hxxps://sasoreigame[.]github[.]io

Analysis

max time kernel
271s
max time network
286s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2023 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sasoreigame.github.io

Score

7^/10

spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	Sasorei.exe

Executes dropped EXE 5 IoCs

pid	Process
1052	Sasorei.exe
940	Sasorei.exe
4236	Sasorei.exe
2432	Sasorei.exe
2296	Sasorei.exe

Loads dropped DLL 14 IoCs

pid	Process
1052	Sasorei.exe
1052	Sasorei.exe
1052	Sasorei.exe
940	Sasorei.exe
940	Sasorei.exe
940	Sasorei.exe
4236	Sasorei.exe
4236	Sasorei.exe
4236	Sasorei.exe
4236	Sasorei.exe
4236	Sasorei.exe
4236	Sasorei.exe
2432	Sasorei.exe
2296	Sasorei.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
2012	tasklist.exe
3088	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2084	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231331065972221"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
940	Sasorei.exe
940	Sasorei.exe
940	Sasorei.exe
940	Sasorei.exe
940	Sasorei.exe
940	Sasorei.exe
2432	Sasorei.exe
2432	Sasorei.exe
2296	Sasorei.exe
2296	Sasorei.exe
2296	Sasorei.exe
2296	Sasorei.exe
4972	powershell.exe
4972	powershell.exe
4952	powershell.exe
4952	powershell.exe
1232	powershell.exe
1232	powershell.exe
1416	powershell.exe
1416	powershell.exe
4832	powershell.exe
4832	powershell.exe
2600	powershell.exe
2600	powershell.exe
924	powershell.exe
924	powershell.exe
3916	powershell.exe
3916	powershell.exe
1424	powershell.exe
1424	powershell.exe
996	powershell.exe
996	powershell.exe
1872	powershell.exe
1872	powershell.exe
1968	powershell.exe
1968	powershell.exe
2656	powershell.exe
2656	powershell.exe
956	powershell.exe
956	powershell.exe
2736	Conhost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
4400	7zG.exe
4400	7zG.exe
4412	firefox.exe
4412	firefox.exe
4412	firefox.exe
4412	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
4412	firefox.exe
4412	firefox.exe
4412	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4412	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 2288	440	chrome.exe	87
PID 440 wrote to memory of 2288	440	chrome.exe	87
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 1348	440	chrome.exe	88
PID 440 wrote to memory of 652	440	chrome.exe	89
PID 440 wrote to memory of 652	440	chrome.exe	89
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90
PID 440 wrote to memory of 3964	440	chrome.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://sasoreigame.github.io
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd468e9758,0x7ffd468e9768,0x7ffd468e9778
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:2
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5572 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:8
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1836,i,8186761879636508684,4104670518351879869,131072 /prefetch:8
  2⤵
  PID:4176

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1492

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sasorei_Setup\" -spe -an -ai#7zMap1683:88:7zEvent8677
1⤵
- Suspicious use of FindShellTrayWindow
PID:4400

C:\Users\Admin\Downloads\Sasorei_Setup\Windows\Sasorei.exe
"C:\Users\Admin\Downloads\Sasorei_Setup\Windows\Sasorei.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1052
- C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe
  C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:940
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3788
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:2012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
    3⤵
    PID:2200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /IM chrome.exe /F
      4⤵
      Kills process with taskkill
      PID:2084
- - C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe
    "C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe" --type=gpu-process --field-trial-handle=1892,16310621447085120834,12011576437575213879,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\qwdqwdasd" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe
    "C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,16310621447085120834,12011576437575213879,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\qwdqwdasd" --mojo-platform-channel-handle=2248 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2432
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3920
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3088
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe
    "C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe" --type=gpu-process --field-trial-handle=1892,16310621447085120834,12011576437575213879,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\qwdqwdasd" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2296
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2800
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4952
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4204
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1232
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3968
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3716
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4832
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1368
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2600
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4748
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:924
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2788
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3916
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4464
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1764
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3544
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1872
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1968
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4680
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2656
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4488
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:956
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3244
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2736
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2052
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4628
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1568
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2868
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1964
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4364
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1488
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1428
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4000
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3840
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1800
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:652
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:232
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2736
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:208
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3908
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4476
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1428
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:500
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1552
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4820
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3908
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4180
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2464
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:884
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3748
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3868
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1772
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3648
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.0.1772294530\957399120" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a73c30d-a7a2-4d18-9cd8-e30be46e6473} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 1916 2580f616558 gpu
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.1.273189276\1543114296" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {662bc2ee-1bdb-45e4-92aa-b9bd2842bd5f} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 2316 25801670758 socket
    3⤵
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.2.202345189\2061357712" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {182d8fa7-a56d-4ce8-b9d0-f8d2e843a710} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 2968 2581232d858 tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.3.2097223175\460297508" -childID 2 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08f2c886-e61b-466b-b611-4cd0c32cf303} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 3760 258131cc858 tab
    3⤵
    PID:3412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.4.1369136310\765409763" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64869090-d060-4580-ad88-a30da2d14693} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 3988 258131ce358 tab
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.7.1964717321\1603717452" -childID 6 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdfa88a5-63a5-4b43-91ff-b62405021a2e} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 5308 258129efc58 tab
    3⤵
    PID:448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.6.476490375\1138917926" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a5f7dad-dfd8-4269-8f83-7c946c13986e} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 5012 258129ee458 tab
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.5.43297119\1197794211" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8baf33db-c3d6-4756-b35e-a31b5a317341} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 4992 25811111458 tab
    3⤵
    PID:4324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
317KB

MD5
2f5032b0d7cba8dfbe827cac60fb4618

SHA1
26a0cb49e5f6b7b781699a2d2b8c36e37f6a2ec4

SHA256
97ed4095efc3dc5814a53f3e8f76fce3352975cc77987db607a22e594a622b1a

SHA512
3caa7c3603bf8803fac0f34ac88be5dbb4bdd9047311e73c3e60c59bf63f06e7089057eb4672d89e2a9baf8fd85a512159b8829b61b8b99d6eba91ff5d09f364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
336KB

MD5
842cbddfc248decf28ad1408144c3c95

SHA1
5ddbf31ba985b86bca5caef330388d582dc11787

SHA256
9b96edadd1da7e5af58a27b20607a15d1efd57461b743ba84d4e6a81d6c84f72

SHA512
1f8903f0aa3a06c02bcbba2cc90b56eccf1ec3c8f9c601bb84dcd11b2503ee1511495373c03f66e8b45fc4ae4881fbad2e5564e541d5ef041c025a56c940f3d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
897KB

MD5
b6a6f36b37fcd355dfaaa52df1e2713b

SHA1
cb260be054c2ccc3360f1a1b29c1b03fe284fc78

SHA256
b55243a4e4f6d8f47049b8f8a0774d784e6f73d272b31b6c86ae5ba689f7a88b

SHA512
6d95e4abb88be1135a9f93c206eac4f376c5c86d80ebf7c1cddca3cd5581eca34bd37f56b3e2f12630b673117c28339941a60fb366af7900e31bfd88daec1a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
302KB

MD5
318639e12c3495f065b6a36ae3965e3d

SHA1
07c4718059fbaa1d0642d306eb1db9a69eff854a

SHA256
2dba910ff2fdea1a9fe49fb5a423eeeb0e1ada61a67339daddaac82d1ec67cb1

SHA512
749665650f621a3fa1a4b7b7d30ddb709251c6b59196dd88fe281c711d0e21ad3fa25904707546dc645f11d99a49b91730a36f5e15d167388cb9d61d71bd81fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
315KB

MD5
6e0b68c8e00147c6a2179aa6fbd02056

SHA1
ac8814595b25361f11e1721f1575f234ebb32900

SHA256
040552744ecd39360431054859c01037f403b4a7ebba6eadb75b8f8b938d8922

SHA512
9f9572ed1a8ffdb2b2c8b4df945eddf1f965e2c6d0416f7795c1dc79abad94b9ec945776ff575f64171b6714f80b45dcfad22e3fb2b6604be4d4b50cfbb87b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
475KB

MD5
1dff28c3e40c1ab8c9cfc1ffed926a1d

SHA1
7f5a7c76b247a1699370357d51660dcf0bb55ba0

SHA256
619c8a1213c66ffdb3150b376ba3874a0b90377b3bf5f0a8f9a232a8075c09a1

SHA512
03c9ea78551556c193436f39e28102350d55cc958b76c765a5ce2309678b8693f8a2bef5d3b3776c8a8c4d36fe170381e1937dc6e0a8811176fb0b48129429a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
375KB

MD5
d5bb517f5b8a110f057e0a2b9aa153b3

SHA1
45dc566cc54f3e806f5c6492111e4b6c7942d2af

SHA256
0eab1c2fadeb6c102c79a24c51aaccb8ec1f312d465651278463460fbb6ff7ee

SHA512
c8caea91af0285dfe70e7448ccc4b7d6823b8254ab00b0a7491b17ab759cf643d737a2f00ce018ab2742fdeb389c0ecb8fddb5fdc5dc48dfc667695e736800b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a9459f452d894ad35889c67e2b4433fd

SHA1
488bf42cff5cc77117b0a2953fefc0d855306fa7

SHA256
1a775347bbb7f1ab4987876fea3e9db424cf344f5b6f5aae86c70bcc4f9067a8

SHA512
602dae6d2d6f4f578091e9b8ff0b76d51daf8329921acda5eafdb7a6f2719cc0080a23f231829e9370bcbfcd3c3a2715e1e571a9153cc4f97c9642f1bfe0a2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
46108bd9dff79f669ddc1b0c633829c7

SHA1
fa014a6d7dac9feb4e22efd1c145df8325942bea

SHA256
ed7d45e7d3eaebc62f39d045ed9803a240df679b28b23891e809ec412a67f339

SHA512
778210d42f078d67e2fa98563dc483dc975b8ab6d8462ef4e382e7584c44b7d9bcda49efa49f7fcd96f9aeddc7bc850b3580ea568e758496869b411ffed60e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7f85831a1657d44d4c70447a1ac960a3

SHA1
ff9ddd6ffe480ab47e9daa93e6372a79562ac600

SHA256
9128c941614150243264cf894ffa211342208f2b57265cbf2806227edcb2780b

SHA512
143d6f7861df9b603895d223bd3d16080fe35b208367a92de58d0263f6cc8af6271c7efd834de4e1b76481c07b1b819ec8555a8c924140086bb5dd8641cddf7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2535d6c23e252dcb15e31a037305e836

SHA1
7c1447191b2391d216d9901640aeec1085dabd61

SHA256
901399c418c1dadcee89aef0b7c2d45b9f3696ba1cb3b2210032f305f69d5328

SHA512
6247deb296b0da9e2ea6571bc470f6de264bdcd4e773e9177c90bcd4a387991d2d43dd98b50d0f95f016d7c64528b6fcdfbf33aba495bc3cd2333f14d3e03501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
32915aa019e7735ddb52a246d162d68e

SHA1
125596a84bb35aa60971a80d21cc45260145117f

SHA256
703a4863933ce6a8609943707ff4f4c63a965d970927f20cc2f1062f5acad1ff

SHA512
f7f6c3933a3d5204040be63fde6bd348b922d40793f32ed9babdc5e1a8afa15bc4638bc470afbc93810d1964eb8fa506e5f20cb8ad7d5010392a84f2589fadcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eea704f7df19dfcce57c6bd59c98d832

SHA1
fa4b5a976a7fbad14d91fb405651ffb01b77666f

SHA256
c0f400234e376041538f89526f78a4d8b043cf4d2c01ffae663a28a59b7c5980

SHA512
2051ee769e723dca217ee5b80833b7354744682d11e180a3e9acb721d26a6b6a89b466e4aaa5749ff91ec8a919b19f0a634ec8ae7a38826b00262926128ea92d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abafef451bfbed49b339f69d43eecd40

SHA1
c1c3cb7a19997e452d48f69e65ddcdddf9f3fab3

SHA256
5b19fea6e02a08d3dc98350645d973c7183a5649a012d8a176b4917e020cf472

SHA512
8427fe534b25b33470c835f584168ed0dab57a35275ad237d609206a943a84b681ae64ab931791ead285f7df542155f571bca5498706a8e835220843c972c764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
513dc14602ad43a80f243078aa5e8ff2

SHA1
215920503dc30cda176eeb5eb4c867bf6d1b75dc

SHA256
e9358d9470dc0cf51a6e06959e42557fd7640290076e0c3e021d0fbf29dc5803

SHA512
c4e24eee7d9def3b30d4ee03da6ed2a91d087dcc6db7a6067df65918adf332d0e1f5a25dae8c63a40fd9988938dabd705e9802b00ed8bb854558867778be7094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d9b898df406d0443fe8906159ac55733

SHA1
6437871935b80920dcc711a52360e124d73e597a

SHA256
eb15b15e090ac5d903c28f0e774b0a5f1444f438b651403209a6125ce4f01d3f

SHA512
8ed4189a16f8189a414666262cfe86a77fb069b51e508a0a321679cde5eb98153165fdcdfe9a595b0f85b342e4edf1aebd6e7465a6c8ec1fd5e496d64bde25d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
f8dba17470b47e5481b904dd4a8d0f22

SHA1
d73711cb2896f93ba3675bd89067d3b5f68239d6

SHA256
1dbaed6e8c52509c771d065fabe5c6b4d558e4bcd993f345d0022136677b92cc

SHA512
dd40c67f4f652f1c79c4a1a805d0665fb6a98109543b5c74b8f3f9d7e20031cf312f9decec54529b848fd1497b30461f29f71416435d96116e651eea8123f131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
73c7131aa77e3f0af59325e157ed9591

SHA1
37e32269f92f49bf42bdc74d2686e4aca86aaa4a

SHA256
491a62803984174bd9ca06653abac5cfb2bb67ed08af35f46a23da1c657733ff

SHA512
982b361f392526ed580a84e19b92b5df86016c74f5983d37e02ce79de8f167562f2e5131634b1f05b205f5ab981d299b06b98dc626b58230f5bdc438fc7d1f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
73c7131aa77e3f0af59325e157ed9591

SHA1
37e32269f92f49bf42bdc74d2686e4aca86aaa4a

SHA256
491a62803984174bd9ca06653abac5cfb2bb67ed08af35f46a23da1c657733ff

SHA512
982b361f392526ed580a84e19b92b5df86016c74f5983d37e02ce79de8f167562f2e5131634b1f05b205f5ab981d299b06b98dc626b58230f5bdc438fc7d1f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
ee6b79b2697d6e6c41b3f076ae1b058a

SHA1
8aac35050fc13b88b1d98405720414cd7333b5cc

SHA256
f302f00994e6232cbc6f75f862d6649bbb39862fa564b2884ba4bd665cb231ee

SHA512
6e5fc760a58ee1f367eb07da0139ae58d1ce3fe0b7781c420463ede57c617c254e6e3254eb0af228afdd6f968c3343c5fd956811f41c9ccc277a64086c78eff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe570540.TMP

Filesize
100KB

MD5
8331ac141bf9fbbd0c144f3dee77b3e4

SHA1
30630d5c634ef42086dcee6cab4656450090d615

SHA256
41e13f8f7f8589e654fb335be0f43b096eaba19ba8b1b7629e7967b7a19bef8a

SHA512
fec950e6a222e45c7c710d2ee5e582bdb66da92baf947664d41b9a9d45434b647dc65abad4fa5bffc12015c017e6ef869cfd1cfb40335073c80d417a07651e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
eedc851ccfb2e8281babb78c2f244c68

SHA1
4df05baf7c1b4f14aad3244aa30e95f234504eaf

SHA256
f8bb083f4072511a1b6c0c2e571a376fb678719fc20890ec96be851d25eaa790

SHA512
643d95f22f271d585f33609fefe30fd17b5b0380613553a86d1e94d5fb602660f2d4b7196915ac5e00f1d17702bbbecf9f4274f5dbb18820745a215b91cbc7ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
8d41f07d7db62fdf9d8495b5f75d1241

SHA1
b9f68177c18260b8e80c82cb89b8404d8cb8b1b2

SHA256
518ea7eef9fafcaea320f1376e4536e970f7d55772dddea9f94873f526877a8f

SHA512
19b183e7f4598fc9fd0ad8ebf51c2a89672ae6325f5fdc5fb5417e290bff6a4c03344676acf04bd941077cc4186f39556243810e1f4adc287004cc7942b56b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
a083d50eceba6e0337741ac332d19d36

SHA1
5a4b9a49e13cf909299f545dd6545edcdf91d826

SHA256
ea4e2e367d365315dedf1fa2b8a93c67ef3291ada650bd69e376e808fd06861d

SHA512
822c786f82e57ad6e4db6dde60cdc436e99649d651ac75f164984c8f679be5bce376ca82d3a1703075093f74b9136fc6388d72af49408641f55c782f015e44a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
4e9fa30a88799054e97ff528413ea39d

SHA1
9760ad9ae0d5b04a80a9b2a381ee203c4f124e3e

SHA256
3e02145e6cda8404b835cebd85e2165118c2ea9a5e6828d8ad0a824c8ef3707b

SHA512
d687e052a8add1e7307c622375d568650950af4ee5e06c804620cee33fa1f00991f51bcce4debbcf8b5b6bf9435d04c6c18ae8dd8914acadd798a90f7ecb8990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
0ea0d16ebc0a5c499a0d69d260ab7c6f

SHA1
869724a39f1bd46b259ecfea0de36767514d6006

SHA256
c4781cd29afe7e3dd849cbac104260bcc2df0027241936eccb135987a1dbd301

SHA512
55aeedaa0b70567f0223868851c7adc2eb5581357312e56d0aac3184523da41b9f2dfe7c73b376beafbf1497dff7da3d370c30b0ea33761bc1e655073849b05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
868c421874d27d16d7ca4958d6b849b7

SHA1
2005cbd1fd2b89a856c26e0e43c8528ba2006cae

SHA256
468978a9ba4924c09c2fe13b4c01a233058a36ace45a8882e853a1d40a92d468

SHA512
9e9bb39bdc726d6e595a3bde2df2b858f7df59045176a5d821f113adf8a40adf97efd91dbce43f7fc8df373606989a967027b3f242767c43b7ecaa7d5d74c414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
855fb2af08f74c05280477cb246a0607

SHA1
6f19b42cf3b6a0591ef60b966c4e6eb705feb5d0

SHA256
28cdca7bc890bced7838bee5eb16efb8fc40ccf4b9808b94b2358d295802a5c2

SHA512
0c135844d918e17b4080acdbb3b3265611aa50aacb9c2cb67041758eb2223c838cf2aff4cd185ad00113acf50cf3c5ae3ecdf37cdf8505542eda7b37eee190b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
4ae6e1ed5a44f56115a57d6ab7895687

SHA1
d51ae624ad46386835f77eea45c775e784c531a4

SHA256
7696597bf3e4004bbdfd2e75b0f8778d5e6c943a743d279f3824d79adce29e85

SHA512
18ba5f7849eadbe257afaffbaecc715cd098b4738edba529368b6c90faa7c85a2610e9cdcee3486401c118d49c9051e9a7cdd556beb48fb1eb2c1018dac8bcc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
4d3d60bc4f25297010e05cbddea45190

SHA1
113c654df13a7b728f463a3ac80e3e03097a09b5

SHA256
764a24dce813314e1494198221ddd4c99ddab51208afc6d5c6a51ff3ad0ede27

SHA512
ee90b7bed340ae99bfefaa9e3a357b49396b62a5013fea8336cb9771a42cb0d61123023586904bb9d2b8752c6751755516e46144b0953f87b544d77a743b1505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
500c297984cd21722232e7e02071faca

SHA1
24b2fd7d267ce4c2ce98c59ee69c7873ac8ae2df

SHA256
1411a6d9be9890390f66ecd4ff1df20f0492ab2bdae93ec355d33926781943c6

SHA512
338736639d47f6e6cf293069f2f9313c92d367191322481073069346b85b12626b2920582c14766218b2b3a7e2437b951d08a3510905d339bdee6c119469b749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
ac1a1aa220dc1b90ed53feda566a47c8

SHA1
ba8307a2ef9ca7877b9cd5c670cc9ea0d576795f

SHA256
c8dbd16ffc5b36a5cf29192e3ed2527d55a1f5f5fceada63c12b1e4c4e8f30b9

SHA512
a3a153cd5a1a273bae703a5e0964cfa7fcf75677628b8cb05bb93bf68f1d205bec014c640ad34e73a0ecc0242ea6307479a1b92d9dc316d8ee2b068ae1d876a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
f322cb16b14129e92e55d50df90633d0

SHA1
2b1582b4a9c8063cb2cdd850742c567c0e81ade8

SHA256
7b288d697bff77d4451d7283a5cfa98d98ea0131420f83c1967620fb9cd63f74

SHA512
9dca1558b48f81b7a3690ee0eb62d18ea73d4dcf3f8f33ee19fc19e2c89a013ee90af66f941649d2f41e74405208ea2ffbc9e4b0dc201883058c9afb404dacdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
eb4ccfc9bcd82deb07f43f13488986c8

SHA1
95f33495cc424894f92ad731d8bf840da569c6d2

SHA256
025594066f887a5ae42444bcaea5fe4fdf05256b73f90b8fe608606d178a6b9d

SHA512
b71da0552d55e6932f0969512ecf993e3833ecef8fa63f4213c5626e445488fd996c44138f83c49b89c682eb03aa64db83e1c538c0a3729242fec2ea27ff8924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
7dd59a240c8bf194cba73f047fb48204

SHA1
325b2408be4fe38c84d7ca08db613df6a5c08371

SHA256
ddfc994dc0cc7f6f653716b1b75262dbf36a7d54b29e05a9a79f020a11d3a548

SHA512
e3c61b6eacc2acd297fe66a8fe648f8501c539fbc04cf7071b9798f71e5f92606b943e3e01714da3c5abb78b24d9c956b0e7f8794a6a1e870032e187b1dc4e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
cbc918511852a8fb20ff39bb45b76548

SHA1
b0f05365fcf5bf1c0999c6f8438cac8b89e887c3

SHA256
824539b9550e68607d1a93debe4da4bc4a53bc898e7913b482937b29b6671f06

SHA512
9f144ccb56b760b9b4a873c74689abb809ed915c218b7202d597a077a6becfc93bdf5d89cd3cbbc3cbfeee878e01afed53cfeb8020cdd677bf67f5230eada4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
76147dba289e542883cfea48d37a535d

SHA1
4b3b5f60bd3df837474708eb46c73b5686e3e469

SHA256
6717f69609294c300ff29b2054b090737f308266b64a239650f541713942e188

SHA512
633c699a6469414482f5b53084bcda316a37a702c21024b1795c839d76a4ad80ab817a19f056ab6d06d1de3e87d70f3765e6a84551cb1f0a2e83f67d7277f8fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
148KB

MD5
b0d37eedcade71a2f07af5962b9325fc

SHA1
04a0db1f5abc3d77f1e8ca0647703b961a5726a5

SHA256
4faba1472e6d6b15fad8868fd5924509022796218d78053772d693d6c37004c9

SHA512
96ea7e4a62b2fddc0c02628008c1d5704533ecf6997b9fbf704d8743f09a369b5e190cf92783395660a5acc894d50cc85489919aaf09481dbea9e6b5254850ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\22a37a7c-b1e4-4612-9eb1-328eafd31d89.tmp.node

Filesize
2.1MB

MD5
c997f9ea0a59c78101dc6c06911b2938

SHA1
9884a606b451b7714b6339bb39d975aa938afff9

SHA256
3d84caf1da3d6835a30d8f84914ae3196a068c2c0251c380017afcebe6155039

SHA512
9d1ad39e14f45f1b4f681953b7179c8563b0d4f18e8afe9c4ca6a4e091d6a9f4e56168bd4cfed6a94578186067d40963afe16df1fb8e5d3a1d3394325378dd15

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\D3DCompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe

Filesize
116.2MB

MD5
a7d2394750c3569775846294bcb76863

SHA1
7a703b6a020469077647a5b3cd476f8ea9f6ed3d

SHA256
ab83c805341eb6566239f9ff8c233d0e584dcf322162667f9936629cabed84c1

SHA512
c9f42bdf632b24c7a8adc88e4b4588628a3d5a63d835c6c5404d8ec4eb236431cceca09322e4eea2e67f116731ce0dd0f3390e67fc326510657fe6cb8aea15f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe

Filesize
116.2MB

MD5
a7d2394750c3569775846294bcb76863

SHA1
7a703b6a020469077647a5b3cd476f8ea9f6ed3d

SHA256
ab83c805341eb6566239f9ff8c233d0e584dcf322162667f9936629cabed84c1

SHA512
c9f42bdf632b24c7a8adc88e4b4588628a3d5a63d835c6c5404d8ec4eb236431cceca09322e4eea2e67f116731ce0dd0f3390e67fc326510657fe6cb8aea15f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe

Filesize
116.2MB

MD5
a7d2394750c3569775846294bcb76863

SHA1
7a703b6a020469077647a5b3cd476f8ea9f6ed3d

SHA256
ab83c805341eb6566239f9ff8c233d0e584dcf322162667f9936629cabed84c1

SHA512
c9f42bdf632b24c7a8adc88e4b4588628a3d5a63d835c6c5404d8ec4eb236431cceca09322e4eea2e67f116731ce0dd0f3390e67fc326510657fe6cb8aea15f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe

Filesize
116.2MB

MD5
a7d2394750c3569775846294bcb76863

SHA1
7a703b6a020469077647a5b3cd476f8ea9f6ed3d

SHA256
ab83c805341eb6566239f9ff8c233d0e584dcf322162667f9936629cabed84c1

SHA512
c9f42bdf632b24c7a8adc88e4b4588628a3d5a63d835c6c5404d8ec4eb236431cceca09322e4eea2e67f116731ce0dd0f3390e67fc326510657fe6cb8aea15f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\Sasorei.exe

Filesize
116.2MB

MD5
a7d2394750c3569775846294bcb76863

SHA1
7a703b6a020469077647a5b3cd476f8ea9f6ed3d

SHA256
ab83c805341eb6566239f9ff8c233d0e584dcf322162667f9936629cabed84c1

SHA512
c9f42bdf632b24c7a8adc88e4b4588628a3d5a63d835c6c5404d8ec4eb236431cceca09322e4eea2e67f116731ce0dd0f3390e67fc326510657fe6cb8aea15f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\ffmpeg.dll

Filesize
2.4MB

MD5
9702e03c357b4961c4298a35e4501b2a

SHA1
bcc1cd7f151a0e888509fd71d50c8766f2a1700a

SHA256
18878ddcc3018881c1ef59bdbb5a405289a40ccdb0a6abc2eef3f623dbb23906

SHA512
001b8aa47b9396e5559bf44eec41c1fdc69b78fed56824291455fc925f5e4674083413345a516ca53084f2124ea8778b5f9b6bca731e60092fab670348ad585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\ffmpeg.dll

Filesize
2.4MB

MD5
9702e03c357b4961c4298a35e4501b2a

SHA1
bcc1cd7f151a0e888509fd71d50c8766f2a1700a

SHA256
18878ddcc3018881c1ef59bdbb5a405289a40ccdb0a6abc2eef3f623dbb23906

SHA512
001b8aa47b9396e5559bf44eec41c1fdc69b78fed56824291455fc925f5e4674083413345a516ca53084f2124ea8778b5f9b6bca731e60092fab670348ad585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\ffmpeg.dll

Filesize
2.4MB

MD5
9702e03c357b4961c4298a35e4501b2a

SHA1
bcc1cd7f151a0e888509fd71d50c8766f2a1700a

SHA256
18878ddcc3018881c1ef59bdbb5a405289a40ccdb0a6abc2eef3f623dbb23906

SHA512
001b8aa47b9396e5559bf44eec41c1fdc69b78fed56824291455fc925f5e4674083413345a516ca53084f2124ea8778b5f9b6bca731e60092fab670348ad585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\ffmpeg.dll

Filesize
2.4MB

MD5
9702e03c357b4961c4298a35e4501b2a

SHA1
bcc1cd7f151a0e888509fd71d50c8766f2a1700a

SHA256
18878ddcc3018881c1ef59bdbb5a405289a40ccdb0a6abc2eef3f623dbb23906

SHA512
001b8aa47b9396e5559bf44eec41c1fdc69b78fed56824291455fc925f5e4674083413345a516ca53084f2124ea8778b5f9b6bca731e60092fab670348ad585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\ffmpeg.dll

Filesize
2.4MB

MD5
9702e03c357b4961c4298a35e4501b2a

SHA1
bcc1cd7f151a0e888509fd71d50c8766f2a1700a

SHA256
18878ddcc3018881c1ef59bdbb5a405289a40ccdb0a6abc2eef3f623dbb23906

SHA512
001b8aa47b9396e5559bf44eec41c1fdc69b78fed56824291455fc925f5e4674083413345a516ca53084f2124ea8778b5f9b6bca731e60092fab670348ad585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\libEGL.dll

Filesize
349KB

MD5
5ff7ac1b20534e522b4655bf161ae182

SHA1
58f4a71441307b89f3fe5fed45c76599dcd6ef3b

SHA256
d51b9eaf4319fa3983d7e8ea927e526f6efcc31bae09b198abd340b7141c8740

SHA512
81ee0af52bec1509af877cbd20c342b4e90afe1e7d7643988f2268860600d417b0f03b2e3f08ec803e6a533920974a02f134579ab41977a0361eedeeb9907029

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\libGLESv2.dll

Filesize
6.5MB

MD5
89aa4a03bf9a949970af3658f147e2bb

SHA1
f9b353ceb2e25f4a82d20058a5875416b49aa023

SHA256
d8185a55d9c87dded6d1b07d89ca429bd794d9388deb44af2954bc0792b6be0b

SHA512
5ec9684d92624ebde26154f10678299d073b9096a58c9628d01faf3aea65e13f71269549446cc1765559e2c7574a5c002029cbdc874b3762e3d345a0d6ef4db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\libegl.dll

Filesize
349KB

MD5
5ff7ac1b20534e522b4655bf161ae182

SHA1
58f4a71441307b89f3fe5fed45c76599dcd6ef3b

SHA256
d51b9eaf4319fa3983d7e8ea927e526f6efcc31bae09b198abd340b7141c8740

SHA512
81ee0af52bec1509af877cbd20c342b4e90afe1e7d7643988f2268860600d417b0f03b2e3f08ec803e6a533920974a02f134579ab41977a0361eedeeb9907029

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\libglesv2.dll

Filesize
6.5MB

MD5
89aa4a03bf9a949970af3658f147e2bb

SHA1
f9b353ceb2e25f4a82d20058a5875416b49aa023

SHA256
d8185a55d9c87dded6d1b07d89ca429bd794d9388deb44af2954bc0792b6be0b

SHA512
5ec9684d92624ebde26154f10678299d073b9096a58c9628d01faf3aea65e13f71269549446cc1765559e2c7574a5c002029cbdc874b3762e3d345a0d6ef4db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\resources\app.asar

Filesize
52.1MB

MD5
9b588a22e739edf34642844a6d3e70e2

SHA1
8201e58a2988d054f8bf3c38e610de115bde1aa6

SHA256
55b7127dcc2efc0b687e02f68fd9f2da39f6f8fd283cf2b98a14c3e0fe748e4f

SHA512
7daa1e9288564d6d62c7f98e9e417037332fd547d0f6eb2ec55416966e4bf2dfc013a735f82bf0cbe93ff83eecc56d7c3a31b6753d65c966c8e93e5cf03a0a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\v8_context_snapshot.bin

Filesize
160KB

MD5
805c530e34e14e1a294f7606eed9494f

SHA1
01d7df68b36da20fd5cca1055bf3afcaa9bb870d

SHA256
db7d57f49a6b673ede3cc44e6e4ad9a526f184bf73f60958280f8d2622a02603

SHA512
158bb296584a74f73584d1f64679ee1a13bab30fc15c197809f6479488895f0a020ec0feed85232989fcde779752fedf46a3da852f27f671399f0d19a617d405

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\vk_swiftshader.dll

Filesize
3.7MB

MD5
737ab3ded2d062b882035e5cf2b362f0

SHA1
c8704542da187c529080cd9f0432a30c9450dc3d

SHA256
29a163ea4d95abc7a7dc680eefb0056d4c86cd3d104cd68b429fdaed392f5aa3

SHA512
89e99089a01148171c27c6823eb6a3f8e04c128b5524f8bcec7e383870782c2f9710b2e1d2ca4da7dc46904375d60bd0c5b645a570b09bbc9ca2277e8e956e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\vk_swiftshader.dll

Filesize
3.7MB

MD5
737ab3ded2d062b882035e5cf2b362f0

SHA1
c8704542da187c529080cd9f0432a30c9450dc3d

SHA256
29a163ea4d95abc7a7dc680eefb0056d4c86cd3d104cd68b429fdaed392f5aa3

SHA512
89e99089a01148171c27c6823eb6a3f8e04c128b5524f8bcec7e383870782c2f9710b2e1d2ca4da7dc46904375d60bd0c5b645a570b09bbc9ca2277e8e956e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\vulkan-1.dll

Filesize
625KB

MD5
aac56dfc34830054a0668a77530d84d1

SHA1
d6443676318cd1ccc5990dffc1918c7b9c79665b

SHA256
e8e88c50dd9731e6702123f41ae04709c4eccde1442fe0f98e7f76f4726981c9

SHA512
586331a5d2203fee29f271dec3686a6dbdd3837847ae298b688728fa333aac1688b3b7422849c9c24f5b77ec37b1f8b5b5b183ec97585035c1759a008a6dbddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MscmjE5nGUIEqfL3GLojFtlJC7\vulkan-1.dll

Filesize
625KB

MD5
aac56dfc34830054a0668a77530d84d1

SHA1
d6443676318cd1ccc5990dffc1918c7b9c79665b

SHA256
e8e88c50dd9731e6702123f41ae04709c4eccde1442fe0f98e7f76f4726981c9

SHA512
586331a5d2203fee29f271dec3686a6dbdd3837847ae298b688728fa333aac1688b3b7422849c9c24f5b77ec37b1f8b5b5b183ec97585035c1759a008a6dbddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\37cdc98d-2c41-413e-aea4-58a8c2570abd.tmp.node

Filesize
500KB

MD5
ea6196e2539f3d879e2a000419715e99

SHA1
ef987123f4b0d990b1fc4b9bad388f5e9962873f

SHA256
898de3d95e8f0576aa52dbc70a0c1547fdfd5dc06910054dcaa030ac7511b51f

SHA512
67779a990870ee064b0dcca20b4ef7913a20c926a2ae5eb18b907a77b20350da3b64633365227adbdecc6e024ecaa81fb5b80549326474d454e73c64454db76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ungnerwg.ydf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\Sasorei.exe

Filesize
116.2MB

MD5
a7d2394750c3569775846294bcb76863

SHA1
7a703b6a020469077647a5b3cd476f8ea9f6ed3d

SHA256
ab83c805341eb6566239f9ff8c233d0e584dcf322162667f9936629cabed84c1

SHA512
c9f42bdf632b24c7a8adc88e4b4588628a3d5a63d835c6c5404d8ec4eb236431cceca09322e4eea2e67f116731ce0dd0f3390e67fc326510657fe6cb8aea15f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\ffmpeg.dll

Filesize
2.4MB

MD5
9702e03c357b4961c4298a35e4501b2a

SHA1
bcc1cd7f151a0e888509fd71d50c8766f2a1700a

SHA256
18878ddcc3018881c1ef59bdbb5a405289a40ccdb0a6abc2eef3f623dbb23906

SHA512
001b8aa47b9396e5559bf44eec41c1fdc69b78fed56824291455fc925f5e4674083413345a516ca53084f2124ea8778b5f9b6bca731e60092fab670348ad585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\libEGL.dll

Filesize
349KB

MD5
5ff7ac1b20534e522b4655bf161ae182

SHA1
58f4a71441307b89f3fe5fed45c76599dcd6ef3b

SHA256
d51b9eaf4319fa3983d7e8ea927e526f6efcc31bae09b198abd340b7141c8740

SHA512
81ee0af52bec1509af877cbd20c342b4e90afe1e7d7643988f2268860600d417b0f03b2e3f08ec803e6a533920974a02f134579ab41977a0361eedeeb9907029

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\libGLESv2.dll

Filesize
6.5MB

MD5
89aa4a03bf9a949970af3658f147e2bb

SHA1
f9b353ceb2e25f4a82d20058a5875416b49aa023

SHA256
d8185a55d9c87dded6d1b07d89ca429bd794d9388deb44af2954bc0792b6be0b

SHA512
5ec9684d92624ebde26154f10678299d073b9096a58c9628d01faf3aea65e13f71269549446cc1765559e2c7574a5c002029cbdc874b3762e3d345a0d6ef4db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\resources\app.asar

Filesize
52.1MB

MD5
9b588a22e739edf34642844a6d3e70e2

SHA1
8201e58a2988d054f8bf3c38e610de115bde1aa6

SHA256
55b7127dcc2efc0b687e02f68fd9f2da39f6f8fd283cf2b98a14c3e0fe748e4f

SHA512
7daa1e9288564d6d62c7f98e9e417037332fd547d0f6eb2ec55416966e4bf2dfc013a735f82bf0cbe93ff83eecc56d7c3a31b6753d65c966c8e93e5cf03a0a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\snapshot_blob.bin

Filesize
48KB

MD5
adb883e99086d65477bd9b491b13908f

SHA1
7ae3da9db7050b60056865c5a039b8499e37a841

SHA256
5b1d8836e8a2c346622e2f7bbfe330fb46bf33ab3c778a4a72afe69602ee219e

SHA512
05ac2ac0fa5254ab4d8cdd60716f51f5807cbe855890797598adff394a510f0c846ccdef8fca65ca7ca20a736fe793bf2d3b59fe9923a101e511b8afaf60397a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\swiftshader\libEGL.dll

Filesize
364KB

MD5
e5582595876dca0dd3c336ee4a7f3749

SHA1
7cf83d019d91e560d63b856c4a1ddb4dd39f20c8

SHA256
5c2af643ba7981c88f00a312aa9300fe47a7e2330854065a7d35893e86df412d

SHA512
c6779a1169cc01396ac2cb5e15d5e50962d607203d68b0e8a4a352fe5eda796cc31e604985f15d69cb1d44277985417198c7d88cdf4d013a137993f69f52518f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
2.7MB

MD5
b3d2e9729aa21122a7889d95d362c5fd

SHA1
3c97a7456ea79c194e9c6256d55719f2aa6fabed

SHA256
b238624a562685c34e6b03985615137abbe31a5a1fea3c70bbaf4f7adaa87ab9

SHA512
12364c5853cd44515e410f1a029b2418ebaad0d8c8e0d2ecf9ea41ccdd6558fd536435511461ea173e3e519285a2eb4a2ee57864c4d404a3a6ff97e8d6f541b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\v8_context_snapshot.bin

Filesize
160KB

MD5
805c530e34e14e1a294f7606eed9494f

SHA1
01d7df68b36da20fd5cca1055bf3afcaa9bb870d

SHA256
db7d57f49a6b673ede3cc44e6e4ad9a526f184bf73f60958280f8d2622a02603

SHA512
158bb296584a74f73584d1f64679ee1a13bab30fc15c197809f6479488895f0a020ec0feed85232989fcde779752fedf46a3da852f27f671399f0d19a617d405

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\vk_swiftshader.dll

Filesize
3.7MB

MD5
737ab3ded2d062b882035e5cf2b362f0

SHA1
c8704542da187c529080cd9f0432a30c9450dc3d

SHA256
29a163ea4d95abc7a7dc680eefb0056d4c86cd3d104cd68b429fdaed392f5aa3

SHA512
89e99089a01148171c27c6823eb6a3f8e04c128b5524f8bcec7e383870782c2f9710b2e1d2ca4da7dc46904375d60bd0c5b645a570b09bbc9ca2277e8e956e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\7z-out\vulkan-1.dll

Filesize
625KB

MD5
aac56dfc34830054a0668a77530d84d1

SHA1
d6443676318cd1ccc5990dffc1918c7b9c79665b

SHA256
e8e88c50dd9731e6702123f41ae04709c4eccde1442fe0f98e7f76f4726981c9

SHA512
586331a5d2203fee29f271dec3686a6dbdd3837847ae298b688728fa333aac1688b3b7422849c9c24f5b77ec37b1f8b5b5b183ec97585035c1759a008a6dbddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslAEEE.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
f31d3cc662ce4a9cea68bf958c2e7f91

SHA1
370870d35135226099f96e74ab40fc1101737e4d

SHA256
6495fb6f403d12667c23bd4b6a53a044ae4bb9b9d3ac7d639927806186268384

SHA512
fa15cf125b30ba2a0a3f011fd88edf17edb55ce2fd73c63f6d8b35125bd09bef43f2ace99d4ba01cab50e3bdf536a21f179edaeaa73920b8a630a21ae7df0b44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
137c2620c8baf62b5f6d10f317e2a95f

SHA1
0ac1119ade5abc7fd8a92b9633d949c1870bea73

SHA256
83f4e3ec6d2ed3152e6bc026d8dfe63fd8c10fd377eeb004643acd5af2b7fde0

SHA512
dad8fe32b46bd3842e101a78e402be87b7e4b32ee6557d51e91101087f2b4ff38484160df763a0384f3e07bd7005d228259a31c4d7ba323a990c2639518f7e79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
09c24ff47e6195523f466c334aabe600

SHA1
1e8cac94eee7dbb608e086ad5e10266998b5f9d6

SHA256
130c6a4fa5343705fdd44e48c9c3a75abc196fc1c1570bfeea4d2ae35144452a

SHA512
6a394775aefcd7edb8c096aa316311e869f90205c459b81af353efba8b95fe84eff6ed0a5568abc9ffc3d4cd7c90e5acce5828d74368d03f1ea7a00b1fb019ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
416a43df95d9b2d09d9f75332eb93fd4

SHA1
ae603b66846f0f26813753f4cdf16d1a74592c2e

SHA256
d1dd68dc57567f0c7c8e0b346a77fc40125f72b33459ff7dbb8c77d53bef5f21

SHA512
8469e23aa817b6059c80de92c52c0e9ae03a52044574c704b7390c20bfb6b6c815ecb94dcd0347b775bc838376b12a5aed04e78fe942ea63aeb3e2ef8ea75d3a

Download Submit
C:\Users\Admin\Downloads\Sasorei_Setup.zip

Filesize
149.9MB

MD5
c6f890402b8b412c1fdcd68b8a5d3044

SHA1
77997a385de2bdc0293730eeb019fa54983ac89a

SHA256
07aa0228b182a4176a4a90adc3984ca6235974ccfa673960e7730f9fc96f5aff

SHA512
a609a6199c033a9e5a100cf2ac722f8e87c5db90fe6d0d127e5387af65afddd527bd0e0259f6e8602e1728e70f07ad86e9ad46c2fe324b6387aa44622d3dd2a7

Download Submit
C:\Users\Admin\Downloads\Sasorei_Setup\Windows\Sasorei.exe

Filesize
49.7MB

MD5
f8155f08dbb94c3d9e1bd7ba54e543bb

SHA1
e7a28e09e27b6a0bbf2fedefd9ae330055554ab1

SHA256
c91c608a4243e46472d86baf05c73005511e6028eb6a82f0c1b941a63731f387

SHA512
48c84acddc2bc21c8bf37bc13893d7eef0a933488a635b23c036fb745bd97c2c87bb0ba26394cca16f7f25909ff9deb36577ce86bfb8147b7ac2a90581e49701

Download Submit
C:\Users\Admin\Downloads\Sasorei_Setup\Windows\Sasorei.exe

Filesize
49.7MB

MD5
f8155f08dbb94c3d9e1bd7ba54e543bb

SHA1
e7a28e09e27b6a0bbf2fedefd9ae330055554ab1

SHA256
c91c608a4243e46472d86baf05c73005511e6028eb6a82f0c1b941a63731f387

SHA512
48c84acddc2bc21c8bf37bc13893d7eef0a933488a635b23c036fb745bd97c2c87bb0ba26394cca16f7f25909ff9deb36577ce86bfb8147b7ac2a90581e49701

Download Submit
memory/208-1059-0x0000000002680000-0x0000000002690000-memory.dmp

Filesize
64KB

Download
memory/208-1060-0x0000000002680000-0x0000000002690000-memory.dmp

Filesize
64KB

Download
memory/884-1213-0x0000000005370000-0x0000000005380000-memory.dmp

Filesize
64KB

Download
memory/884-1214-0x0000000005370000-0x0000000005380000-memory.dmp

Filesize
64KB

Download
memory/924-713-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/956-804-0x0000000002900000-0x0000000002910000-memory.dmp

Filesize
64KB

Download
memory/956-803-0x0000000002900000-0x0000000002910000-memory.dmp

Filesize
64KB

Download
memory/996-752-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/996-751-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/1232-662-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/1232-661-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/1416-674-0x0000000004750000-0x0000000004760000-memory.dmp

Filesize
64KB

Download
memory/1416-673-0x0000000004750000-0x0000000004760000-memory.dmp

Filesize
64KB

Download
memory/1424-728-0x00000000025D0000-0x00000000025E0000-memory.dmp

Filesize
64KB

Download
memory/1424-729-0x00000000025D0000-0x00000000025E0000-memory.dmp

Filesize
64KB

Download
memory/1428-960-0x0000000004940000-0x0000000004950000-memory.dmp

Filesize
64KB

Download
memory/1428-1110-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download
memory/1428-964-0x0000000004940000-0x0000000004950000-memory.dmp

Filesize
64KB

Download
memory/1428-1111-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download
memory/1552-1132-0x00000000044C0000-0x00000000044D0000-memory.dmp

Filesize
64KB

Download
memory/1872-754-0x00000000046A0000-0x00000000046B0000-memory.dmp

Filesize
64KB

Download
memory/1872-765-0x00000000046A0000-0x00000000046B0000-memory.dmp

Filesize
64KB

Download
memory/1968-767-0x0000000002490000-0x00000000024A0000-memory.dmp

Filesize
64KB

Download
memory/1968-768-0x0000000002490000-0x00000000024A0000-memory.dmp

Filesize
64KB

Download
memory/2296-623-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-616-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-626-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-624-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-621-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-615-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-625-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-620-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-605-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2296-622-0x000000000DE00000-0x000000000DE01000-memory.dmp

Filesize
4KB

Download
memory/2600-701-0x0000000002900000-0x0000000002910000-memory.dmp

Filesize
64KB

Download
memory/2600-700-0x0000000002900000-0x0000000002910000-memory.dmp

Filesize
64KB

Download
memory/2656-781-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2656-780-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2736-828-0x0000000002ED0000-0x0000000002EE0000-memory.dmp

Filesize
64KB

Download
memory/2736-829-0x0000000002ED0000-0x0000000002EE0000-memory.dmp

Filesize
64KB

Download
memory/2868-908-0x00000000045A0000-0x00000000045B0000-memory.dmp

Filesize
64KB

Download
memory/2868-909-0x00000000045A0000-0x00000000045B0000-memory.dmp

Filesize
64KB

Download
memory/3836-1089-0x0000000002610000-0x0000000002620000-memory.dmp

Filesize
64KB

Download
memory/3836-1088-0x0000000002610000-0x0000000002620000-memory.dmp

Filesize
64KB

Download
memory/3840-997-0x0000000002EE0000-0x0000000002EF0000-memory.dmp

Filesize
64KB

Download
memory/3840-998-0x0000000002EE0000-0x0000000002EF0000-memory.dmp

Filesize
64KB

Download
memory/3868-1236-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/3868-1235-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/3908-1169-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/3908-1170-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/3916-715-0x0000000002950000-0x0000000002960000-memory.dmp

Filesize
64KB

Download
memory/3916-716-0x0000000002950000-0x0000000002960000-memory.dmp

Filesize
64KB

Download
memory/4100-985-0x0000000002160000-0x0000000002170000-memory.dmp

Filesize
64KB

Download
memory/4364-939-0x0000000002480000-0x0000000002490000-memory.dmp

Filesize
64KB

Download
memory/4364-936-0x0000000002480000-0x0000000002490000-memory.dmp

Filesize
64KB

Download
memory/4832-688-0x0000000004A40000-0x0000000004A50000-memory.dmp

Filesize
64KB

Download
memory/4832-687-0x0000000004A40000-0x0000000004A50000-memory.dmp

Filesize
64KB

Download
memory/4952-648-0x0000000001800000-0x0000000001810000-memory.dmp

Filesize
64KB

Download
memory/4952-649-0x0000000001800000-0x0000000001810000-memory.dmp

Filesize
64KB

Download
memory/4972-604-0x0000000005770000-0x00000000057D6000-memory.dmp

Filesize
408KB

Download
memory/4972-632-0x00000000062D0000-0x00000000062F2000-memory.dmp

Filesize
136KB

Download
memory/4972-627-0x0000000005D90000-0x0000000005DAE000-memory.dmp

Filesize
120KB

Download
memory/4972-603-0x0000000005700000-0x0000000005766000-memory.dmp

Filesize
408KB

Download
memory/4972-601-0x00000000024B0000-0x00000000024C0000-memory.dmp

Filesize
64KB

Download
memory/4972-602-0x0000000004DE0000-0x0000000004E02000-memory.dmp

Filesize
136KB

Download
memory/4972-633-0x00000000073A0000-0x0000000007944000-memory.dmp

Filesize
5.6MB

Download
memory/4972-634-0x0000000006E90000-0x0000000006F22000-memory.dmp

Filesize
584KB

Download
memory/4972-600-0x00000000024B0000-0x00000000024C0000-memory.dmp

Filesize
64KB

Download
memory/4972-1191-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4972-1192-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4972-598-0x0000000004E70000-0x0000000005498000-memory.dmp

Filesize
6.2MB

Download
memory/4972-596-0x0000000002460000-0x0000000002496000-memory.dmp

Filesize
216KB

Download
memory/4972-631-0x0000000006280000-0x000000000629A000-memory.dmp

Filesize
104KB

Download
memory/4972-630-0x0000000006D50000-0x0000000006DE6000-memory.dmp

Filesize
600KB

Download