asyncrat | 215d09d1793ed0f9da71484b97fb12b7d40b0fc0cb5f509e037ed721760c9d96

Resubmissions

21-06-2024 18:05

240621-wpjyxssgrq 3

19-05-2024 19:58

240519-ypxk5afa97 10

19-05-2024 19:48

240519-yjgygseh3x 1

19-05-2024 19:17

240519-xzbkzade91 10

Analysis

max time kernel
1694s
max time network
1616s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

httpsgofile.iodntQlho.txt
Size

26B
MD5

beb4937bff161601f6e59c168205d2da
SHA1

c26f4c5c7334eb6184d08adbacbb8fb6a8653ab4
SHA256

215d09d1793ed0f9da71484b97fb12b7d40b0fc0cb5f509e037ed721760c9d96
SHA512

16ab09407a5af59545ef8defb651b13572987bbcfb4fd87fef2de24d977ab3c6e8b7d83e83cb8247fae050724ecea880637b57b2dcc6164279207478b35f4eb5

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Zen9\Zen9.exe	family_asyncrat

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
behavioral1/memory/2100-1323-0x0000000000F00000-0x000000000459E000-memory.dmp	net_reactor

Executes dropped EXE 4 IoCs

Processes:

CraxsRat3.7.1.exeCraxsRat3.7.1.exeAnarchy Panel.exeAnarchy Panel.exe

pid process

1656 CraxsRat3.7.1.exe
3616 CraxsRat3.7.1.exe
2100 Anarchy Panel.exe
4724 Anarchy Panel.exe

Loads dropped DLL 26 IoCs

Processes:

CraxsRat3.7.1.exeCraxsRat3.7.1.exeAnarchy Panel.exeAnarchy Panel.exe

pid	process
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
1656	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
2100	Anarchy Panel.exe
4724	Anarchy Panel.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

5152 timeout.exe

pid	process
5152	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Anarchy Panel.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\TypedURLs	Anarchy Panel.exe

Modifies registry class 64 IoCs

Processes:

Anarchy Panel.exemsedge.exemsedge.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	Anarchy Panel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 = 4e00310000000000b35836a310005a656e3900003a0009000400efbeb35836a3b35836a32e0000006ce901000000040000000000000000000000000000004f3a10015a0065006e003900000014000000	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Anarchy Panel.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1936 NOTEPAD.EXE

pid	process
1936	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 46 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeAnarchy Panel.exemsedge.exemsedge.exe

pid	process
4536	msedge.exe
4536	msedge.exe
4904	msedge.exe
4904	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1780	msedge.exe
1780	msedge.exe
5024	msedge.exe
5024	msedge.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
6140	msedge.exe
6140	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

7zG.exe7zFM.exeAnarchy Panel.exe

pid process

5732 7zG.exe
3132 7zFM.exe
2100 Anarchy Panel.exe

pid	process
5732	7zG.exe
3132	7zFM.exe
2100	Anarchy Panel.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exe

pid	process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

Processes:

7zG.exe7zG.exe7zG.exeCraxsRat3.7.1.exeCraxsRat3.7.1.exe7zFM.exeAnarchy Panel.exeAnarchy Panel.exe

description	pid	process
Token: SeRestorePrivilege	5732	7zG.exe
Token: 35	5732	7zG.exe
Token: SeSecurityPrivilege	5732	7zG.exe
Token: SeSecurityPrivilege	5732	7zG.exe
Token: SeRestorePrivilege	6060	7zG.exe
Token: 35	6060	7zG.exe
Token: SeSecurityPrivilege	6060	7zG.exe
Token: SeRestorePrivilege	2256	7zG.exe
Token: 35	2256	7zG.exe
Token: SeSecurityPrivilege	2256	7zG.exe
Token: SeSecurityPrivilege	2256	7zG.exe
Token: SeDebugPrivilege	1656	CraxsRat3.7.1.exe
Token: SeDebugPrivilege	3616	CraxsRat3.7.1.exe
Token: SeRestorePrivilege	3132	7zFM.exe
Token: 35	3132	7zFM.exe
Token: SeSecurityPrivilege	3132	7zFM.exe
Token: SeSecurityPrivilege	3132	7zFM.exe
Token: SeSecurityPrivilege	3132	7zFM.exe
Token: SeDebugPrivilege	2100	Anarchy Panel.exe
Token: SeDebugPrivilege	4724	Anarchy Panel.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe7zG.exe7zG.exe7zG.exe

pid	process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
5732	7zG.exe
6060	7zG.exe
2256	7zG.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

msedge.exeCraxsRat3.7.1.exeCraxsRat3.7.1.exeAnarchy Panel.exe

pid	process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
1656	CraxsRat3.7.1.exe
3616	CraxsRat3.7.1.exe
2100	Anarchy Panel.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

Anarchy Panel.exemsedge.exemsedge.exe

pid	process
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
6140	msedge.exe
3824	msedge.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe
2100	Anarchy Panel.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4904 wrote to memory of 3152	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 3152	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4520	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4536	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 4536	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe
PID 4904 wrote to memory of 384	4904	msedge.exe	msedge.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\httpsgofile.iodntQlho.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9509d46f8,0x7ff9509d4708,0x7ff9509d4718
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,13089388188235659332,11348449105164507103,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5152

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap24766:86:7zEvent15675
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5732

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CraxsRat3.7.1\" -ad -an -ai#7zMap10971:86:7zEvent24199
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6060

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26472:86:7zEvent30029
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2256

C:\Users\Admin\Downloads\CraxsRat3.7.1.exe
"C:\Users\Admin\Downloads\CraxsRat3.7.1.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1656

C:\Users\Admin\Downloads\CraxsRat3.7.1.exe
"C:\Users\Admin\Downloads\CraxsRat3.7.1.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3616
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c start cmd /C "color b && title Error && echo Please initialize first. Add KeyAuthApp.init(); on load. && timeout /t 5"
  2⤵
  PID:468
- - C:\Windows\SysWOW64\cmd.exe
    cmd /C "color b && title Error && echo Please initialize first. Add KeyAuthApp.init(); on load. && timeout /t 5"
    3⤵
    PID:5176
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:5152

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Anarchy Panel 4.7.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3132

C:\Users\Admin\Downloads\Anarchy Panel.exe
"C:\Users\Admin\Downloads\Anarchy Panel.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\Downloads\Anarchy Panel.exe
"C:\Users\Admin\Downloads\Anarchy Panel.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4724

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3280

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3145080feec14a6490a265393d5a1472 /t 2188 /p 2100
1⤵
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\34278fd1-4498-411f-a243-45022c5b0935.tmp

Filesize
11KB

MD5
000ce1674c1e8bd343eedac7a742550d

SHA1
046267b48f7cb51f40672e6cf8b955cb66bc544d

SHA256
98161819fc155390c9f68d22c06930d5497ba19cf3e94415f683d6836565f358

SHA512
bb2d7974e6ea04f78751c2b9965f422eded4ac66b10318fe0859088f430edec874fcad112fc487f21ab0a92450045e501d424d4cd3d951c27d3b99ccd8cdd491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
6bb6369bad275f61c745da85873882e4

SHA1
0186cce8e9eddd61c7c1f2177f17b1caa8a8ff9c

SHA256
c80e5cf622ebaef47009c59f1e56de3bb273bcd69ac17085c61c7283f8781554

SHA512
ea4a9243305b987e25d6a0bb18212e4ad6d852d7d6581d0eafa0dd0bcb51c837ce8971c23bf0d684098dd8929662c7346e0ceeed306c0290d04dcc96243a9051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8567e53126d9ed772d48063d5a7df44d

SHA1
5846edc5d1be12a2d3fcf38962965895bb7de605

SHA256
0b64df6fdb23423fb05aff6901a4df89f6447f12bc03df0623fc0e4058107f7f

SHA512
56f7ea8d9faae8150d931279d3af6c74412d102efd511121defb08b9cddedd1c5cde00726b103beaf6fcd0fb864dc63b366b147db570cc262e08fdbfa8325d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
a22ac98703578dab4e089f7b2658181d

SHA1
b9d19070e3240618f659fde83c5b05c97ac891dd

SHA256
9d8b38da47c2ef4da94c7bb3ba34317f2f5e57f73db0c140396d2b899c7b7e45

SHA512
0b460999da4153be276491d1fdb4291be6e88c7c86ad074d5219dc7dfa9cbdf0f84299c2e7069c28a451a9a624682f84450acc2c69e47a78f04c3b4747863d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
afc6cddd7e64d81e52b729d09f227107

SHA1
ad0d3740f4b66de83db8862911c07dc91928d2f6

SHA256
b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0

SHA512
844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a164641a6e5c166eaf6a209a4c57e814

SHA1
6d4f5addc5caa3d7b8504fb7ef7bd9636631853c

SHA256
6c88c052101116711aba57776dafc03e85b37386bbfd208d6e2f3dcdd0d996a4

SHA512
9edd46da07c1b954d107bb513e3037598fa3520caa7901851e341d6145fe523ae8daff4d290084a6783e206cfe666f1f901f785dcb1ecb586f19bde204f178c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef4f13314d51f4708a30fdf522c1700a

SHA1
3214523f2856d49a96e9f5346fe64d7262ac18cb

SHA256
50083923be6b8cf403de8b6747092aebe1b772bad015a00de1f7faebf4ce12b4

SHA512
7465a8e5b39553ce708f8aaca700be852dcbf5733052855feda967dd0b8b767871bfd8964913d3acc8a7bef36e6820e327c5f95aed8988671ac9a8e989843414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a8073c4b954c8a6fd5081ef41340ff2

SHA1
2fb717e5d9c4f0d862a72f10cc44898ab0ac8b55

SHA256
10469573a374401326fe62896f20ad5ef500eaee641b5f87933e9649be69a720

SHA512
e8bcf5939f775394b0b736f263d29528d3079e061a2dabdbec1fdad1a648debcbb9c4376fc31ffa9c5f58304bb04a60988ddb15461af0506a7194fc3df84ae61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cfeab7e94ce487ae24b667f35642853

SHA1
e398d7d11d30f6f643baa9c691e4909b670d3ddc

SHA256
db2d5fb343b9a83444aafc3c9ed9b83a9e5655b6b29cf9caf840af0d96bce0f0

SHA512
6ed2f9dcb545f86d3ba1dfdc88aa143d74a5b848cffe7d57fb955b3a231a0c81a47c1219dd1333c0c0a498250579f6447322fd30e72944571a1791ef36841a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e9739c6e7a339634855171ec66add75

SHA1
11e66bfc3b9fda214749b0a1caac48c70913e172

SHA256
cf459a198d3b94703d2bcdcd7befb08f81b4965edc7aff9c791b05e91d47d799

SHA512
afd43469a138ad573798c714d74604b3309c4d57e46fe6ba8de7617cce22b319384e700766c6035dd1a50763c5ccaa714ab2ffd4eb05ec60b075d44ad3c330a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
6c1416ced9eeef9f2cf4cbec4685208b

SHA1
a9b1e1b0b502bab48b7e4b7174736202f9acb233

SHA256
a3f7e2771be178b34d007cadcc71f7b53275bbd999a2f10f399ae990ae3c66d8

SHA512
7bfeff632e379bbd53ea8b6ff833252241669bf12b31f3bc892537a885fddf0fa76ee40ac4d20be231a6405b521051e3a16ea847239d93ac65ef2983cf1b5e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
6fdca3ea1fd9d8241732c982295c5a37

SHA1
8a8eb1854795802859251ec4ee9c71b9a3b1623a

SHA256
034823e06c2f023db3f9a34a379d47a8f34c56834eff88b53b15f38d6b8b18a6

SHA512
6ee70f27815cd88e6aee6ae09ba8f8bfcd07f440e93920d6f3e6e641c44aeddabd6573001d2199e2819f445884d1c14b154e9eaf6af86f7b7c21187780c7c3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
93acbc097884e3f50b0382e9b47e276e

SHA1
886c8eba6eb3fd4b225cc682d43f6400a34ec6c6

SHA256
01ac920fd328032e2f3c5feac49294768c0146a57c56ca693775bef60e7e3666

SHA512
8dfd9b01849e12e30f30c5a5818946c72977dd45917719b2277cca866997e1e6107bf5834a4492b47aa645e7c91f4e7dff6f377f97d44e524fc47424b3437206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
59fbd8ab95896f77c0021106dab63d9c

SHA1
e7d0f4cbbf80849bf9b0e72e76f100d7ba0c8221

SHA256
40094050574e1b573b860c9156317f45ba930d481cd0c664fe57d0d560b04d36

SHA512
570e2fea2d83d45b8b587b843c823ed13277240881c2f54ab89b57708db10cf19e926cd4ec9b9fd9be858ab4e1611c12a6ee4d41ad3bbab9997240c7d552e43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a0871e1eb05a799c370bdd9320fbbf93

SHA1
c4e0eec0e11ee4a49ad040c598309957cb34170a

SHA256
e540965a3c80e43dd15416cf961492fb845d7bc8b158ee0da10b0d591269bbf4

SHA512
83766378d574555d450c601574861339fa83b05da599b99812e9d08521ef2f32623665171d54fabaec52e2c6e8c579f1ef3be320f83d0228c954106eb28b9585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe675ab5.TMP

Filesize
370B

MD5
c2b758eadb11e8a0c58866b24a09f931

SHA1
8f0741447c9f8a5d3ef9d425957dfd29522e4eb1

SHA256
78c009c9d1aaf6f5647e98725a6ae6614264b629642703ea8b87a7699bce6fbf

SHA512
ec3bd67e008eaccb543a9402d285c4ac07676a4a86199742c7b95da64ff3c65a17ef026b9fd5844c65d009098b6a7ee0d3d0b8c7c0187ed21b4408b0852e6443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3f6cba9c314956e5f38f42cda93ab47a

SHA1
60a607900c2181e29a5b61e730c435a2d4b7ac0b

SHA256
b00bbd3c7f96b18726cba2130badebd3673f2cd9e7aa5a347a3e982b213c0198

SHA512
11010ce03bc9185eda6c4a182d5a0dff8f1a32cac03c5f3f3c6f2bc59008c8284821ec4131eeb2bbdbf05f56b0421838a8ffad4be1efc6d70c051fdb7522d29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3432b67899806d7b5a25729cb0dd5ed9

SHA1
1c26f3979a0edd72689326620fa41feefd6d0ee0

SHA256
95474d71d9c51ee4f746dc15c8b5c47324d5024d90008a0b246b238d2b8318e6

SHA512
869b5a07f2d1d1fba1fa96ac5fe7cac14dce2dd697a9c448a17e8134579ba26dc19dbae9c57a94d741d07e78ae7d7e8d17924884c4df5df35a1ec92bc769cf57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d6ee90d8b34f83d7fa16712e4046362b

SHA1
2471bf24563c6b37423a309b856f10e555684314

SHA256
087ed409249d58b10ae0270582b11eead948bd73f4a0f3440259463041cc0bbb

SHA512
896d69092514199fe08033faea83ba07b7060c0254377f5e5722b72b934832ea76a4cc780593a081938619c3b4e8ff846c381b47a98951dae774141da595ca3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2b333a388fa1b25a3d16f785835f6062

SHA1
cc1c2982170a2ce86cdce0fe9d78a0ed3eaed43f

SHA256
228a8411ba20eef1f105488a550615de98f110589a08fefd59d11c0e4e77871d

SHA512
0e0d48459bc8ce419f1cfc9e22a876fb707ec7b8858db27f3b996aba3fc670d696f2516fc4beba6e4223476ba51986c1f70582006f46f6eb5a6d4ca813c3dbcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0bf948999c2bf0ac76a5206ce6be3bc9

SHA1
fdf196ca746d322c42f18a16ff9fa17f56efae60

SHA256
8f0427f457638e7b816dc721bdf1acf14be220cfe12bf52c82208c8a212ab5e1

SHA512
2f6e91a2fb660e5294ad31a176bb146d4a3f99d570ad7502fca69afafd3f1e6b4946eaa685a745d93bf9c04640a72ec075732289971fe3352847325509fffc4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b1b578e83366900cb18a19d25725c204

SHA1
a976316ce4fbd5cd57898a5eaf8d2c644ab9d432

SHA256
e69b6a1c78d87b1616050aacce921d92a2218919a9dc2d84af72a2126c477914

SHA512
30f8f37cef7c3c92d42f9e0b5741e861e3335513d6ddb6a83b8bf1f34e78324b1c96b18737a1d7bdfe5ecd82fe54d8099bf3ea091525f719b4e107cbf004f711

Download Submit
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_yec0oguhrfk1brwuomjru23k2fiovwkq\4.7.0.0\user.config

Filesize
1KB

MD5
4b01719ab493b81d429c574dbaca15ef

SHA1
719ef1e4e6616a3d8afce09de7f89ddcf186a3a3

SHA256
33ce546b728989bc9ff5dd4c487a87723e5eb7b3953b7cb56e747747411b6c54

SHA512
4d5293d8b58c793bbbe6dedc061cb4fd3e7302771ee91789240ecf80f2f79d08dffc36d148f755107a3d12de6037ab18c57cb42494de80a40d90b64bb04ef234

Download Submit
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_yec0oguhrfk1brwuomjru23k2fiovwkq\4.7.0.0\user.config

Filesize
1KB

MD5
495d368baef768dd527dd8b772702c87

SHA1
20ceb83c7076024e0491f169173607aa4a2e3931

SHA256
38f1820a88401c8e117bfeca56a11aa06dc806a175203e86f323dc6fb81fb3cf

SHA512
75770717f4bc7c9bdd13d747fdcd6306c38423b1b5d908b5d7cdf4da1b7bbe722f65bb52e63c61ca6da89981d8f5a99035c1d610a0fdacb706a046520c291d18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\DrakeUI.Framework.dll

Filesize
1.6MB

MD5
0562b4c97f643306df491a938ae636da

SHA1
0807c37b711374ed4814a9518c9e264517de89a0

SHA256
70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80

SHA512
c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf

Download Submit
C:\Users\Admin\Downloads\GeoIPCitys.dll

Filesize
191KB

MD5
c070f2421851420e832e4f5989a775a2

SHA1
d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46

SHA256
d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131

SHA512
75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e

Download Submit
C:\Users\Admin\Downloads\LiveCharts.WinForms.dll

Filesize
19KB

MD5
76c775d09b24798f6923452e920979b5

SHA1
3fe2c79512a0d1153fb07f6640b27106c90d333e

SHA256
a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad

SHA512
eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9

Download Submit
C:\Users\Admin\Downloads\LiveCharts.Wpf.dll

Filesize
212KB

MD5
e924f79f0b5f3e79c98477d75831813d

SHA1
64f71e20e1953b13c771d8a8e63549ad6d64216e

SHA256
1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b

SHA512
063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1

Download Submit
C:\Users\Admin\Downloads\LiveCharts.dll

Filesize
148KB

MD5
9642899636959b7fc89bf34a8b998a90

SHA1
479a0254d1c9e5565c7d861bb77f54b7eae50c96

SHA256
9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca

SHA512
435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

Download Submit
C:\Users\Admin\Downloads\Usrs.p12

Filesize
1KB

MD5
6bcb8e6b0f41f23b9a4b822ed74d5818

SHA1
1ed438d14a476323d12cbc28bda25e8c549a5860

SHA256
5698ad8554783feb2790778fe9955d9b333abccd4a541a42214cdacc100c0d49

SHA512
d99a9e07a2ccc150f4d34d1ed6062a565c53e3ee6da9cd69945770afd735ce5b6eb073b6217e8bb69b0664401598f2913b42852cfe035557e2bad6869f70fbd3

Download Submit
C:\Users\Admin\Downloads\Zen9\Zen9.exe

Filesize
63KB

MD5
51048e89d6f720d3ce2755bf16ebf520

SHA1
238d0d7bfe12f0f0b0134d8309fb9dc3e4795a72

SHA256
d785afc7cbb097e1d2f5ed5238b2a753367b72f3b643e47580153f127ffee7b8

SHA512
03e5db056c0d6616bb15639312119b6207f2996b36657cd26f3e52157b57422a3b2315004d71cab9eb9cda604aca9251d7ed168ad700c2169e04ef22043a52e3

Download Submit
C:\Users\Admin\Downloads\res\Config\Pass.inf

Filesize
24B

MD5
e1b54e517318b3b3363551e926b9e474

SHA1
cdd2df4411afed1c9e44997dc9ebf85728eafcca

SHA256
dab8688b4d139db5ba57783791efbce34e9e46c37a2c506685cbc6d18e68073e

SHA512
edcdd405bf3d57cd524151e9f41670cb7c3bf693e59254c8a034c30a8457b936d507fa434d38e733819a11cf3afc6858d909fbe73bf091f3c96526cf99138728

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\-1.ico

Filesize
33KB

MD5
410e4dba1b3e1acd689425d024f3fd56

SHA1
d38fcae133db0cff918dc455acd8ffa437989659

SHA256
e10518132ded7ee51739953121f6efe77412aa85bd744ea7b256a5a6da751e44

SHA512
cac41002ef9ffe4592a0949ebb3a21b3837645838e623d3a188f7e70b6c82b2253c586a6a9395007849da0ef94d6dc47bcfce9cde554e8b6becdaf21082cf014

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AD.ico

Filesize
33KB

MD5
2cce7e02f2decbdcf648cc249eeabbfc

SHA1
4a9cc2ab3162a949d5f559ac2828813da7aaa6d2

SHA256
ffd5e4016c4bc247f49ded9d4ac463e7bd9d7f92c9889528f5f3a865dc8234e2

SHA512
be3d96046ec50bfd8e4399d1268856d0cc1f541635896ad128d660660294cfd98f79998dfa46849a2e6e5aa3e637626a94a062ab694444b7210f69b3a55d1686

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AE.ico

Filesize
33KB

MD5
5c22046c8b4f37adbd0f41a811238d5e

SHA1
e3c49202f86ff0718f169ce4cb82570457891bd3

SHA256
0759c987d55b3e2bc78ea1761d451b0b40928865c5b5652ef7b304426bc1dab9

SHA512
655c129c7456ce083a9eec235e04b871a16c4226f7cb1aa2ac4b119770b24ac61036950b0a77257af96352318a991037a1b9b5e2925ca84272995dd8135abca8

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AF.ico

Filesize
33KB

MD5
e18c650283441dfbdc3aa46a414f326c

SHA1
eda65607858d6b93db9ca4a9f20cac382cb685db

SHA256
ecf99e08bf15aca4325c4790ee20ccc674b6f4fc6dbbef0885f36bf8e6e8aa68

SHA512
f10cd2a31390bbb06546052214a817153f35ed9b5c5403995267e1e9b4987630c08ddf7db414146211b8cfb4769949cd660060bd2a5c8a51bf5bc381372a6673

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AG.ico

Filesize
33KB

MD5
93f8d14b56bf5f257f87ea438c7a3601

SHA1
31b71ace333e016408af2f18290463389206d1c0

SHA256
8e36c85a8ba6b92ea906d4dcda412b492449e668fac3b05f5fc512118fa71e5f

SHA512
a70adeb933e65ba11b28d11fad9a2eae29a623013f9bd8383afa5c794f214a6820f797f03f1714759bd38356b160b9c1e159dfcecbfa7e95f4ce2b24bfb24cf5

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AI.ico

Filesize
33KB

MD5
2d5ee470e51e769e649109d2721937d3

SHA1
89bb18a904dc2857e52cff3a384df50858d5e17c

SHA256
08afe88e8a0475e320c6da70ff530ada3a6fb426051a6337a769c14dc37ae316

SHA512
d6801a6b238a9779b0b8829f79412c227ed8480ec060e3d1992c9b1024c94a8f1f6ed32097c8a93a6f2600ad68b2ac537fba5f0982a41fef01a832994cc0cc20

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AL.ico

Filesize
33KB

MD5
5dbcdfb9a2f9120ba42006c997e22b42

SHA1
01fe537ccabec19b252e07ed6ab557a46a70e6df

SHA256
8f726d2132b2b7764936aaffb52ef7b0271abf857949588c36b32fb3c769bcc4

SHA512
519b0757a1bba205915aea9f8bb715072420fae126a4917f146c9ea7567fc231d74f93ded8dead86dcffb0fc293de1a4c85a161dd894b490e57806df67cf01da

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AM.ico

Filesize
33KB

MD5
16782d3d013fbdd1277424363dd8a0ad

SHA1
c26e1fd52de7ceb24af6f01fb4486d39e1932bfe

SHA256
faf3d661a09912ff0c1f6cc92dd8775c3d2be31e9a72fe0962c144d679021d86

SHA512
44bda0a5d59f1ead6939a6af13b81ab23b28be44a61e7e736d5e21cbfee813a3a44c5832b16036717f0e18a418dc449b5c3aa1e0f05c4830cb3b64698ce0901a

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AN.ico

Filesize
33KB

MD5
ed05e0515da2b4c11d839493abf8d44b

SHA1
8862a2bd75632d916fdd049b31f2155ac7894524

SHA256
8f641c948721c9e7e92f28224b8b1beeb27382e5bac8a4014a57537dd7543a8d

SHA512
31613012f4ea1da8d1318f69e6e9a4be068e9e490f01ef0e1f880b33f50d715d92d7498ca99223ce81d6656ccc4293a7fbd272939e99dbc21d62176a6c6d9553

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AO.ico

Filesize
33KB

MD5
a5c78266329a1eb0f3e52bc0343783b5

SHA1
e0b254e2176f0eab8d2b76213a64c24ba1788675

SHA256
550a1b6e2b97febd865cd130b0c0d484cf2fd02b8066ddf6d7290b9cffb35059

SHA512
61a7bf67f9019e5f4c653246e1844703619d6421c3625c963862ee9b0b3975b26ce2f785c9b3cc79e77181c098f0e3d60c9f0e21203928117c6cd45f104af36f

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AQ.ico

Filesize
33KB

MD5
be6fa7ab4980735841141d4d3f642a4a

SHA1
c6d03cda7f73a959a3d20d0e3897595fbe2915e9

SHA256
3439ebcdd8e7a614f157f58d7f77d190aac7fe514129a01024a8b68b7008fbb2

SHA512
fbc116df306de7a04f43cb2becfecbbaf103d6b252336e0bd37f006506140ceb14f114cdf62e203bc12f78c25906066385eb6caa67f694d8526b341bcf3462f2

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AR.ico

Filesize
33KB

MD5
bb4f489b2ae1f6601513296357fb478b

SHA1
b8337772e2e17d48412f44373ea8a821b85e9c54

SHA256
af2f591584f6c59da15fd42e5175dc136844442e1c755fac047b0efae3956c50

SHA512
547e0753a1ac4058ec609ddd2d6ce54b50cc47177ee319f5bcc82eca9e231d01d74b7c2d02de90557c08224bed962c74f8c4079a1292153cbff32db234ddf6a6

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AS.ico

Filesize
33KB

MD5
caba1e66c954bc8d784efe2a3c02d808

SHA1
ef1d5ba4735c99b55648503513d9ae7393a3a6d6

SHA256
4946c58e14318696ea03cf9bcb5d8a7334273c2f9e30173a3c7ae0bb7ee70bc4

SHA512
430806d048e383411e36a8e3777a27b7efc1819cca50c7d7eeba662d32351a366d3cc0b892f819b6a96db8281c5e249d3faef13e8a4ec3bef75e67b9567bd466

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AT.ico

Filesize
33KB

MD5
8effa2f5bbcecf6415b04f9408c0a65d

SHA1
3f3249fe921c1d4767b76b0c3a720cba0262b565

SHA256
236c59500b9bd83212375ca7514c0d62dc088203ed269e9cd55ca6349adbc8f0

SHA512
3f8a1f0683207ed616819a0e42b18e5b02eab0300fcf6eac1c399f0e5475f45d62e0bdebfe0055d411d529649938623acfd4b3b02fe80fc9da6a0492dcd31822

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AU.ico

Filesize
33KB

MD5
ae8189b2c04d783a2f68f0204f1baeab

SHA1
e5709598ed08427a1dd83e1d994330bba1b1b091

SHA256
047f9bd82ca7e2685c1dca4c065209977b5e8c32f78ee821bcc7aba12decb044

SHA512
ef1dd8330cf3cfa9840a5902e13c669e6de911ca9f383067506e2c106f05021aa79df60e2a867259bbd1dd056b9367d5814e9bcbafb242d718fa7fe0fe664248

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AW.ico

Filesize
33KB

MD5
49d969f363a153b7e1cb4dc2cb742238

SHA1
2a8fbfd37be58690dc2e0ca2b3ce04c2d15d6eec

SHA256
f0d730a0d8ce85f049a6d8a52733c506a8cf48584b18838f3d677b09d9c09b52

SHA512
97f17ab20ee96ae4e71e31c7864c509ef0b714215606413c801b3608770415ab63d6d5be0980af7231e4c2e270407fd273c36e0e47d524e59126b933fafa4eac

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AX.ico

Filesize
33KB

MD5
19169001a889e72fef769900ca7a8b27

SHA1
e17d9c371cc34d19f05c46d81e06f7ae2159dc7f

SHA256
5ac8c61a8ad2d7ecc3e76927fd6d52b4f279c4d3a92dd32715395581c4615423

SHA512
4c8247ab0f37cafa90ae34aa865af45b6b388fdfa8ab96935d2ae2064c620240dbb8f93c9958844a34fbd249422a9b5751639179697bab44aabda8afc18b0454

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\AZ.ico

Filesize
33KB

MD5
3abcf274a070469b7fd5cc1f60408c9d

SHA1
a2fbdbc0028f398a90b351fe5e3a2e4b31153b07

SHA256
d3cc5eeabeae7f54a8c5600b5c2354b355492634031e32e8ba981806b0494b61

SHA512
14be128eaa0b49b7ad07ad2230732e923a30c204faae1c3afac766088836845fc385a99ef50938f6261456e0e45afcd17c0661345ab72cca8b66bd710eb3035f

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\BA.ico

Filesize
33KB

MD5
a603875f8aecceb0d62c9c346f250e62

SHA1
44b58245d17d8d205e6bc2015965b3ac9374245e

SHA256
b586dd987bd326d24ad3edddd1f649d2fc49eaf96028e62e6e14208591a31a9b

SHA512
62c218f9e7e30c056c02b0e9e35b39fa9b66faced7fa8c3a14e9636450d271da04aa5f04a627452be03d0df062b38db0bbeb4fcdedb0d7d820d0bb186cb38953

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\BB.ico

Filesize
33KB

MD5
a272b143736710d954a021e7b5b1fe41

SHA1
abf3a358da02a0d9786a022a1367d9bf805ae060

SHA256
f679b5b2dfe2c980b55b713a025936c10260db10254391c5b66dcec51dd97705

SHA512
9290ed552de75f080719d3e6f4954234b48cb1bf87952bf62d1799d64c0d0a2419fe6776d5a84f691f877a6e7ccb176824e7dd00f5ceec7da32458faf1ef6485

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\BD.ico

Filesize
33KB

MD5
7bb2410b8a58504b0645e9e869cb903e

SHA1
a1d49a900e2367817575d581c34a3f4b5282db25

SHA256
f8d767b5e74cde08d614d64bc51f4d9db90dc056dba1c38ad8b21aa6c598a286

SHA512
a629b6e3a5fc4cc0499e18139260a7c67c629d76c8264ffd3d99c62154354b50bcc5d73b0475891cf38b90809de996648c211a9c2df0aa4e885e536fe4d3f825

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\BE.ico

Filesize
33KB

MD5
f7ed63c5a74feb0ee727cab8d64e2ba2

SHA1
d06d03cc1f832a30c3b5ae51f164291498ff4df4

SHA256
bd0eefab4e51b0beae22d4557f8c43e2908c39b23158900d9c3d38d4a3c27b2d

SHA512
01bb6f850b6b213e365b55861f6a92442c15931db6989f6be03a009a97151abf066eb1298fbd6d130a7ff47970097ecda5855acd2f15fb750f1e5f6916b06e48

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\BF.ico

Filesize
33KB

MD5
afe862286a0c17305ca72a54bacc21ca

SHA1
e220c5912d11960c8e9ee38f44dca1361b729dd3

SHA256
5f865103ca695247ab7ea7e02a1942ef01cd65120973e17fa3fcc3e59f9f7eb9

SHA512
33905016ee79a2213a5dd03d553e0245058422d45861f4587f4b3aa2e9562686c209fd1e76575d7614a52388f3308907bbdf867223e15a7fe62d3650b130ce68

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\BG.ico

Filesize
33KB

MD5
8237c4778058a9bab26f406b8f06dca2

SHA1
4bc2b85679ea7e634af68b4e31135d3205ae01c6

SHA256
426c8b630bdc5916c5a687450e90a265d18a1042111c7f26a5a7d85d143044ad

SHA512
b64ec153ba921e2f91146ec1461a75b59fb8e71ddb27dc306144a9cc1aa271e6a61096210f4a3a8e56b45ced2f16343cf61a8bc594b52ccb1d9a0d5b312456ed

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\Flags\BH.ico

Filesize
33KB

MD5
75c68788c23a5adf9efe2c1b70526710

SHA1
3750a765118359dd026580d071da6bd3ecd677f3

SHA256
2525fc71eb284013f3add2f13578363e8030ed41fec3a7fd599a96b2a8ba0d70

SHA512
c2a8ee014d1c9ed3ff09d6781c5062fd9aa2dd233c911358eefc2f27d24cee05883086420b2ecab27138a5f6d0143e045ea2b80a221b30b28eb02ecfe3b6c0d3

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\GeoIP.dat

Filesize
1.1MB

MD5
2fbec46d430f57befcde85b86c68b36e

SHA1
3ff9829e3242deb69a7fde0832b7d9345b925afc

SHA256
681ede512fe7ac21e976c754bfc1e1a75a9e02c3d931ce6849cfaa9d4080338a

SHA512
42036af6f57e446fec194ce71fa634dee9f4c77342f64a867fca8730d76349190960a7e7a5967ea59c250ca1b220d4845b4911dd63ee870f5620d9eb513b91d6

Download Submit
C:\Users\Admin\Downloads\res\GeoIP\GeoIPCity.dat

Filesize
25.6MB

MD5
fab3cc04a19ffdf90d775e27967a7c25

SHA1
723c1635338bec7c1c876769618789268b8faad2

SHA256
bf41a0a700e3b35415609d090b15c5355e5cf4ca703ab119626b2d450997c608

SHA512
fe013386ff799cda195222341ee601d7b8b3c5c8abacf3c80e3fa03af52ac848f8a79a7dd87d8831d5a366243343f1025f704f49d858da4b02235968f834a9e6

Download Submit
\??\pipe\LOCAL\crashpad_4904_ZPCNBWNSKEUNGBAZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1656-1188-0x00000000099C0000-0x00000000099FC000-memory.dmp

Filesize
240KB

Download
memory/1656-1179-0x0000000009660000-0x00000000096B6000-memory.dmp

Filesize
344KB

Download
memory/1656-1174-0x00000000007F0000-0x0000000004AAC000-memory.dmp

Filesize
66.7MB

Download
memory/1656-1175-0x00000000093B0000-0x000000000944C000-memory.dmp

Filesize
624KB

Download
memory/1656-1176-0x0000000009A00000-0x0000000009FA4000-memory.dmp

Filesize
5.6MB

Download
memory/1656-1177-0x0000000009450000-0x00000000094E2000-memory.dmp

Filesize
584KB

Download
memory/1656-1178-0x0000000009370000-0x000000000937A000-memory.dmp

Filesize
40KB

Download
memory/1656-1183-0x0000000009600000-0x000000000960C000-memory.dmp

Filesize
48KB

Download
memory/1656-1184-0x0000000009960000-0x000000000997C000-memory.dmp

Filesize
112KB

Download
memory/1656-1192-0x000000000A0B0000-0x000000000A0DC000-memory.dmp

Filesize
176KB

Download
memory/1656-1197-0x000000000B3F0000-0x000000000B426000-memory.dmp

Filesize
216KB

Download
memory/1656-1200-0x000000000B5E0000-0x000000000B786000-memory.dmp

Filesize
1.6MB

Download
memory/1656-1230-0x000000000D840000-0x000000000D852000-memory.dmp

Filesize
72KB

Download
memory/1656-1229-0x000000000AF70000-0x000000000AF7A000-memory.dmp

Filesize
40KB

Download
memory/2100-1323-0x0000000000F00000-0x000000000459E000-memory.dmp

Filesize
54.6MB

Download
memory/2100-1328-0x0000000006660000-0x0000000006672000-memory.dmp

Filesize
72KB

Download
memory/2100-1329-0x000000001F770000-0x000000001FD58000-memory.dmp

Filesize
5.9MB

Download
memory/2100-1330-0x000000001FD60000-0x0000000020120000-memory.dmp

Filesize
3.8MB

Download
memory/2100-1331-0x0000000023900000-0x0000000023B52000-memory.dmp

Filesize
2.3MB

Download
memory/2100-1333-0x00000000242B0000-0x00000000242C4000-memory.dmp

Filesize
80KB

Download
memory/2100-1332-0x0000000024120000-0x000000002426E000-memory.dmp

Filesize
1.3MB

Download
memory/2100-1346-0x00000000244B0000-0x00000000245CE000-memory.dmp

Filesize
1.1MB

Download
memory/2100-1341-0x0000000021110000-0x000000002111A000-memory.dmp

Filesize
40KB

Download
memory/2100-1335-0x0000000025720000-0x0000000025998000-memory.dmp

Filesize
2.5MB

Download
memory/2100-1334-0x0000000025530000-0x0000000025542000-memory.dmp

Filesize
72KB

Download