fa219ae37aa44be6691c6

SHA1
fbf7610b06b132ff7a16aef61023c6fa7fa4b893

SHA256
7eb821dbfde0cab4a37e9a72d24ce4cbf1e2e6766c30aa5806210f8ffd4375f9

SHA512
ab60cde873204ed5628b3ca2f458b07fc98c85dc3c3cb6f4219e59a526cccd367ea73995772f4e7ace90d36459122d08add569dc727c4fa607043a461c2a573e

Download Submit
C:\Users\Admin\Downloads\SubmitHide.wma

Filesize
396KB

MD5
b76bd16c15fe9590ec38637656a0fac5

SHA1
9d33b28c51759cf8383c26938af14ed64c2a2043

SHA256
e6b1f931366e49d46ea8cf7a20f2242c464f524dbb817590437129c117de3c9b

SHA512
bf1fc51ecaf9f52770a3377a243e5153ef2f4b1463355e275a4ddfb38907a53b86967fea064b252d052daeabb95e687f212515dcb659966610a0110458e165b1

Download Submit
C:\Users\Admin\Downloads\SyncEdit.jpeg

Filesize
347KB

MD5
da90bdd4c00bee0927eeed5e8b0cc9c1

SHA1
33975b9749d990c28aee38d13b71decc4ab1dceb

SHA256
8c9f530af05a5a989a0283b14d7e9194b330b5e82be5f9643844100d3b34091a

SHA512
ff6e260d7dd094ca4a25f09e4b1257753bd454b012602b3a1d0f085d5a9051fdf829ebeb6d5acd611676202bd1d417ade9fc1d76cb8bf6daa96c3f43d7c82d7d

Download Submit
C:\Users\Admin\Downloads\SyncUnprotect.ttf

Filesize
310KB

MD5
f6d72b5e47792c47dc531821dc0b9c35

SHA1
56ca7ece249e310ce4c00f9837fc1604373f11d1

SHA256
882d5a5c69e8b92fc842af700b8ea72114133922877dd5ca7c59a41e0a00c6be

SHA512
de03398174fcb59c4a8f3195dbbff6906fceefe5168c82f9c42119e8142e4b0abcbb8b586dae6f953f438f5a4a48bde053e107c348cd7d12583d8da2bae690b9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 280356.crdownload

Filesize
190KB

MD5
248aadd395ffa7ffb1670392a9398454

SHA1
c53c140bbdeb556fca33bc7f9b2e44e9061ea3e5

SHA256
51290129cccca38c6e3b4444d0dfb8d848c8f3fc2e5291fc0d219fd642530adc

SHA512
582b917864903252731c3d0dff536d7b1e44541ee866dc20e0341cbee5450f2f0ff4d82e1eee75f770e4dad9d8b9270ab5664ffedfe21d1ad2bd7fe6bc42cf0e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 811412.crdownload

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 83522.crdownload

Filesize
760KB

MD5
515198a8dfa7825f746d5921a4bc4db9

SHA1
e1da0b7f046886c1c4ff6993f7f98ee9a1bc90ae

SHA256
0fda176b199295f72fafc3bc25cefa27fa44ed7712c3a24ca2409217e430436d

SHA512
9e47037fe40b79ebf056a9c6279e318d85da9cd7e633230129d77a1b8637ecbafc60be38dd21ca9077ebfcb9260d87ff7fcc85b8699b3135148fe956972de3e8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 898301.crdownload

Filesize
248KB

MD5
20d2c71d6d9daf4499ffc4a5d164f1c3

SHA1
38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8

SHA256
3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d

SHA512
8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

Download Submit
C:\Users\Admin\Downloads\UpdateCopy.xps

Filesize
607KB

MD5
4028038bdb8f1fc2d29c1f3a541b8cc0

SHA1
5bd10b982f34f2225e58ea1e4726c64770b6c8a9

SHA256
c875bb27db6316263e343298d29bc595a164c585ce8f609a52b40562fe066a76

SHA512
27e620b86b4f48deae93386a0631c986c60958bb618ac5aa278b9fa4a8d5cc8470f3c01867d5d7750bf99a5e79c91e2c90ef99275bc495e96c150e22446c24f8

Download Submit
C:\Users\Admin\Downloads\WaitExport.otf

Filesize
334KB

MD5
f94f6862677538c3702ccf5eec69144d

SHA1
826014796a261d1f0ce431ab9d7b359aa41f6834

SHA256
064970bd3df5b297404ed1d5b0e03d15e5d617b097ad07b86918465c9fc06d7a

SHA512
37600a68d6e687e83d00ec59741ab7975900b6a7f20760d2cdc60af41a32bcd029933b6601a793855dc25ea9a560e6731e8022c832685b0e1c55ad07fb007abe

Download Submit
C:\Users\Admin\Downloads\WaitSave.mpp

Filesize
533KB

MD5
c7f76aeef522f689e69aa92a1aa46923

SHA1
7853f9865bc0a50520c1c265cf04d4849e085291

SHA256
5ba45a5e8bfbd47fa152301fb6f868a02a716d2e2c503b96f964aa305fb754ae

SHA512
7d2a069d958e7153073f65c8263c4812b7d2c67313fe4a798057f32dd96cf9b6b51c88e2681fd7f54742793d505d6b0685432d54a358f5ec04ce02d6518cfe74

Download Submit
C:\Users\Admin\Downloads\WriteRedo.mpeg2

Filesize
582KB

MD5
67af4bd067a4234ac2e893ec55084c8c

SHA1
a7f2385362df884268441c999a1a5cf49dd9b829

SHA256
fbc2a0985f3227a9a71442aba6fd6c31410808efca39213f2c69575863844711

SHA512
37efd19c8ae53c65a7380d09c577d5248b01622d2b7a2e0044ac45fe72e8ecb8ab8dead2e6e4481f9cf66d2202e205ff983af6395b07563c9702467d2510b3ab

Download Submit
\??\pipe\LOCAL\crashpad_2516_VRLZALKKSVFUJEWQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/568-585-0x00007FF9FDE00000-0x00007FF9FE8C2000-memory.dmp

Filesize
10.8MB

Download
memory/568-532-0x00000174787F0000-0x0000017478800000-memory.dmp

Filesize
64KB

Download
memory/568-608-0x00000174787F0000-0x0000017478800000-memory.dmp

Filesize
64KB

Download
memory/568-531-0x0000017476010000-0x0000017476924000-memory.dmp

Filesize
9.1MB

Download
memory/568-530-0x00007FF9FDE00000-0x00007FF9FE8C2000-memory.dmp

Filesize
10.8MB

Download
memory/772-646-0x00000000007D0000-0x00000000007FE000-memory.dmp

Filesize
184KB

Download
memory/772-685-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-692-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-691-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-690-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-689-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-688-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-673-0x00007FF9FDE00000-0x00007FF9FE8C2000-memory.dmp

Filesize
10.8MB

Download
memory/772-661-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-651-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-650-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-647-0x00007FF9FDE00000-0x00007FF9FE8C2000-memory.dmp

Filesize
10.8MB

Download
memory/772-648-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/772-649-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/2948-382-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2948-358-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/3236-422-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/3236-423-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/3236-424-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download
memory/3236-452-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/3236-497-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download
memory/4536-500-0x0000012EC01F0000-0x0000012EC0200000-memory.dmp

Filesize
64KB

Download
memory/4536-498-0x0000012EBE490000-0x0000012EBE4AE000-memory.dmp

Filesize
120KB

Download
memory/4536-499-0x00007FF9FDE00000-0x00007FF9FE8C2000-memory.dmp

Filesize
10.8MB

Download
memory/4536-534-0x00007FF9FDE00000-0x00007FF9FE8C2000-memory.dmp

Filesize
10.8MB

Download