Overview

overview

10

Static

static

1

RNSM00404.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    273s
  • max time network
    277s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2024 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00404.7z

  • Size

    25.8MB

  • MD5

    844dfc4810bde18e3da4d092cd560d5c

  • SHA1

    2a5725892a4483405c2f26bf8a13cc2a45227f74

  • SHA256

    740156feb78cfac7d5857440644d1f48d92e11dafc19254fe242f1d88c77845e

  • SHA512

    6e92f563364c8d8afb7da868eefa850af85b01cc5b281dc24767d5b663761ea2b7c681c003ffaa84652475a3b9e789286f39de7a98a18aea55ad492ade713f7a

  • SSDEEP

    786432:aFfGfapEu6jExCTmhParsGQMI/ukByRu76G0irc:2f1p+cCEPFGQUZRzG0ig

Score
10/10
crimsonratgandcrabhawkeye_rebornm00nd3v_loggeragilenetbackdoorcollectioncredential_accessdiscoveryevasioninfostealerkeyloggerpersistenceprivilege_escalationransomwareratspywarestealertrojan

Malware Config

Extracted

Family

crimsonrat

C2

104.227.244.138

Extracted

Family

hawkeye_reborn

Version

9.0.1.6

Credentials

  • Protocol:     smtp
  • Host:
    smtp.bestbirdss.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Cfv)Prr8
Mutex

dc1aa356-573e-4e3b-ad69-c046a924da8c

Attributes
  • fields

    map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:Cfv)Prr8 _EmailPort:587 _EmailSSL:false _EmailServer:smtp.bestbirdss.com _EmailUsername:[email protected] _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:30 _MeltFile:false _Mutex:dc1aa356-573e-4e3b-ad69-c046a924da8c _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:9.0.1.6 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]

  • name

    HawkEye Keylogger - Reborn v9, Version=9.0.1.6, Culture=neutral, PublicKeyToken=null

Signatures

  • CrimsonRAT main payload 1 IoCs
  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat
  • Crimsonrat family
    crimsonrat
  • GandCrab payload 2 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    keyloggertrojanstealerspywarehawkeye_reborn
  • Hawkeye_reborn family
    hawkeye_reborn
  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarem00nd3v_logger
  • M00nd3v_logger family
    m00nd3v_logger
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Detected Nirsoft tools 1 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • M00nD3v Logger payload 1 IoCs

    Detects M00nD3v Logger payload in memory.

    infostealer
  • NirSoft MailPassView 1 IoCs

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView 1 IoCs

    Password recovery tool for various web browsers

  • Renames multiple (1842) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Deletes itself 1 IoCs
  • Drops startup file 6 IoCs
  • Executes dropped EXE 19 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Uses the VBS compiler for execution 1 TTPs
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00404.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3184
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /1
      2⤵
      • Drops startup file
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4304
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1576
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.MSIL.Agent.gen-7c7fc25e067d9ac954c200c1175b01c790255e9d7b5ff8e4631b30880f8cc1cc.exe
        HEUR-Trojan-Ransom.MSIL.Agent.gen-7c7fc25e067d9ac954c200c1175b01c790255e9d7b5ff8e4631b30880f8cc1cc.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4444
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 896
          4⤵
          • Program crash
          PID:4840
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.MSIL.Blocker.gen-98a8b1fe9a3d154456bb8b32ad28cf4d4b391dd1668c2c55a383db73428a3254.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-98a8b1fe9a3d154456bb8b32ad28cf4d4b391dd1668c2c55a383db73428a3254.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5076
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c copy "HEUR-Trojan-Ransom.MSIL.Blocker.gen-98a8b1fe9a3d154456bb8b32ad28cf4d4b391dd1668c2c55a383db73428a3254.exe" "C:\Users\Admin\AppData\Local\655.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4396
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c, "C:\Users\Admin\AppData\Local\655.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3924
          • C:\Users\Admin\AppData\Local\655.exe
            "C:\Users\Admin\AppData\Local\655.exe"
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            PID:4356
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              6⤵
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:6124
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\Admin\AppData\Local\Temp\tmp9694.tmp"
                7⤵
                • System Location Discovery: System Language Discovery
                PID:5132
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\Admin\AppData\Local\Temp\tmp88C5.tmp"
                7⤵
                • Accesses Microsoft Outlook accounts
                • System Location Discovery: System Language Discovery
                PID:5728
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.MSIL.Foreign.gen-771f06f83944bc4f6c58e8766dda5717325edc73b425860167c64c4e9e35e74d.exe
        HEUR-Trojan-Ransom.MSIL.Foreign.gen-771f06f83944bc4f6c58e8766dda5717325edc73b425860167c64c4e9e35e74d.exe
        3⤵
        • Executes dropped EXE
        PID:3184
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.Blocker.gen-4b5650a097c6a9ee7bc32fb5aa691ce1d1f358bcbdcbccfc6ba66d2f76f612af.exe
        HEUR-Trojan-Ransom.Win32.Blocker.gen-4b5650a097c6a9ee7bc32fb5aa691ce1d1f358bcbdcbccfc6ba66d2f76f612af.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:5020
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.Encoder.vho-d11e8a7283614db7383023e53d3dd7df750684c9f63e45b19bb9837be93dff42.exe
        HEUR-Trojan-Ransom.Win32.Encoder.vho-d11e8a7283614db7383023e53d3dd7df750684c9f63e45b19bb9837be93dff42.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3736
        • C:\Program Files\CRiSP\bin.win64\crunch.exe
          "C:\Program Files\CRiSP\bin.win64\crunch" -g -inc src\crunch\include\crisp.h -o macros src\crunch
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          PID:2008
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-e12ab7a45719ac9a227955d5c796e718a042debef362a9fb51a9f20e23a33af1.exe
        HEUR-Trojan-Ransom.Win32.GandCrypt.gen-e12ab7a45719ac9a227955d5c796e718a042debef362a9fb51a9f20e23a33af1.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2196
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 488
          4⤵
          • Program crash
          PID:1092
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.Gen.gen-d0f4f1504782b6b7dc2cb87a20c284dfee36996f00f14255de392583f2c0d77b.exe
        HEUR-Trojan-Ransom.Win32.Gen.gen-d0f4f1504782b6b7dc2cb87a20c284dfee36996f00f14255de392583f2c0d77b.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1552
      • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.PolyRansom.gen-71b60930078ce09097af37d5985c229aac1e586f37407ef76fe9861492b8e505.exe
        HEUR-Trojan-Ransom.Win32.PolyRansom.gen-71b60930078ce09097af37d5985c229aac1e586f37407ef76fe9861492b8e505.exe
        3⤵
        • Modifies WinLogon for persistence
        • Drops startup file
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops autorun.inf file
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2540
      • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Agentb.u-00f440a21ea3d1381bf13cfbe1ca483b1f16079bba1a4fe9084fb81e661a1107.exe
        Trojan-Ransom.Win32.Agentb.u-00f440a21ea3d1381bf13cfbe1ca483b1f16079bba1a4fe9084fb81e661a1107.exe
        3⤵
        • Deletes itself
        • Drops startup file
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:220
      • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Blocker.kaca-abeedb78ea14bdf9ed404690f43cf1ae57ddc2744d6048107292cd4c66311269.exe
        Trojan-Ransom.Win32.Blocker.kaca-abeedb78ea14bdf9ed404690f43cf1ae57ddc2744d6048107292cd4c66311269.exe
        3⤵
        • UAC bypass
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Checks whether UAC is enabled
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:1372
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks /create /sc minute /mo 1 /tn sssssssss /tr C:\Users\Admin\Music\nn.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Scheduled Task/Job: Scheduled Task
          PID:4444
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Blocker.kaca-abeedb78ea14bdf9ed404690f43cf1ae57ddc2744d6048107292cd4c66311269.exe" "Trojan-Ransom.Win32.Blocker.kaca-abeedb78ea14bdf9ed404690f43cf1ae57ddc2744d6048107292cd4c66311269.exe" ENABLE
          4⤵
          • Modifies Windows Firewall
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:3100
      • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Blocker.mssb-b2e990b3af2ceb155a5ff2d70b2723d47051aeb22d6d4ad9ee4ff1366d0d791d.exe
        Trojan-Ransom.Win32.Blocker.mssb-b2e990b3af2ceb155a5ff2d70b2723d47051aeb22d6d4ad9ee4ff1366d0d791d.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2368
      • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Crypren.afqw-1ebeaafe2f7645067a1d815ddb0ac8f6df90674d4636ab36c8f372d6dae529b2.exe
        Trojan-Ransom.Win32.Crypren.afqw-1ebeaafe2f7645067a1d815ddb0ac8f6df90674d4636ab36c8f372d6dae529b2.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4064
      • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Fonix.z-db6898688c80fc00873ecaa4b3da6860802d31e149c589b1a34772bfcab6102b.exe
        Trojan-Ransom.Win32.Fonix.z-db6898688c80fc00873ecaa4b3da6860802d31e149c589b1a34772bfcab6102b.exe
        3⤵
        • Executes dropped EXE
        PID:4216
      • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Foreign.ngbm-43848dc04406cfef01ae57d138ade6f857364bc86e9c52e2dd65ad1ce2a657fd.exe
        Trojan-Ransom.Win32.Foreign.ngbm-43848dc04406cfef01ae57d138ade6f857364bc86e9c52e2dd65ad1ce2a657fd.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2392
        • C:\Users\Admin\AppData\Roaming\Microsoft\SpoonBuster\dwm.exe
          "C:\Users\Admin\AppData\Roaming\Microsoft\SpoonBuster\dwm.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2328
      • C:\Users\Admin\Desktop\00404\VHO-Trojan-Ransom.Win32.Convagent.gen-0a64e3c972b793921f14822ee244011653b2f274c7cee9ff8920540da4d1699a.exe
        VHO-Trojan-Ransom.Win32.Convagent.gen-0a64e3c972b793921f14822ee244011653b2f274c7cee9ff8920540da4d1699a.exe
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        PID:3692
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4444 -ip 4444
    1⤵
      PID:808
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2196 -ip 2196
      1⤵
        PID:400
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2028
      • C:\Users\Admin\Music\nn.exe
        C:\Users\Admin\Music\nn.exe
        1⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:940
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks /create /sc minute /mo 1 /tn sssssssss /tr C:\Users\Admin\Music\nn.exe
          2⤵
          • System Location Discovery: System Language Discovery
          • Scheduled Task/Job: Scheduled Task
          PID:932
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:1196

        Network

        MITRE ATT&CK Enterprise v15

        Reconnaissance

        Resource Development

        Initial Access

        Replication Through Removable Media

        1
        T1091

        Execution

        Command and Scripting Interpreter

        1
        T1059

        Scheduled Task/Job

        1
        T1053

        Scheduled Task

        1
        T1053.005

        Persistence

        Boot or Logon Autostart Execution

        2
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Winlogon Helper DLL

        1
        T1547.004

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Event Triggered Execution

        1
        T1546

        Netsh Helper DLL

        1
        T1546.007

        Scheduled Task/Job

        1
        T1053

        Scheduled Task

        1
        T1053.005

        Privilege Escalation

        Abuse Elevation Control Mechanism

        1
        T1548

        Bypass User Account Control

        1
        T1548.002

        Boot or Logon Autostart Execution

        2
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Winlogon Helper DLL

        1
        T1547.004

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Event Triggered Execution

        1
        T1546

        Netsh Helper DLL

        1
        T1546.007

        Scheduled Task/Job

        1
        T1053

        Scheduled Task

        1
        T1053.005

        Defense Evasion

        Abuse Elevation Control Mechanism

        1
        T1548

        Bypass User Account Control

        1
        T1548.002

        Impair Defenses

        2
        T1562

        Disable or Modify System Firewall

        1
        T1562.004

        Disable or Modify Tools

        1
        T1562.001

        Modify Registry

        4
        T1112

        Virtualization/Sandbox Evasion

        1
        T1497

        Credential Access

        Credentials from Password Stores

        2
        T1555

        Credentials from Web Browsers

        1
        T1555.003

        Windows Credential Manager

        1
        T1555.004

        Unsecured Credentials

        1
        T1552

        Credentials In Files

        1
        T1552.001

        Discovery

        Peripheral Device Discovery

        2
        T1120

        Query Registry

        6
        T1012

        System Information Discovery

        6
        T1082

        System Location Discovery

        1
        T1614

        System Language Discovery

        1
        T1614.001

        Virtualization/Sandbox Evasion

        1
        T1497

        Lateral Movement

        Replication Through Removable Media

        1
        T1091

        Collection

        Data from Local System

        1
        T1005

        Email Collection

        1
        T1114

        Command and Control

        Web Service

        1
        T1102

        Exfiltration

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.exe
          Filesize

          2.2MB

          MD5

          1afe3723450eed36196b4cc0c50a36a8

          SHA1

          9694e9260ceddfe90a436ecb6b73850b9f553750

          SHA256

          542d110bf7ab81476bf658eec006014bdc4d7f086f116c42c9849950b0b2c61f

          SHA512

          30388440d25191ea3472ba876567ef7f8df23808929511bea7553899673718771ae5dce311decfd707180f6d1a99e83c4c144407e2c7d5fa765b428df95d165a

          Download Submit

        • C:\Program Files\CRiSP\bin.win64\crisp.exe
          Filesize

          2.3MB

          MD5

          4f3643f15b5ce729bfdbb0551372c59f

          SHA1

          df3885b32af08b5775e4c6be95645f48b7db91ef

          SHA256

          ea49d68590b45943e970ae4e45222d1f18e0c44d70879e83110e27c3ae4a74bb

          SHA512

          f3f836aeedce23b939d1df38dce81a35de075cc07510429b23fd47836623e5af51bba9b743299d802aac200c8c9c7eb8898d9be22bfb67ee1f69ccabd4b831cc

          Download Submit

        • C:\Program Files\CRiSP\bin.win64\crunch.exe
          Filesize

          414KB

          MD5

          6cfd032ac257d8c60d8fc2d8aedfd814

          SHA1

          c057be07ab582927acc646fa4d55621d8a2a75bb

          SHA256

          d5f006936816623b6ee40aa751b4ea8bd6327ea7084b47928b1fcbd533bc9c00

          SHA512

          862078f2c3129046f9cd0c92a26d5d70f20517af9e4c7b579bec9ee013d28522461e6c12d1a0ac9c7112e32013c30f2649298db27fdc82eea00f03e3f048fb9a

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\abbrev.cr
          Filesize

          13KB

          MD5

          ac3928c903a98727e848d386cba014f1

          SHA1

          96424c40ec3d299e6a48d8eb3f77b440d7ae85b3

          SHA256

          f541810c082a8d8800890820203640e82836483ed4dee37bfb6a6956f6db8c3f

          SHA512

          afd9b7ea2ac5d42a2348d73741abecf474f5c004d67def2247da868a90ea3ec157ae75ae1947fb2e389adae7b0f08c7aa66afc67814f52e2d6358e41b03fbacf

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\ansi.cr
          Filesize

          8KB

          MD5

          2cd5241400ce1a04b1df37a19e76a90b

          SHA1

          5097beb9de58331a29b69a29c383fe8bae6f2b8e

          SHA256

          167f3e0c65b52f43a3f908b302c3729a9fa526299a825e4c148fce3f0462f4bb

          SHA512

          00a376bed7d954d793e43a782d978e4f55510f962bd71ee37d044e7292dcebcc80e9e58a7306a2da68cfbbfef1496d83e4f5bba4f4e640a1f77a10d7deb95f0a

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\ascii.cr
          Filesize

          6KB

          MD5

          bd777b2f3e472ebf765174711a816606

          SHA1

          636b3c803f05bca046910fe873f6c47ffd320de9

          SHA256

          85fec56b58aae8c01bece9c48a83b4a977316ff2aea05691f29f6f9eabf75333

          SHA512

          9e4fa62cd029847610547202551659461e7534255ce49b537f5e9040139de88b1ea2a3b973d44d70c99fcafc780ea16a5b7e0d2b5c1da3378a1345e1a9b9e45e

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\async.cr
          Filesize

          3KB

          MD5

          76bb341187232130d8b8d6312f52a3ba

          SHA1

          1df59a8ec6462c09145dcc7574d2d830f0e28365

          SHA256

          e4b07dd570d4bc80adf25d5e04d4ae28847e7ea40c55468d626336e6144b02d7

          SHA512

          0b26fb641d88c500f9b36964278f8dd4997ab8fc0e0d77761fcf6424367760bf41b9e734287e0c50d6b22f551f1eba0f36dbaa6a17b5aed7c97c38c3c3fb0efd

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\audit.cr
          Filesize

          5KB

          MD5

          f1a493178bb35207405f86fdc1e2f01a

          SHA1

          9221fa9f004d4de278bdfc3f87e113be016c253f

          SHA256

          9e51274cc75b76fa1d6092d456fe4945fcbdea108fa2d93816ebfddc44d09915

          SHA512

          8a73ef745eb68bef5c57571e27b966ab176968661481fabaa9021d0b60971b70a71da14438e78472cc57a0559b97d0b9d3bd442121289f02da40fccbbdd4532c

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\autosave.cr
          Filesize

          14KB

          MD5

          9939061a947701315d5530e9ac46de51

          SHA1

          b3471add2781dbb81de3a97db0648b2b2d8ae96a

          SHA256

          68b7a2a95201a286bd85cf4942a2484abe750af1f2c82a44adcac3f28c9dd6ba

          SHA512

          ee77f4a03a1ed4a48e5621c3523a9adba5d4cf16cef6aff4b9cee2508f151ecfce9a99973d36ba21ef6e0eae14d89dd4baa84f87f3e1bcf87807f084b14b45e8

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\blog.cr
          Filesize

          3KB

          MD5

          979127122b9a124d6ac33e035f9d7eea

          SHA1

          1cc770bfd0af204f0f6c4c530c97cd963abc5e06

          SHA256

          f5b11b7026bc9f32cec160417d8e3e84fe032c5c73441009e57d64f4b1c6fa52

          SHA512

          e940aac67a5a36f6455816a4e90f50e17e3c26a187e5040f1fd01d69d133860e439691aa37f7cddb261bb497c7c256f5cb021d6f88b78836a358c54946e77b69

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\brace.cr
          Filesize

          26KB

          MD5

          06ebb46d8ede69c641cfd44ca89f2067

          SHA1

          252e37653f82143932ecd4973b4c2d5c2cf42d2d

          SHA256

          c3b01a90e20f55c72ba8a8bf0affd2608dd1442d1712e7e54a776194f2fc7302

          SHA512

          f543e5290765b99f395a5f6ce9d04ed104b66084e5420653db90acd5b8788a41893c779841258dab6185137bc710ded5542c402f7fe6e231dec360e65a0dfad0

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\brief.cr
          Filesize

          4KB

          MD5

          b8d33af163485b8a7da17a5e1baaa6c4

          SHA1

          042dcb659b07e9615952a8bf08de430f334f8d1f

          SHA256

          3110b8a59f7c057f6258603d4540e84c57bfe69aa0376077ce551646231b7901

          SHA512

          07419922e8f94d3aafbfad3a875b159f7ad457d7d8d7645ce855c9bcc0bd53ea0602de28bccf4258509a9652685d05dee431ceb93dac8e300b98d42104bd858e

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\buffer.cr
          Filesize

          6KB

          MD5

          cea7553b44cf41f4d3e876ea7656ac31

          SHA1

          baea89de5be44e5c18ba24236548a93e6fa6129a

          SHA256

          8bbf63512e3f5dc2da9dec8f7e00a61de7a0c3ecb2cc9f5abfb0c3dfb2560beb

          SHA512

          9be0968cf7180d45a84a2e61503e06ddb188be4f3b09ae9902bec05e6a21149f91ed6f1f872b09b0594178281d852088707a39d5a39bc4569fa73dfb4a9bc209

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\buflist.cr
          Filesize

          29KB

          MD5

          7faa1e1c858a45b8e1fbad9890876fec

          SHA1

          eef62d48058add075d6cd90c7e88f821f9e07023

          SHA256

          b1ca60c5fda3a97f90fb26060cbc3b60484cdb61e2ae9b8939806d04a63a5452

          SHA512

          2614743c54218b9708c4e70e1ca863e8ae7647f881a743dda97cb7b07e3a3c97d562c007bdcb36815f176ab84488442aaa623ad6575668fad987d24ed9942764

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\cal.cr
          Filesize

          826B

          MD5

          d2258166a37a6c98e9ca805d7bc31560

          SHA1

          d780b2a541cd596d43a9622da49f7d8c45223920

          SHA256

          2867109e4cbef4b61f49b72cd8d95068f78132904dcdb60a9d02547fd7f31f46

          SHA512

          fee05ac49b915237d10acd7064e466c560e3bb9056eb0aa42244919fe0c2ebf6dc49048fc9043d24d1a6d44ba19f6858ee901ca9b0115edaa079581e7d99c583

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\calc.cr
          Filesize

          6KB

          MD5

          a210af0f128f4360b983258859c37238

          SHA1

          b5bc401ab756ed2358fc0635fec35820920ccc75

          SHA256

          e590c23894e3e3093ca188306bf891658fa9c0bb85425b075519417873b7c5a0

          SHA512

          f19c06946c63d67be0e17ee73d400ab60e8ccfddc333260314ed03d64753ab7fd40fa58413a7a718467537957ea59460a7f81197b17c6a5700f43a54c4073032

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\change.cr
          Filesize

          9KB

          MD5

          629184f4fe3d36d188d51f42b32f6e94

          SHA1

          1875d1e210f9438c631e067f6052909da96f9d27

          SHA256

          0d63b2bce8a61ea6edebbe357a501abaf4106edc4106605b1d2ceadc95071b80

          SHA512

          8c5b0f4e9cf3d5a9d3c3750afe2e7212a68ae8b1f8a4682ca16bb283cc7996ae9c1342b083f5cb5047a892afb95bcc1608e0e78c22b454a0f4e408a122416eda

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\codes.cr
          Filesize

          3KB

          MD5

          a931893645a4686d342879b0e456438f

          SHA1

          e11bcc26b7718b5e4e0f76ef233b4802bb2edcca

          SHA256

          811932f5ac36f880286ce8b2b8e220bfe9107b37c8d506ea7a3df6d8242fa8bc

          SHA512

          1ed212e1469ede5e316b021f97b63c42ad26e200a13d77d260f41349912d5e57685dc2b9faccd8bd3951947d5a18dbcb0b5299cf3f69f5d962824ba10701a5cd

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\col.cr
          Filesize

          15KB

          MD5

          a645fc67c30d85933c1e9dbb60fbb52d

          SHA1

          53948930ae68b30529e1b94dbb3be878d4f0f5cc

          SHA256

          3c15a47f5dde80b7da619fd2f35c74520bf19232f0c01623db7054a921e9ac06

          SHA512

          bb72cc784e3878dfd2327e9cbdfb694e855c185c74056ebb092f693430dbdee22dc1cd4e474af5244918c86a47a3515460b310e23c18870a95d263ac2bf9fa2b

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\column.cr
          Filesize

          25KB

          MD5

          9b881b064a71714d21055f9ac78fec1d

          SHA1

          abb6008685c74d956694a60498c842a5d91d3793

          SHA256

          7fbe62657635cde037322174607f14229bcaf1c0a29b0622712cb8b1c3edc550

          SHA512

          b2ab4a09343768da006e3a49a56502713349345d17ec72d394e9abdd37781aa31de248be5938a3faa470d577f91a0dbe1553718d3dbe6cadf84ecab91e9f3bbf

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\command.cr
          Filesize

          54KB

          MD5

          57b2e907e9f15d657b4fa5e9dab368b8

          SHA1

          b5c2dfc2b676795fb5eb523c09fa8c2d156c49e8

          SHA256

          b8715d822ab311e2729f2ac849fb945d9da171a039dc2074b80ae0ea9ea5f7a9

          SHA512

          b644ffe27eb56c6ca3ac0f087638a1af62a8843a945d0158c798282be6e1d05fc81bf671e519f1b0b4e256deb52118b00f2dce0c6d5e71404d8b163c83e47ffd

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\compile.cr
          Filesize

          85KB

          MD5

          c42ded8e35b3ed600e40dd36c5b0622a

          SHA1

          f6a3e750cf319b60eb6151dbd7610ef18e73c543

          SHA256

          0107773d61ff40d77e2f849670944be41072cfb645836cd9dde26d86c59efc2a

          SHA512

          695f5dfa39505d6d67fe6d9ecdb4f1a0812b7e47aa02d394a2b8ba258ccbe4af0a7be5d7cc161fb4783f0535ff039de8eac65c74a4ef59c53df9fdfd4bc2edca

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\config.cr
          Filesize

          24KB

          MD5

          c6b1e7322251ada6161e4cd71aa6056e

          SHA1

          17f839a143e2aded4c87bfc8dd869960a310975f

          SHA256

          858a136ed131c6473da1930feecc8c3beedb112a9da69cb5127a420c86d6e31f

          SHA512

          ac25d59f454fabba6bff53424f783f02ab70863880067570910a8472b500dc1f3deb55ec0daa979604889abfe09fe4839a58cc6abf9c873d5b6b7ff747a728a5

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\copyr.cr
          Filesize

          6KB

          MD5

          4252c3d4f93ace9ebbe322527be0001e

          SHA1

          02fa8e93d2cf45ab498e16b5c840dc33b8f2c976

          SHA256

          0a84158562254d132e7887175e84c595a929aac2486ee6088495fc2592696f95

          SHA512

          7bf1a257a05c85be9561dec9e501628a59d4f8f8b8e9681e71822129c9b17d6b2100f7196e7a214dd5a5cfe875cc321effe9b4607503fa45167eb10d65b10f9f

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\core.cr
          Filesize

          15KB

          MD5

          46969ec22efdd634be2b04876fd4b780

          SHA1

          8a905250fb179f2e00aed62706deece2e0256cec

          SHA256

          5a5ad01f39c3e5e977b9aabada89bcdf1097cec0cfa0d6c89d46f7b8b40a1ad7

          SHA512

          30d7225861b1f5244021e2bcf156304a451aed26b41eb1054f4cd8fed5007ca2d6c98fea421cf4dbfe0a863653d36adfc0594b3fdff5c15ba007a8754b1f1950

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\crisp.cr
          Filesize

          78KB

          MD5

          3ee6b3d1f29e56dc82d18d5f8db936c1

          SHA1

          190273ae5979f14da57b5fcee90856fa5e91126e

          SHA256

          6fdb2d223015593b3a857c05f863a855166f8b2a181bc0f355371826c252612f

          SHA512

          183daed3731477abcc6748e4a7ea5cf348a7bd19826ff5b588b3ac618ad823a8751aa02bd2e1b8c685e540f4f459ba59026e48b5eb16531841fbe65a1dd58abb

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\crypt.cr
          Filesize

          3KB

          MD5

          d7326ef907418bcf8a5f634a2731f2c4

          SHA1

          3b6a010f14d686dc53e0fc00e544e09e6f45d933

          SHA256

          7277361096621683b5bd4016cbc60acb19ba7da807f164fe09efdea34b457523

          SHA512

          390216305c1f2ac9b8bd364c3b6bb713cc49c7f39ca6881723da311c648dd4cb8aa5d682e69eb7c0315b4ef6fbe6cc592361f05d5224fe1fe0823a847eac9850

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\dde.cr
          Filesize

          4KB

          MD5

          49186d53e5595a057dc59a2b3fabb31b

          SHA1

          0cded2be125a99e430a838d9a362db5aac20e109

          SHA256

          4aee2d03f662120c08220fd30dac5dd017771387df13635be7484cb20156234f

          SHA512

          704c43dde3655415f714458cbb828133a14e61228e65b0d39129eb3f29339a7c01ef692cc40ac6d3b53d7314b9480d1a666d5061d66c4a8b082e729c90e9eade

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\debug.cr
          Filesize

          39KB

          MD5

          56412d24fb7830633ea61985c6fa11f6

          SHA1

          929ad26ac5561214c0c788ef8035d4732f310894

          SHA256

          6998eeb31ee5c10b8eb9aaf8388e2d56daef1e01936bbb1f6da4cbdbdff6287c

          SHA512

          580e5bb15d4feec8786f488f1b46e297883f713fae40b77bbc4c94a7181dbe201d1a06f6ff4baeeb8c524561713b260947d8294ff7bda6ab5f58e415dec1325d

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\diff.cr
          Filesize

          29KB

          MD5

          a197d6478f00e86b5ab01fef7732acdb

          SHA1

          a7cb6d77b7704f84762ff15961d71109f1678dc7

          SHA256

          57bee8a8bb4700d09feb71e89ce74f577eb7f8d2729f750c7c55280c5d15da6c

          SHA512

          51547ac4359d8d3476f7d5faac8b09607aebd6afa9a5140aaa1d758b1465f6144e8dc19b6b90d29c7a1a034119e7b202083a6d510e711401b6c1ae943a399d37

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\dirs.cr
          Filesize

          2KB

          MD5

          bbdd1a531a42f281aaf5d82b70678a24

          SHA1

          baa461afc8353200718059b4fd4a2e898afcbe28

          SHA256

          6b379b84caaaa810ac19d2ef45b7e741f8d6c896bdb0e293fa92347d129d051c

          SHA512

          7736604e5935264f0aa43601efe923bf360eb5ad1b7e8a8f0db5874c65c6c7337b2b04e263ab8862116789bd27e39be5aa0fbba2eb9685f24a6fa26f3cfbbc10

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\draw.cr
          Filesize

          5KB

          MD5

          cefebd881d2e13c13f1d613b88a7b6d3

          SHA1

          f135b06323e690381a30e421ae84b9ba1ee12d50

          SHA256

          9b6fc4b1ad261c9215fc891137548ae324a3dde948b3bd99a59139e563ff1161

          SHA512

          1107159ff16b72bc340339049e6e8bef57ebce13ac8599b562d6d18455816428ac6b27c2cc2bdc194e49a2c835b3b45498aafc07c7f6db87a3b8ee8fa33d25bd

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\du.cr
          Filesize

          9KB

          MD5

          6e96fde7420d75558e1a7255f13b195e

          SHA1

          e108752977b5702719efb37978088d8b209f9239

          SHA256

          d5999ff26d2a7a1484b215086347021b8ae3ef2fc2a9bf6429115a8ec3d20b02

          SHA512

          5331d20c4da016319cf4cf96e79fb9669423fe69acf835832fad7c5e9c41b1505bb1a3499b822cdbb00f66f92e7d67a8b5da1deb8ec5978cd8174632df97bef8

          Download Submit

        • C:\Program Files\CRiSP\src\crunch\include\crisp.h
          Filesize

          61KB

          MD5

          7ea8f1961b8872bb9ed84578899c9f5e

          SHA1

          8d552ba5b1189c0a0b932e82050a0534936650a0

          SHA256

          f139e0548a92fe42455167d052c87cacdaedb401cd4548dc9ed6a84af306f41e

          SHA512

          5e80b2132d8563d8516af55e1ee3aa622f1c9e31ecf906a325bec18c45dd0a1b9e8bf5ab733f6d38b1ca7d46acac1fef16262ea65a6875dbe86e60252a920bb9

          Download Submit

        • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.6g54o7
          Filesize

          140KB

          MD5

          31f4162500b4bf5e811e5e2f7e12f811

          SHA1

          ad82ef35d7965794288f7ceda7e5f97f366414c7

          SHA256

          e42e372fe37e696f802b6053e98a3a40a53b1f3e7efde9106998c951f7df0a40

          SHA512

          39e81c09227e3316eca90cd18335a6ce5ab67b0abccafa3b3e36f1f7bd107f239d7fbd0a938308b2f16240cb72c43fb722e09e15d1f1c85183eeaabaaaba5efd

          Download Submit

        • C:\ProgramData\Package Cache\{9F51D16B-42E8-4A4A-8228-75045541A2AE}v56.64.8781\dotnet-host-7.0.16-win-x64.msi.6g54o7
          Filesize

          744KB

          MD5

          d607c931fbc41b3a1d7509a1b146d641

          SHA1

          3aea55c36783f9469c0c8550f5c017724cdb6ff3

          SHA256

          eb391c7e6caf7f5ff44cdace129ff0adf8a0a1777584ddf0f72f1703e588a7c1

          SHA512

          ff548edbf5b939c21080a5a416332e355c73b3dda013150258a3f58258b5ca0585748c8ea199b8972543898cb98310b52c0b22027866438f7926bdfd45dc2f45

          Download Submit

        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
          Filesize

          64KB

          MD5

          d2fb266b97caff2086bf0fa74eddb6b2

          SHA1

          2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

          SHA256

          b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

          SHA512

          c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

          Download Submit

        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
          Filesize

          4B

          MD5

          f49655f856acb8884cc0ace29216f511

          SHA1

          cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

          SHA256

          7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

          SHA512

          599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

          Download Submit

        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
          Filesize

          944B

          MD5

          6bd369f7c74a28194c991ed1404da30f

          SHA1

          0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

          SHA256

          878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

          SHA512

          8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs.6g54o7
          Filesize

          512KB

          MD5

          d062ed4354b8e6d7899cf87715528554

          SHA1

          ae8e7cc8394360e72e61202e1b52dea6b7eae74e

          SHA256

          e896060fe192ca50fa620e367fb47c2c664f67745582ce005e572f12b39a9e10

          SHA512

          74ab908cb4a7e1bc0fe69652f71cdfec585f0353f9e79b786343f6ce3901ebe62110f1055c182e40c7282a77de4aaf6ce61055f6eaf1ab5c7b28803331f573df

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.6g54o7
          Filesize

          8KB

          MD5

          8ebc276855489c0da80e06e1eb347523

          SHA1

          2034c8f78725c74d06ff7ac98bad168cb95549a7

          SHA256

          b7f2dd8f121b9d19f61fd94ef9f2913e15a01a069ac9ed28b5f6f8da212ed590

          SHA512

          4495890ee5e0bfa6eb38f14d07c9722b92f8d83f07dc191f67f93466edb141431ef8cdbb5776d47476ee0bb9c5d982ee123c6130e568785d5518d3941022073b

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656156761623.txt.6g54o7
          Filesize

          77KB

          MD5

          a9aa5db047b28378c8e7d327ed8a7924

          SHA1

          9e0767cde008fb436798aa54d8cbef2d868e8164

          SHA256

          536add020c83f698ac915e75fbea02dacb9a488bae1a7bc7b2c731db06068bf2

          SHA512

          933268ea5c965b51390f473b64031e9ccc7adad3d96227a69e1b7f08afb5e403b82488e81ac325f51a4806de0102c3d8ec949688690d9e276cd02d96bd38db3e

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658166467731.txt.6g54o7
          Filesize

          47KB

          MD5

          63ae091fc4b091fc404462d19660c0a2

          SHA1

          fd8b2cc7e0c4895e4360dd772acdab3169121436

          SHA256

          9852b4096f6bdcd5ee272c75c59e472c3985f103377b21fa2c605705a7461e1e

          SHA512

          91eb0198e8275a0c00d2a04b3b8383808b5f3818f98180c75eeee38726d4d7ef4bc73ce8293d117619e72399f0843c5d3bd02aa3fc469e261e7e4373797e1fb3

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664132098124.txt.6g54o7
          Filesize

          65KB

          MD5

          b750226847884ae255bdc918c1fe13b5

          SHA1

          8b03570d5ae06a7d00848ee181c86415a977435c

          SHA256

          95b3eb8f93af3749c6ff70ab935dda7802cf81706aa501bcbab50964ea884729

          SHA512

          0ac6db4060894d5441df9051cba960e68e29bf40cbbb45391cf813f6513377a299091f0d84c109c747ed28ce31399b8bf3f070642ba6aaeb97e9e6f168cf66c0

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133746240212081288.txt.6g54o7
          Filesize

          75KB

          MD5

          293eeb38d35c9d864b6b698f299d9172

          SHA1

          91f8ce3e4763579a10de11e3601b23ef32fb103e

          SHA256

          39d2ac014f0ad680681810bf5463fbb532e0d2988e75cb1382bdbe02afd3c038

          SHA512

          1e5e97a4dad9d97ea063143f7a171106cd65f700f8cf6b908012b38249b6e4624cc7988f62be7b65880b85269b2265ea2478ffca391f15dc3af3e1dc49932c1b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_34ix1bwx.ikv.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wctA18F.tmp.6g54o7
          Filesize

          63KB

          MD5

          eaa88ff00a709067742cb70f8e2d3f7e

          SHA1

          156c5338fe16a53848b7c5899424035ac9beee44

          SHA256

          080dfcd51dc43cf268ffbee66ba9a1ef82f1bbbff86d8458f34f2b8b834547aa

          SHA512

          c4f8dfde24c3f35db1a8825752d336d50ea1a2bc1fd88f43f5061fad191c67be9f7dc7b4c67fad1c1ab50f1d3a208fc8d229b07215b88879884b3c86d68fc9b7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          1KB

          MD5

          23dd04ce9d2acea097cb6c31b05b4d59

          SHA1

          ede9b66658edd0f3680fc49c22e1c2fe8f96dd1a

          SHA256

          79a7b11c1ac07a5cf12a930cdef347d3b0b354895f240ac8214f2cb01cd838de

          SHA512

          fea463aa8e2b979328fe0753f6188be1aca334d8c9f8ebc27c3a10b0326c47258cfc48e2e0152a60d490bc50ebee4f67bd580a9560d2b5bbe35647b456c29573

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          1KB

          MD5

          235921d9f5341573fbd32b2377587274

          SHA1

          b0a3da9604300de215eb37111c0e7f0b82fca2ef

          SHA256

          9743328a802008d875a5f7df39dcf1507f8dc96ee555c74b19d56444cd1ce48c

          SHA512

          aded7a7e74b477e2a25d3cdb081d098e8890d8fa4f8d7250ab6d0c440dd4bb035c9be1aada21a1cfd70e578b3927ff855e11ceef6ba7dcbb7f012cb61d0383f3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          1KB

          MD5

          63277cb0908acc7517eb89e4b12c5689

          SHA1

          0f14f8e4401328fee8bd9c0a750ab8f669d2751d

          SHA256

          db7b000aea701ef6627fd60592a82e9ba9703a18576cab2597365cbf75b39cc3

          SHA512

          0ec0dcdcd595288789093f4a7ce7e8f2b7d5a1532f2d53b0f2d8fc0408b1db01cf7dcd42eb4d58042484b5e68849f99bee657000b8564818dc2c97d5b499bb28

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.6g54o7
          Filesize

          32KB

          MD5

          a2fd596262c19df987ca04297d64bdd0

          SHA1

          787d951dcb89747ef393678a4b938ba3fa1c3680

          SHA256

          501800f417732d4bc0dbdadcc1bd5d4d4d865cfddab0d46fccc8087f95482a4d

          SHA512

          c6f015a7184fe4248b5f8379fc2385b47e5564d24ca64a8a20ff53c19a176de286f7db9c3e80da4397a3c1fd58ba906d8fd248a9d354dbce17329b5bc28dd3ab

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.6g54o7
          Filesize

          48KB

          MD5

          14873ace4123969125a438408ed21822

          SHA1

          75de1d71e0b1d2ead5d14b234fe3f6a0c83b8602

          SHA256

          6a8a759f1e7149c308d66f3c091e7fd705152abadd47c3b022c950c37221b982

          SHA512

          768bedcffb08733ab1a566c0de495ebc18b940da86d846720a13b08d23e95ee23d0a437cc2a0dc8a725fa18ca5be1b846ac4a3185ff26cf6499c89de6989c3dc

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.MSIL.Agent.gen-7c7fc25e067d9ac954c200c1175b01c790255e9d7b5ff8e4631b30880f8cc1cc.exe
          Filesize

          214KB

          MD5

          446846378e45728a2b0045144f468b50

          SHA1

          e4ab16d71400e2b5559b8d3d1728cc7b27e313d6

          SHA256

          7c7fc25e067d9ac954c200c1175b01c790255e9d7b5ff8e4631b30880f8cc1cc

          SHA512

          8acce038c6605e28fca23ed5af03cec08d4cc6a6c73b561d4be3d936c698b42246121c3e24edda332d33d72d3ce9c2e0f7dca1e8c5924e45309ca64d75719a92

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.MSIL.Blocker.gen-98a8b1fe9a3d154456bb8b32ad28cf4d4b391dd1668c2c55a383db73428a3254.exe
          Filesize

          869KB

          MD5

          dedea5fd70fa74bee1b3d0a9f06b44a1

          SHA1

          ea3c07797a8f9e8253f81cb535891db58514965d

          SHA256

          98a8b1fe9a3d154456bb8b32ad28cf4d4b391dd1668c2c55a383db73428a3254

          SHA512

          070020f61713669901721049faed7605ec51f5410926f173c5732805acfba9c2d2c8a4c18f68a4cb4a09af88ada8b1f16fb78792df97a19b327b59e6c2cab4fd

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.MSIL.Foreign.gen-771f06f83944bc4f6c58e8766dda5717325edc73b425860167c64c4e9e35e74d.exe
          Filesize

          9.7MB

          MD5

          5de383a351746f1bd2d21173746b6807

          SHA1

          1daf7a4826d10c5c549420055fa234c0492ef8a5

          SHA256

          771f06f83944bc4f6c58e8766dda5717325edc73b425860167c64c4e9e35e74d

          SHA512

          e215247f00a73944ec3b4c687a3c362502bb383655732d5fae820449466d9e0326417af54ddf009910ec5bb203d75f01052e3babf8e97baa3184699f7b886cc4

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.Blocker.gen-4b5650a097c6a9ee7bc32fb5aa691ce1d1f358bcbdcbccfc6ba66d2f76f612af.exe
          Filesize

          1.3MB

          MD5

          4312f55eb22b6cd52d0f6f93f40215af

          SHA1

          a0439365d1f3e47d03729760aaaafd5f10991d53

          SHA256

          4b5650a097c6a9ee7bc32fb5aa691ce1d1f358bcbdcbccfc6ba66d2f76f612af

          SHA512

          ddd89cb36d43f9a3977265409e60cf18a144f7c3e90b894a608312623ecc631f70d5a322eda53169da8b724ab273188ed3a4c5a3c5739ff4d6bffc4db1c0df2f

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.Encoder.vho-d11e8a7283614db7383023e53d3dd7df750684c9f63e45b19bb9837be93dff42.exe
          Filesize

          9.2MB

          MD5

          d77a4bbb4e1902531d211f6b914b09a8

          SHA1

          b4d7f08c9be21c1b5b65a46d06fd7daaa08dbdfd

          SHA256

          d11e8a7283614db7383023e53d3dd7df750684c9f63e45b19bb9837be93dff42

          SHA512

          e5f166d46d203cd5469392f046c5b930081777cf8015658f85b213984c684b024ef547a37be0fc62851ad84fa5f1d96051c6cb21bcaf6ece3460063ca66a9134

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-e12ab7a45719ac9a227955d5c796e718a042debef362a9fb51a9f20e23a33af1.exe
          Filesize

          321KB

          MD5

          03247e3b4c3faff99140d2e90df7e1a3

          SHA1

          20f72002b5f185f02eaeb7fd7e9142fc3477daa0

          SHA256

          e12ab7a45719ac9a227955d5c796e718a042debef362a9fb51a9f20e23a33af1

          SHA512

          5c0d74bdbe68fac14af48942bda47e7ad418fc759f7e83febbe80bda66303a4e77d817d3213cbe5e914e283dc8cc177065bc92b7b4d4916120a43c9ba3a5008e

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.Gen.gen-d0f4f1504782b6b7dc2cb87a20c284dfee36996f00f14255de392583f2c0d77b.exe
          Filesize

          1.1MB

          MD5

          d840b552e9aa99b3087fd619772568c3

          SHA1

          36db9ba91728d8b6dd4ca2b9b92eb59dd419dc7f

          SHA256

          d0f4f1504782b6b7dc2cb87a20c284dfee36996f00f14255de392583f2c0d77b

          SHA512

          974f9911b35aa8062c7934df5ae75eadd1df8c5686479c8633f5a29620bca808aeddaf0dfc213cdaec04318e9be3e39400b2841103a9960a7c64493f1522fe16

          Download Submit

        • C:\Users\Admin\Desktop\00404\HEUR-Trojan-Ransom.Win32.PolyRansom.gen-71b60930078ce09097af37d5985c229aac1e586f37407ef76fe9861492b8e505.exe
          Filesize

          2.2MB

          MD5

          039cfe287630d44a676222dd41b2edbe

          SHA1

          5cc17c3246fa649e6413aaeba4c356fd2a8f625a

          SHA256

          71b60930078ce09097af37d5985c229aac1e586f37407ef76fe9861492b8e505

          SHA512

          7ceeb8e9312467ab69da4337d5b05a2b7f8b48eaf6a2bf3e414a8d19bb94bf44d5da0327635e1c71664cba927390ed91d23764a8773583d8ed294764b5476072

          Download Submit

        • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Agentb.u-00f440a21ea3d1381bf13cfbe1ca483b1f16079bba1a4fe9084fb81e661a1107.exe
          Filesize

          98KB

          MD5

          c8948b2e3bf90555e02c1e3efabfcada

          SHA1

          e3b75fe5d4233ef4949da177d95465e3caf39832

          SHA256

          00f440a21ea3d1381bf13cfbe1ca483b1f16079bba1a4fe9084fb81e661a1107

          SHA512

          e8ebb795b4fa2e2fface5977bb1351b0e13ea613653cc34fad6c5f86086a7c4613e16cb79f4b1c78d219d1dbec6053cbd8f08119d4dcb65c6a9f9f85e99af7ed

          Download Submit

        • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Blocker.kaca-abeedb78ea14bdf9ed404690f43cf1ae57ddc2744d6048107292cd4c66311269.exe
          Filesize

          245KB

          MD5

          81103e6f2e9b8110d407e2f591c10bee

          SHA1

          476ff2e1699a6eb6fc916bdf5744dda4fe6a92f5

          SHA256

          abeedb78ea14bdf9ed404690f43cf1ae57ddc2744d6048107292cd4c66311269

          SHA512

          3c3f1a9f850e67ee36fa45a61f45113bd5f0c048f1422c2d9055b3883dec47765272d4369bd421240076a49aea59bd3110efe1d40b550d2189e73f95d7f91b77

          Download Submit

        • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Blocker.mssb-b2e990b3af2ceb155a5ff2d70b2723d47051aeb22d6d4ad9ee4ff1366d0d791d.exe
          Filesize

          5.7MB

          MD5

          1b0b81cfb2eb355bce741649c46baf5f

          SHA1

          fb8451153231790818bef3900a5cad67dc4b705e

          SHA256

          b2e990b3af2ceb155a5ff2d70b2723d47051aeb22d6d4ad9ee4ff1366d0d791d

          SHA512

          f2af3cf884607b4ef37ab546c4f5c5aa167c1fec5dcd275420ffbb09b82c816cbb966678150e6bb0c5ec995878e4c3140170d78520dbdc25003a6aec55d1a59e

          Download Submit

        • C:\Users\Admin\Desktop\00404\Trojan-Ransom.Win32.Blocker.zdm-37d9c4b7861b68c2c21f9799813e420cf2662a0dfff1db4465fb894fa2a8e97a.exe
          Filesize

          896KB

          MD5

          7daf9a64415ed228f5e724ff8344e267

          SHA1

          c8ba69a8200f05fe86b9f4f766dc9bc59cadb5cd

          SHA256

          37d9c4b7861b68c2c21f9799813e420cf2662a0dfff1db4465fb894fa2a8e97a

          SHA512

          2bc977e05adebce7278d4f89b426f4247eff926a2809bb733b75820f5bb03905af42f5b3d254fd84646ddf0420f03b68828b924781388765d5e1ca47ee81fda3

          Download Submit

        • F:\AUTORUN.INF
          Filesize

          145B

          MD5

          ca13857b2fd3895a39f09d9dde3cca97

          SHA1

          8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

          SHA256

          cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

          SHA512

          55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

          Download Submit

        • memory/1372-138-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-152-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-140-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-158-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-137-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-162-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-144-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-164-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-166-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-146-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-160-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-156-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-154-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-142-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-150-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-170-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-148-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-168-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-172-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1372-174-0x0000000000E60000-0x0000000000E9D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2024-61-0x000001A2B3230000-0x000001A2B3252000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2024-74-0x000001A2B3360000-0x000001A2B337E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2024-72-0x000001A2B44D0000-0x000001A2B4546000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2024-71-0x000001A2B32D0000-0x000001A2B3314000-memory.dmp

          Filesize

          272KB

          Download

        • memory/2196-44-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-38-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-32-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-34-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-110-0x00000000020A0000-0x00000000020B7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2196-109-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2196-40-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-39-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-41-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-43-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-33-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2196-42-0x000001245A280000-0x000001245A281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2368-223-0x00000000069E0000-0x0000000006F78000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/2368-843-0x0000000005CC0000-0x0000000005CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2368-856-0x0000000006F80000-0x0000000007126000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2368-1189-0x000000000A110000-0x000000000A72C000-memory.dmp

          Filesize

          6.1MB

          Download

        • memory/2368-136-0x0000000005E90000-0x0000000006428000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/2540-117-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2540-1374-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/3184-101-0x000000001C090000-0x000000001C12C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/3184-106-0x0000000001990000-0x0000000001998000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3184-97-0x000000001C640000-0x000000001CB0E000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/4304-46-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-54-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-55-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-56-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-57-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-45-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-52-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-47-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4304-53-0x0000022242430000-0x0000022242431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4356-3829-0x00000000052D0000-0x00000000052DA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4356-3830-0x00000000063F0000-0x000000000648C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/4444-92-0x0000000000D70000-0x0000000000DAC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/5076-105-0x0000000004D90000-0x0000000004DC0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/5076-91-0x0000000000350000-0x0000000000430000-memory.dmp

          Filesize

          896KB

          Download

        • memory/5076-107-0x00000000053B0000-0x0000000005954000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/5076-108-0x0000000004EE0000-0x0000000004F72000-memory.dmp

          Filesize

          584KB

          Download

        • memory/5076-774-0x0000000004E60000-0x0000000004E6E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/5076-775-0x0000000004E90000-0x0000000004E98000-memory.dmp

          Filesize

          32KB

          Download

        • memory/6124-4386-0x0000000000400000-0x0000000000490000-memory.dmp

          Filesize

          576KB

          Download

        • memory/6124-4387-0x0000000007BF0000-0x0000000007C66000-memory.dmp

          Filesize

          472KB

          Download

        • memory/6124-4392-0x00000000058E0000-0x0000000005946000-memory.dmp

          Filesize

          408KB

          Download