121b577a7dac22764c8d5e89c1b0504edf7803fdf6c5ed15c0c432d9605b4f7a

Analysis

max time kernel
147s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Crux P2P.exe
Size

4.3MB
MD5

08c716898f568707c4514bbb485142a1
SHA1

b210be49e57c9da57b9e7762ba11023e9a4f0527
SHA256

e96b17d8b68aa6aaa20621c086d9cc4562832c5d8f2cc91e0e5484e1b5be44bc
SHA512

940ac0fb7eee08eba0ecb395920b5814729e2b8e7f9d7ad2a366aaa2561e28659ccb59b81ac304c3d5b1a74d442aa503d025f1cf07c95480291f33ed359c895b
SSDEEP

98304:HZadBHHx3WuEWAYJvO094J1ZcDKxclTQ/3XjUtCLvfHunLoxHVUA/bSGCQOm4bdt:HZQRx3WuuYhOuKaE0PJ/

Score

7^/10

adware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Crux P2P.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	Crux P2P.exe

Drops desktop.ini file(s) 4 IoCs

Processes:

Crux P2P.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	Crux P2P.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Crux P2P\Collections\desktop.ini	Crux P2P.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Crux P2P\Torrents\desktop.ini	Crux P2P.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	Crux P2P.exe

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

Crux P2P.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}	Crux P2P.exe

Drops file in Program Files directory 1 IoCs

Processes:

Crux P2P.exe

description ioc process

File opened for modification C:\Program Files (x86)\desktop.ini Crux P2P.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3512 1608 WerFault.exe Crux P2P.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\desktop.ini	Crux P2P.exe

pid	pid_target	process	target process
3512	1608	WerFault.exe	Crux P2P.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

Crux P2P.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with &CruxP2P	Crux P2P.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with &CruxP2P\ = "res://C:\\Users\\Admin\\AppData\\Local\\Temp\\RazaWebHook32.dll/3000"	Crux P2P.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with &CruxP2P\Contexts = "34"	Crux P2P.exe

Modifies registry class 64 IoCs

Processes:

Crux P2P.exeMediaLibraryBuilder.exeMediaImageServices.exeMediaPlayer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10BF271C-85A3-4AD4-8930-CC0E3CEEADA4}\ = "ISXMLElements"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43DF8D22-6F85-4D0A-B072-1C8BF8A57073}\TypeLib	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\uhc\shell\open\ddeexec\Topic\ = "URL"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\shell\open\ddeexec\Topic\ = "URL"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E03E1BF-CCC0-4616-9C0D-8204A83BAEB4}\TypeLib\ = "{607C3F69-850D-4413-A81A-CF1C849BF387}"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\VersionIndependentProgID	MediaLibraryBuilder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4598A7-26A1-4990-BA60-DE0E212AF93C}	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1735A63C-099B-414C-9B22-817C2FC5EC34}\TypeLib\ = "{E3481FE3-E062-4E1C-A23A-62A6D13CBFB8}"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\foxy\ = "URL:Foxy Protocol"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gwc\ = "URL:GWC Protocol"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SWFPlugin.SWFBuilder.1\CLSID	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1182FCD9-9F14-4E4A-BD05-432422B5BFAF}\TypeLib	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\FLAGS\ = "0"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32\ThreadingModel = "Both"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bittorrent	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}\TypeLib\ = "{E3481FE3-E062-4E1C-A23A-62A6D13CBFB8}"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1182FCD9-9F14-4E4A-BD05-432422B5BFAF}\TypeLib\Version = "1.0"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32\ThreadingModel = "Both"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MediaLibraryBuilder.Builder\CLSID\ = "{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}"	MediaLibraryBuilder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43DF8D22-6F85-4D0A-B072-1C8BF8A57073}\TypeLib\ = "{44BF6E4B-B782-4752-B004-CF3260C27730}"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E03E1BF-CCC0-4616-9C0D-8204A83BAEB4}	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E03E1BF-CCC0-4616-9C0D-8204A83BAEB4}\ProxyStubClsid32	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8065EF37-F0EA-4898-BBBD-D37798DE83CB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dcfile\shell\open\ddeexec\Topic	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CruxP2P.PreviewPlugin\CLSID	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5198A470-F9EE-49EB-948C-F8176610A8B2}\TypeLib\ = "{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}"	MediaLibraryBuilder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{32496CEA-3B51-4F2F-9CE7-73D6AC942C34}\TypeLib\ = "{E3481FE3-E062-4E1C-A23A-62A6D13CBFB8}"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dcfile\shell\open\ddeexec\ = "%1"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\foxy	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\foxy\shell\open\ddeexec	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0F89545-DAD8-4441-9DF4-BCB106B12234}	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gnet	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.emulecollection\ = "eMule"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E02F505E-9649-4EB1-AB3F-56FFDFF5B92C}\TypeLib\ = "{44BF6E4B-B782-4752-B004-CF3260C27730}"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0F89545-DAD8-4441-9DF4-BCB106B12234}\TypeLib\ = "{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\ProgID\ = "MediaImageServices.VideoReader.1"	MediaImageServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{7F669B06-74D9-42A9-A157-DD08EE5F30BA}\ = "MediaPlayer"	MediaPlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\ProgID\ = "CruxP2P.RazaWebHook.1"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Shareaza.IEProtocol\CLSID\ = "{18D11ED9-1264-48A1-9E14-20F2C633242B}"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10BF271C-85A3-4AD4-8930-CC0E3CEEADA4}	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59978299-C8AC-4818-83F4-C382BB611D5C}	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CruxP2P.Collection\DefaultIcon	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Shareaza.IEProtocol\CLSID	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB25DAED-D745-45DB-994E-32639D2888A9}\ProxyStubClsid32	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}\1.0	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A82A3A3-5560-4ECE-B38A-D56E1E74642A}\TypeLib\ = "{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EBAD02A1-E1B0-4961-9415-83267B2A5010}\TypeLib\ = "{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DF7CED9C-198A-4acd-A42F-BB34EAA15C02}\ = "Search Export plugin for CruxP2P"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59978299-C8AC-4818-83F4-C382BB611D5C}\TypeLib	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}\1.0\ = "DocumentReader 1.0 Type Library"	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MediaLibraryBuilder.Builder.1\CLSID\ = "{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}"	MediaLibraryBuilder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{32496CEA-3B51-4F2F-9CE7-73D6AC942C34}\TypeLib\ = "{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}"	MediaLibraryBuilder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\FLAGS	MediaImageServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCDE733E-DDA0-4849-AD83-D02B0F4D1DA3}\TypeLib\ = "{44BF6E4B-B782-4752-B004-CF3260C27730}"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49346C06-DC33-4975-978E-E807F7E41EF9}	Crux P2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10BF271C-85A3-4AD4-8930-CC0E3CEEADA4}\TypeLib\ = "{2696CE9F-423F-4901-A109-0C85E6430266}"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\0	MediaImageServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "bittorrent"	Crux P2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}	Crux P2P.exe

NTFS ADS 6 IoCs

Processes:

Crux P2P.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Crux P2P\Collections:CruxP2P.GUID	Crux P2P.exe
File created	C:\Users\Admin\AppData\Roaming\Crux P2P\Collections:CruxP2P.GUID	Crux P2P.exe
File opened for modification	C:\Users\Admin\Downloads:CruxP2P.GUID	Crux P2P.exe
File created	C:\Users\Admin\Downloads:CruxP2P.GUID	Crux P2P.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Crux P2P\Torrents:CruxP2P.GUID	Crux P2P.exe
File created	C:\Users\Admin\AppData\Roaming\Crux P2P\Torrents:CruxP2P.GUID	Crux P2P.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Crux P2P.exe

pid process

1608 Crux P2P.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

Crux P2P.exe

pid	process
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe
1608	Crux P2P.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

Crux P2P.exe

description	pid	process	target process
PID 1608 wrote to memory of 5064	1608	Crux P2P.exe	MediaImageServices.exe
PID 1608 wrote to memory of 5064	1608	Crux P2P.exe	MediaImageServices.exe
PID 1608 wrote to memory of 5064	1608	Crux P2P.exe	MediaImageServices.exe
PID 1608 wrote to memory of 4748	1608	Crux P2P.exe	MediaLibraryBuilder.exe
PID 1608 wrote to memory of 4748	1608	Crux P2P.exe	MediaLibraryBuilder.exe
PID 1608 wrote to memory of 4748	1608	Crux P2P.exe	MediaLibraryBuilder.exe
PID 1608 wrote to memory of 1948	1608	Crux P2P.exe	MediaPlayer.exe
PID 1608 wrote to memory of 1948	1608	Crux P2P.exe	MediaPlayer.exe
PID 1608 wrote to memory of 1948	1608	Crux P2P.exe	MediaPlayer.exe
PID 1608 wrote to memory of 1868	1608	Crux P2P.exe	UpdateApp.exe
PID 1608 wrote to memory of 1868	1608	Crux P2P.exe	UpdateApp.exe
PID 1608 wrote to memory of 1868	1608	Crux P2P.exe	UpdateApp.exe

C:\Users\Admin\AppData\Local\Temp\Crux P2P.exe
"C:\Users\Admin\AppData\Local\Temp\Crux P2P.exe"
1⤵
- Checks computer location settings
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1608

C:\Users\Admin\AppData\Local\Temp\MediaImageServices.exe
"C:\Users\Admin\AppData\Local\Temp\MediaImageServices.exe" /RegServer
2⤵
- Modifies registry class
PID:5064

C:\Users\Admin\AppData\Local\Temp\MediaLibraryBuilder.exe
"C:\Users\Admin\AppData\Local\Temp\MediaLibraryBuilder.exe" /RegServer
2⤵
- Modifies registry class
PID:4748

C:\Users\Admin\AppData\Local\Temp\MediaPlayer.exe
"C:\Users\Admin\AppData\Local\Temp\MediaPlayer.exe" /RegServer
2⤵
- Modifies registry class
PID:1948

C:\Users\Admin\AppData\Local\Temp\UpdateApp.exe
"C:\Users\Admin\AppData\Local\Temp\UpdateApp.exe" "Crux P2P" "1" "5.8.0" "cruxp2p.com" "false"
2⤵
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 2452
2⤵
- Program crash
PID:3512

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\MediaLibraryBuilder.exe
"C:\Users\Admin\AppData\Local\Temp\MediaLibraryBuilder.exe" -Embedding
1⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1608 -ip 1608
1⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\MediaImageServices.exe
"C:\Users\Admin\AppData\Local\Temp\MediaImageServices.exe" -Embedding
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\desktop.ini

Filesize
174B

MD5
5b8a2ba3138573583ff9e0158096ec48

SHA1
fdb99bdc4e7016132b9efcefb5bd4c7210958927

SHA256
66403205bc86d98b75f2449958f717f2f971fca0d33b0d211f03971484e9b567

SHA512
9c329baf537ee23da9fb1bcec4838a70c5776195b42868dac9be21749a0fdb06186c8468c26ef93bdf654996cd620ffe3b9021523ceeda4bd96fcb3d3c5a02ad

Download Submit
C:\Users\Admin\AppData\Roaming\Crux P2P\Collections\desktop.ini

Filesize
217B

MD5
85a624b7f9eed7d7b94d6633cedef278

SHA1
c8b7e4559714f5b304769fe5a87cddbba3225232

SHA256
790d8f5be6a677ad38f7d7efdb38c843d4ba8f3d50efdd059726111274382a23

SHA512
f9e107bf411e2a5f44a5b3713a29cacb7db7d91e40debbc4447ebd3c9842728fe4628c0fcc3c5cea2187a15ced9065a4c203ca04da8da9b74dc38da84d595662

Download Submit
C:\Users\Admin\AppData\Roaming\Crux P2P\Data\CruxP2P.db3

Filesize
9KB

MD5
d134858ac968b33d0092a5ed59af5f52

SHA1
060a80429e0af8dcb4543639e2194c7173f7b56a

SHA256
32b0d73cbec3880deaa6a13bb8f7b8ed396f86b45a94da394992f5d6fc20d1c5

SHA512
cc30e8c8d484ebf516afba0884011a76a2a5b2067305858e514448a5ea5ef4fedb31c49198902105bd6e744b8903b78e505fb5f1e5521912a961945b4f783225

Download Submit
C:\Users\Admin\Downloads\desktop.ini

Filesize
298B

MD5
819c27ae07898f1a5efda4e146dbb174

SHA1
24e7bb0390e2c475922c5727d71404a339ac1269

SHA256
d5e7d3ffbfeffe8c91236b30b1cd3c4cbb80059d16ff6edf52c2027874e1ebdf

SHA512
70618753f2f65544495bae56496a541dfb6f65a61c310e5489660536654a24b0569469c0da207b0287c1ba5f72696607a3a5a3d0ad50de81de74ee18feb18736

Download Submit
memory/456-117-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-87-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-116-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-115-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-112-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-88-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-113-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-114-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-86-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-83-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-85-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-84-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-82-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-81-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-118-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/456-119-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/1608-13-0x0000000074110000-0x00000000743A1000-memory.dmp

Filesize
2.6MB

Download
memory/1608-5-0x00000000002E0000-0x0000000000774000-memory.dmp

Filesize
4.6MB

Download
memory/1608-2-0x0000000074D40000-0x0000000074D65000-memory.dmp

Filesize
148KB

Download
memory/1608-4-0x0000000074DA0000-0x0000000074DCA000-memory.dmp

Filesize
168KB

Download
memory/1608-38-0x0000000072E00000-0x0000000072E26000-memory.dmp

Filesize
152KB

Download
memory/1608-8-0x0000000076B80000-0x0000000076BFA000-memory.dmp

Filesize
488KB

Download
memory/1608-7-0x0000000074E20000-0x0000000074E7D000-memory.dmp

Filesize
372KB

Download
memory/1608-10-0x0000000010000000-0x0000000010120000-memory.dmp

Filesize
1.1MB

Download
memory/1608-37-0x0000000072F30000-0x0000000072F62000-memory.dmp

Filesize
200KB

Download
memory/1608-35-0x0000000073600000-0x0000000073624000-memory.dmp

Filesize
144KB

Download
memory/1608-34-0x0000000073630000-0x0000000073751000-memory.dmp

Filesize
1.1MB

Download
memory/1608-33-0x00000000037A0000-0x00000000037D4000-memory.dmp

Filesize
208KB

Download
memory/1608-31-0x00000000037A0000-0x00000000037D4000-memory.dmp

Filesize
208KB

Download
memory/1608-6-0x0000000076B80000-0x0000000076BFA000-memory.dmp

Filesize
488KB

Download
memory/1608-1-0x0000000076B80000-0x0000000076BFA000-memory.dmp

Filesize
488KB

Download
memory/1608-11-0x0000000074110000-0x00000000743A1000-memory.dmp

Filesize
2.6MB

Download
memory/1608-0-0x0000000074DD0000-0x0000000074E14000-memory.dmp

Filesize
272KB

Download
memory/1608-12-0x0000000074110000-0x00000000743A1000-memory.dmp

Filesize
2.6MB

Download
memory/1608-3-0x0000000074E20000-0x0000000074E7D000-memory.dmp

Filesize
372KB

Download
memory/1608-9-0x0000000074410000-0x000000007442E000-memory.dmp

Filesize
120KB

Download
memory/1868-40-0x0000000072590000-0x0000000072B41000-memory.dmp

Filesize
5.7MB

Download
memory/1868-42-0x0000000001250000-0x0000000001260000-memory.dmp

Filesize
64KB

Download
memory/1868-41-0x0000000072590000-0x0000000072B41000-memory.dmp

Filesize
5.7MB

Download
memory/1868-125-0x0000000072590000-0x0000000072B41000-memory.dmp

Filesize
5.7MB

Download
memory/2216-62-0x000000001AA10000-0x000000001AB46000-memory.dmp

Filesize
1.2MB

Download
memory/2216-61-0x000000001A300000-0x000000001A6D4000-memory.dmp

Filesize
3.8MB

Download
memory/2216-58-0x0000000000E00000-0x0000000000E20000-memory.dmp

Filesize
128KB

Download