5747325bf9347e431412ae207c6e163dc1a9c968741989b12fe407a9cb440a8a

Resubmissions

17/03/2023, 21:41

230317-1j6b7acb5t 8

17/03/2023, 21:40

230317-1h82paab27 1

Analysis

max time kernel
1979s
max time network
1818s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
17/03/2023, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mcbot-main.zip
Size

4.1MB
MD5

e00f4960bf3de863ecab55af200712c1
SHA1

b6aa9c80020be3584226cf83fbf3b39701d8928f
SHA256

5747325bf9347e431412ae207c6e163dc1a9c968741989b12fe407a9cb440a8a
SHA512

eacaaa47f0230d5150c775b1deb549fbcd5dc94fc6bc58a290eacd48c4f3d7395814b6a1239b4537ccd9b6c3d5d0e74251d93b975eefb4677a6bafa85b750539
SSDEEP

98304:ckZ4Mp/g8GXOn+vnk/kI2k8RpIZrXdCq++/vID+pqxHmGN1:5Z5N+vnk/k5VyNb7vpQr

Score

8^/10

discovery persistence

Malware Config

Signatures

Contacts a large (515) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	TrafficerMC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	TrafficerMC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation = "174"	rundll32.exe

Executes dropped EXE 5 IoCs

pid	Process
3180	TrafficerMC-2.1-windows-x64.exe
712	TrafficerMC.exe
3916	TrafficerMC.exe
1252	TrafficerMC.exe
4060	TrafficerMC.exe

Loads dropped DLL 12 IoCs

pid	Process
3180	TrafficerMC-2.1-windows-x64.exe
3180	TrafficerMC-2.1-windows-x64.exe
3180	TrafficerMC-2.1-windows-x64.exe
712	TrafficerMC.exe
3916	TrafficerMC.exe
1252	TrafficerMC.exe
3916	TrafficerMC.exe
3916	TrafficerMC.exe
3916	TrafficerMC.exe
3916	TrafficerMC.exe
3916	TrafficerMC.exe
4060	TrafficerMC.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	SearchProtocolHost.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	SearchIndexer.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International	rundll32.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice\Hash = "W04/HhYv+mc="	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpg = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%windir%\system32\mstsc.exe,-4001 = "Use your computer to connect to a computer that is located elsewhere and run programs or access files."	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\miguiresource.dll,-201 = "Task Scheduler"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007f88d7a42259d901	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice\Hash = "5uckcZGsgts="	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.m4a = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice\Hash = "sqs8qDWpARk="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%windir%\system32\iscsicpl.dll,-5002 = "Connect to remote iSCSI targets and configure connection settings."	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp4 = "1"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice\Hash = "wVGqakPEk+Y="	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.wpl = "1"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000bb24f4a42259d901	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\iscsicpl.dll,-5001 = "iSCSI Initiator"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.ADT = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice\ProgId = "AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\dfrgui.exe,-103 = "Defragment and Optimize Drives"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice\Hash = "nTVGCxys43o="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\System32\SnippingTool.exe,-15052 = "Capture a portion of your screen so you can save, annotate, or share the image."	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%systemroot%\system32\mycomput.dll,-112 = "Manages disks and provides access to other tools to manage local and remote computers."	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@searchfolder.dll,-32822 = "Everywhere"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice\Hash = "ztSkZjj/IGE="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.cr2 = "1"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\Hash = "rRUah9+5RRw="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.htm = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\odbcint.dll,-1694 = "ODBC Data Sources (64-bit)"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\quickassist.exe,-806 = "Quick Assist"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\wsecedit.dll,-718 = "Local Security Policy"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif	SearchProtocolHost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	TrafficerMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	TrafficerMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e80922b16d365937a46956b92703aca08af0000	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	TrafficerMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "13"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14	TrafficerMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	TrafficerMC.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	TrafficerMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\SniffedFolderType = "Documents"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000200000000000000ffffffff	TrafficerMC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	TrafficerMC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	TrafficerMC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	TrafficerMC.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3880	taskmgr.exe
712	TrafficerMC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4684	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4684	SearchIndexer.exe
Token: SeManageVolumePrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4684	SearchIndexer.exe
Token: SeDebugPrivilege	3880	taskmgr.exe
Token: SeSystemProfilePrivilege	3880	taskmgr.exe
Token: SeCreateGlobalPrivilege	3880	taskmgr.exe
Token: 33	3880	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3880	taskmgr.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe
Token: SeCreatePagefilePrivilege	1800	chrome.exe
Token: SeShutdownPrivilege	1800	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe
3880	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
712	TrafficerMC.exe
6040	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 2280	4684	SearchIndexer.exe	71
PID 4684 wrote to memory of 2280	4684	SearchIndexer.exe	71
PID 4684 wrote to memory of 2212	4684	SearchIndexer.exe	72
PID 4684 wrote to memory of 2212	4684	SearchIndexer.exe	72
PID 4684 wrote to memory of 4436	4684	SearchIndexer.exe	74
PID 4684 wrote to memory of 4436	4684	SearchIndexer.exe	74
PID 1800 wrote to memory of 1172	1800	chrome.exe	88
PID 1800 wrote to memory of 1172	1800	chrome.exe	88
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4396	1800	chrome.exe	91
PID 1800 wrote to memory of 4476	1800	chrome.exe	90
PID 1800 wrote to memory of 4476	1800	chrome.exe	90
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92
PID 1800 wrote to memory of 3096	1800	chrome.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mcbot-main.zip
1⤵
PID:1820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4224

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:2280
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 8192 696
  2⤵
  - Modifies data under HKEY_USERS
  PID:2212
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3346939869-2835594282-3775165920-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3346939869-2835594282-3775165920-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
  2⤵
  PID:4436
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:2268
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 8192 696
  2⤵
  PID:2876
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:5140
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 8192 696
  2⤵
  PID:2564

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\mcbot-main\mcbot-main\MCBOT.jar"
1⤵
PID:3952

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3880

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\mcbot-main\mcbot-main\MCBOT.jar"
1⤵
PID:4988

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\mcbot-main\mcbot-main\MCBOT.jar"
1⤵
PID:2968

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\mcbot-main\mcbot-main\MCBOT.jar"
1⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff840739758,0x7ff840739768,0x7ff840739778
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3596 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4668 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1088 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4576 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5348 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4640 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Users\Admin\Downloads\TrafficerMC-2.1-windows-x64.exe
  "C:\Users\Admin\Downloads\TrafficerMC-2.1-windows-x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe
    C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:712
  - - C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe
      "C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\trafficermc" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1656,i,11711210453805675791,827690476579904858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe
      "C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\trafficermc" --mojo-platform-channel-handle=1792 --field-trial-handle=1656,i,11711210453805675791,827690476579904858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe
      "C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\trafficermc" --app-path="C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1960 --field-trial-handle=1656,i,11711210453805675791,827690476579904858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4424 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1772,i,11769136275450131993,15609241032259681443,131072 /prefetch:8
  2⤵
  PID:972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4656

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" LanguagePackInstaller
1⤵
PID:2796

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4916

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL intl.cpl,,/p:"location"
1⤵
- Checks computer location settings
- Modifies Control Panel
PID:4676

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6012
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.0.1736144627\1446222705" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1632 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {474cfcf1-d5d5-4a83-b3e2-fc8582d6b142} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 1740 2bf9411a658 gpu
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.1.1583292200\490249496" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86eb9ca5-8cbe-4518-bf6e-06f6cbab97bb} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 2136 2bf92e15c58 socket
    3⤵
    - Checks processor information in registry
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.2.581689839\679205494" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2764 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b4fb21d-8689-4441-a92e-52a628e4a389} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 2800 2bf96e49158 tab
    3⤵
    PID:4676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.3.365345748\1413175475" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3540 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {927f11e5-ed35-4195-a241-9266e75ac5ef} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 3572 2bf87a61c58 tab
    3⤵
    PID:2560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.4.1333966036\414869243" -childID 3 -isForBrowser -prefsHandle 3736 -prefMapHandle 3740 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40fda346-4f75-4ee1-a09d-123acc3b1256} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 3724 2bf9873c858 tab
    3⤵
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.7.499151449\450234279" -childID 6 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26700 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {997a41aa-c24c-4302-ba4c-15e78c2d07ad} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 4848 2bf9966bc58 tab
    3⤵
    PID:372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.6.758474243\1313505340" -childID 5 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26700 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {686c26db-621c-476e-b8a1-08702d3c9c95} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 4952 2bf99422a58 tab
    3⤵
    PID:1292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.5.1066076446\1654623917" -childID 4 -isForBrowser -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 26700 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7670b563-0ebd-453c-8cfb-9025f3209872} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 4708 2bf99422458 tab
    3⤵
    PID:4220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6040.8.1753362453\158823319" -childID 7 -isForBrowser -prefsHandle 5524 -prefMapHandle 2648 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bc34352-1331-4a64-95b6-9bf02f3f26a3} 6040 "\\.\pipe\gecko-crash-server-pipe.6040" 3920 2bf99422158 tab
    3⤵
    PID:5480

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Network Service Scanning

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx

Filesize
1024KB

MD5
47018e8061a2cb6ecb6596f8c6d37f3f

SHA1
f9358a17dc40ea8ecd7882c7a70b867d378fad06

SHA256
2e4c62e5adf2f79cc9eced8c965d345087ff14fbcc7e391c9d4e37173e293804

SHA512
21388c518010e8a8d9b37644f9fbe2a8657e078420ab2839dc922a2ae74f5c124255d13c4d647d6de05a0a4d45959cd3326c18a076e7551eeb94b397e73c36f2

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
271914f49b235b5f576682d2d1784d79

SHA1
8655f8bb6ca1f6976302360f696ad0c84f9626d1

SHA256
5e09dd59d1b9cb1931d7e340eff109a9c1624e5ce24002e31d6ce2b9de40a0e3

SHA512
df949d9060e87869c1a3a28010e4d3f7442d7cca01b5755621be1fbbd9a3605ea2ba3c4c7d38dd8c7e9bee4a44fb572ae94d13afbee6b8e728e918d1fa8abc82

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
f1897607ed7eb49ee36a6df037e02cae

SHA1
25733ce6b870fe80d4178a77ad52e8a188d9c3a8

SHA256
1e76fe1af91a9b317873b81eda81267d2c22e6f742e4fe24ac2601b120695448

SHA512
14afbb79ab046b1381a0a90d087e0a92f14389a2c9be1c5a2b881bb49e147880c0a3728fb1cd5fbc4a3982ab116e5bf6a1c99eaf171e5d22743cd204f4a8473e

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
9ed24b5b7a98a7f5c6890d4d133217b1

SHA1
3751dc761cfcf3b3288617b275e163ed10dcce64

SHA256
1c8fd683c19068f5c1578ea885b21958d5741c0ea5f970c85239328d7e8b2f96

SHA512
26984185cdfe5f7a933913f7bf2b89866cefb635948db65c4896449da63d7a58b298ab95d3340f1d6282a51bf8f861984e60ad820c9041fa36672c018effaaa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
289KB

MD5
a9c82aa844ff6ac166d8f9edbf7eead9

SHA1
559363179ccba4ed335e47f85caee2282cd4c1bf

SHA256
11c98dc57c8472be16daefa07e7d94bc995b773ae112f812b0007f71adeb34f2

SHA512
ef5ddcd73e2d99da9dfc5dc9106f2f84d31ef3db790785cae00363a060fb9681c5f2af5ff1ec44101593d4cd72c29be26c8e5817fb7de198071141a36e254dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
63KB

MD5
70dc47be9924660f51a6d7919e4f9ad9

SHA1
34988db27376f170f200e7bc6d0eb76b5acd025c

SHA256
0c059a225e1e6dc4d4c629bfb1d61af1fb60d4eee4d7dd664a7bde9ed3b23df8

SHA512
128dcb8e0149620feb5bf7de4483a7d0c00f6edc6668cbf61fcd7cde863e223e940be8940c0d619142b076cb787831bec3e4974c6c88a4af919f001b6688757d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
68KB

MD5
e98ebee3ea2e9600004f377c32f4343f

SHA1
22b81ead2377fc0bc2635988ff344120ef1e06f8

SHA256
64479e823843326467fac263ab0922ae6b439b1d0e0c8f642c4c11e1e85ad7be

SHA512
ccc9fdd46bb5a262293b84e9c32ccada8263943305efecc24be32bf769d2882521e211df175a8718487662112320f45c9f3a9981b7e77c281be3a1dea1e09820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
354KB

MD5
43a8a9e71ec88bd07d5b139f4981a348

SHA1
e796f5383128131842f770000b2f0de34ae44bc2

SHA256
eb4554b8fc985c67aadbfba0388ca834de98498c21a1d627245548251007db7e

SHA512
5ece7d0ed4003b10ee0e1d608ac745132a4918c3aee1d9cf55910228d6c99d37c13bd6fbefcb62d401ab9d39126f70d34ce53655d12e1068c992c569db757ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6d25aa784b2d6abcb0a2e549685728e8

SHA1
3534ccf1ab992d0ac8197c6405dc9264960796ec

SHA256
734b6a56470baaa75c9f062ee1a1ad34efe606d5c48b32860c3286bb7a68380e

SHA512
faa22af34181e9592aa938ff957183133cfdce691c8ffffb3456cb39b63fa012f27b5ea2282674d1b8829b3c93d882a6dc738056a616a356121483a61c3c5a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8a37561f1211a8e6c55f1db31c0e9eeb

SHA1
c670b8b9d25b0c4cdc9a323ca8233ce74d7b5561

SHA256
4a9ecf55caed41aeda24fd2d20b801c129d7585d8b1c0b05b662267f36a1d753

SHA512
8d358863ccde7863a69af9716e2f850bfeb2ef8a1f00c204a3c4e3ee43fcfe218aaba486821a5e1a8d880097bd3db57c6ad9794ab4bf96d34219561072804b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
87a75d086e4471f792063c98f93c0a12

SHA1
b41e25e1dd484d1f150ef207154896e2fbd886e0

SHA256
8745ba8f90a35a950f0d8b0328cbe1f0129a0f3e7ce84f41b4a626186d4ccdac

SHA512
d234b2bb20495f0808029b8a83c367f8c9087adb8f8a6141418eb6520a5e4b4aa6cca8eda5b015dead1dfbc3f7c7a702a4c79eafb04f156eafe14bd8efa688f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4ca214d911c51f7f29f69616ec96ed17

SHA1
a9b216ef0edcf0c357fb10e5f4addc1072afcfce

SHA256
acd7845b14c4b64672f63e3c239ee86bc8dbb3f353dcf2e60cd84a8055263166

SHA512
4affaf06b341154ebe24d0d9ecec9bfbef88d3174815645a05a7d0749b6061bbfe20cec4b9dd3664f592b2e71fd80d8035828dac3e6c4d8cb33838b59a430425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
acf174cbb845917645a7feb5c5d5edce

SHA1
9f9902d71b9ae859147179d470a2e1bb9b2378a2

SHA256
c86eebe33740953378cf9710cf598bf32797afb1c173b0a9ec3b2dad271c9c08

SHA512
5e35607cb2d4773e9fd46b963728493ec89a2f6c827d2aa6cbafd12795113450bb2e9c0669eb8462b5e8d847c1affc12abe1bff005080fe9dfdbff73a55141b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3b71c9ba63d903cc59ef4718629d27ad

SHA1
ba0cc73c4697e895d383ca98b001e11a8cc5a28c

SHA256
d153966f11c30307eef4310ce22952611ce8a567034ddcb6fd9fc8fc5a56c383

SHA512
18e6c636187b41cd6120d8911716db57b7f7ce928838c9df9e027abcfd92260d829cb7c42bd2fffbadfc8d719c1c9c934e8f504c87a462477723b5492ed857e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1868a2bcfcd5569d8950c5ec0f12470a

SHA1
63ea50b52a0f2dc9a0c6baf304457d46abfe16f9

SHA256
bed7b407a71c3ff408c3c6c9949141d5225718096db1026d08b20efa7da7f2b6

SHA512
30cc7d3b5dc52e34f64c8f446f8601f956dbb6839646f89b398aee76539993ed1650e026ab0acf80bec39b458ba9105f395febe7de5859de1d4b2d8ed7651e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6a6cb56e7ff4cdae87f9548c946bcced

SHA1
b7370001d57f439f732d976b7f0a776dec0026ff

SHA256
bb5db4bf8035e3c88ae182fdd180bf3ccbf6bcb50d345b53a3eecbee2a90c543

SHA512
560fdbc7affc47f44c70d34aa93c47fa78029c0f2fbf171b678655b886f5fc7b76dd89edadace672e5374a2041bd56a23be48625af86f95e90f818903dd26339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4ee7f4d1953b336d8edfb94fb71882c3

SHA1
f7497cd4a7be6c4452eeefdb84f96205215807e9

SHA256
8398d211d9e59b3b257b31bb54056d39a6c8ce11569a01facee21eeea05ee3ce

SHA512
541e8961025eccecc00c770b4c6f167e3b739be256c945a70456a066b3faf405222bb97f0ee02febd050069dffe93bdda8a658f1f779aec1b9446c2c39c6ff5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b98e06c0df3ca066ad8cdb55689ef155

SHA1
438eafd47f7db6e1902289ea62de4a5719fe4315

SHA256
8a7f3cb780b44299d3832e9538d01fa274561a42b96fb7118a7cf0ec9532ce36

SHA512
af3d18c7fcd4662677555b30c1e094095eeb619ca5a5bcfbed5820e853581d3acc15717413e08d34f9d25b29f8b79eb76b95217e70045091a6dbeb7cb2826084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
90c4c14df74366076736c59882e0b601

SHA1
d382740e1f35fa185062170f3d70ad7cb827c747

SHA256
c4a1c7c8a703d2fb6cb0178e4f37ef8d3f6bde4e2325322170da2b145018c58e

SHA512
3041f2a6cfa80af7f49062dc1db2b4e4fc43d71c5e36a9cce203bf845b24773f1e7208eba104c8771e29103b121e15231688c967000227b826bede86fb3a3ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2466905eff41a3a83752e4a359718f87

SHA1
d7c498a1ffd79a73e86343a5c85df310bb35994c

SHA256
c53ad9dc49dfc3d90dc9d2f4fae50fbddd1dea58eaf3eaa6958768d56a7a8352

SHA512
dd5808f481e831aa20936efd57c225ff6caf0f9479716e55b29bdf9e778f42b4f6e1ef0c6b8855719229a682bef8f648df0146b235174b11bbc50d2204a4fac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
260e1043d97f12670e70401bee2b78da

SHA1
1289388ae8b4ef1ca84e5c9a7a90a6ff3b0314b8

SHA256
41d4672376ba0a91102ac1c07b9c6c8bb50415d1a7e89b4c67f00cadbc92f98f

SHA512
9f541f01e886eb56b3dbaa1f5faff9ba08200446cf445b4b8f110dde0ef9aebb128e4da56ac5da8069a3d2fca05671b8da54a43c85f1ef548a944519fe9c2752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
84cda0d6dae531b2fc8dc09e43bb8604

SHA1
1ded87655494fcb2560655387900b6832e605ba5

SHA256
bce855076bbeed4ca5b47718c0f99dec4071b9a6c905cc44e3413f60bd085503

SHA512
baaa28a59dac0a7b5b612c6fed3305190b05e35a84efb441def813f3ecbdeefdf7567e3b7de0092a9ece50acedd481b8eae49a5ae4a2f84962f4154f1190959c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a654b93f22b4097c51b37614bf65b476

SHA1
3cb8db3e21dc5bb6d7e2add2e0baf05f0a30a799

SHA256
9f41d1a5db4a5e2c1996f5f96c326944792bc40f152532dc9c4dbec9e17a7fe1

SHA512
c147b817e931710c29b8de4bb327fd5ac7a62f3447057abc48c642091d3563f27a31ee03ccf705e95febbef9d2163a1302d7a91bdd87fadb0c20058ba47357ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5c55f6d8cf1d0cf153bfb232a050631f

SHA1
7bf4302bdbea93d7defe04b97e2bd031e6ba4210

SHA256
ee8966b74ed98132dc8fcb6da8177041cb9320f0895559ba3224e5ba3ddadc5d

SHA512
04f922b9580ed343cb6a128e3e28e4cffc6a08269962dfdc0d68be306b28697259d92cfb5b60349acb2b92e7a87edc8ab12cfcb0bc1919d4596b7164abe10788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3950a85590bf933126b5ed9b2e8d7726

SHA1
78fc2f21a07ddb2e3fd1fcf30747cef20416001e

SHA256
c0bdb7272f238050cf6d57bc4fd5f87086a72f74a58dfc4b17119c6ab1542f22

SHA512
9daeeaf2a75492f37b97507234e1ba6741e3f001a5a883bd0e115edd0ad7eb33841d5685eefbce3d486b47c39dd608b325cc127aa24da993c9cd6b71c721bcfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be6cd7d92fccbfaf82b7f5d385a2cf34

SHA1
a235bf726f0d302d1d2ffe594bfa4a1ae20fce76

SHA256
70a58f2c31a63382b1ceb2592379be85082af8c221dec73824275cf1a6c767e8

SHA512
87cf6908984102a12b807a931a5ccff2281867ac2666b900d3a4e86e69376be8e81b2e99a45a36267f7a43eacf67a1f5b4f47797857d2bbde7f320f40a423d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ec54b32bfe4819784beed20ab6cf6712

SHA1
f03830cbc7377aaa3b6097bd4336cb1d8dd8a72f

SHA256
6b0e300c3fa3e7a5edcbebf36a42e008112d11d961649bc3688c8ca58daf409f

SHA512
57979ae394658fa494cde13cb032a782e8a022acb6dddce607cf11bcdbe8b4689a815ebd6dac66ce5466874b7e2cb71a5b711f26d7e385b654b0f11f8959b0e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8e87377c85ae33de1d48cf67147463c2

SHA1
4546eded864bec0d4a51a3e0f0d0f0e8482c89af

SHA256
8d8feaba8406397532d06de4d065fe84f21672de0fea68a2437539a427274071

SHA512
f8bcf0f3f9024bc348e9b683a5ffd6fba9dd5ca47a3030b190d5050d120cc8d411bed6d881a1300203e30d7814f6f3ae65babad7522e0b7a84b106b0023b10e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4c8a2ec99f292adb543a717176430c8b

SHA1
f331f0b4093b33fe13a56701ad2d2b3d2d92c28d

SHA256
2d1663792d6c63d8f957edf213846e603f26e38d18424262f48bfc8376577810

SHA512
7d9fc54057a80d74925861d655ef24690d6ca60eb9943ac6c8e3518bf3511b7f3d96895f8fe627f774c8005a8a4cbd8bfbe1b9f585171544ac39ad921dbf422d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8910c7ba9e01f583756ba4418af05175

SHA1
dfc09eaa4abdf8382378636e31df30a7a7541dc0

SHA256
3bda38ffc8d839f3b89b4da6cebb2057c384f4aa227f9186172a206f18fb037a

SHA512
31ddd8043e0a9b73f91587129d06f9cbc25aae31f9d58e10af6b948c6122d5171bc4e4822efb51b8ecf52b9e6b052673a97b0602642a299a5676709bddc3a37e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
77407dc702066c0b6d9735cce5959c7e

SHA1
e128169a15ef250ccd2c9161598e1e2aa39ea55f

SHA256
4c4c3bcd50cbd555864a8e2af0e81434d8d32ae238e0f818e9ce3017e3bc5008

SHA512
0ebdb0609ef396ed796bd386d2d43590b141e4d200df848daee7a13f59e84cdc1433e720d81c56ca2b368886f87c4132ca50f1441c4168304190c55b93923f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
12a67feb6987a715ba962a6389afe60f

SHA1
88d1c61e534b090358c306feae2c2041c234db84

SHA256
5c3fb051e8c9604d8fde64f5a2be7d7b5c80d46d2705933bf4ab8706b96537fa

SHA512
d550ee7df73104aa30dad3cd731fcc6f00c1aefb7564998598261f2ae0371657c05287743b5073b9e5c8e1910779564e1cffda6b9ce5528430fbc5a6e1d9c42e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1dd6f1186d5c8cc9d20c87e61f1c905f

SHA1
117c4f17247722dbab6c0a30852cb1c3d6dc2314

SHA256
3450a38047f670a96955de99233142d2875c1983a03f13141e585760cd2f4d55

SHA512
30557c0a5153491eb7692761b9a424a578b257a9ab7f67e60a2e46e5df3608395ce47a5e9315788912793c731df2154dcb70dbc1d2e0900c6e2dec5138475b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bc1c026e6d6a0183ff5c63fd544376c7

SHA1
4f392d56e70236eb15ef3171f3007e4c76ba88d3

SHA256
44d3bfe175fff0d3017a959afc05e797d7cba061c5ba07184faed006a0327760

SHA512
4aee82392d9f38197cb78b713c2d61cbcae549bc717e59858a38a8bdfed7921983cb428119e80606e5dce0c4b2b3413945740278f228e99355cb62d557f38a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
7c065a21b37e8e084e7700c118c189c5

SHA1
fbae38704140f04c08d33ef6d8bf009607a1d318

SHA256
2f1ad5cfb3f551bb0a3e52e259626ec0d9f920c88e97cfbd6a795b9fff71ad03

SHA512
80f7bdaf317905083a2b8a5b6766cc532698ab12204a8d68766edd061944ccdbf44bfcfce968ebc94fd88c7bee97918dd24b6470494c93b345d9962d01dd35f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
f816e007c2a433d4d58ec2bee1685563

SHA1
1667462dc75c29700b73b015f28b04e981053865

SHA256
9e784104687f210577af0f431271ce6dce58a3afd135feaa4f7d659a69fbda93

SHA512
be4f473eaaf8fb47cbbcffe0e0cbe70538116f23ee7f1036986dfe772589a0f745b8187cc8cabe5301ccd59090be2ce405e4efdf2563168986a21c98b201744e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
e771fb070b0bb200df837cfad0f1ed8a

SHA1
8fd11ea1ef84289d0890c0a2594c3391346c247c

SHA256
19187f339ae1ec6e59f9f537c7bdfe51878846c8761e6b2d1f83b5e9ba05a3f7

SHA512
68bc662c92710327c153ab36486f7efc52806252021c79c15b7471b444d66a46ef3e73fe3a4eb5247d52b6c46f9d9b4db758f24c2319b66c504f7abee8161eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
691cfa640a1b3036b5159622b206b76e

SHA1
0c1806104015f2f48eaf3036a574494bb1c26c38

SHA256
2eb6725c38453d10d72836ebe3d51fbb490b0063b677bd4a0e08e67fe4581bab

SHA512
21b632703425f311866c736f894d80e1df4191d46e08a0fb88cc7edb2cfd67793c28998dec3e71aeb8d9abb10f1bdd7bf99b4aa2de97b2948b78c2c47ab4966b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
b9adaa8c2a59aa0c291e9d54091c90f7

SHA1
24e328018ae5534d79a9272b7e706c68ed4401cd

SHA256
b8ab1dc66bd4a35c5781c849bddc28d8b9da21d2e01fd32b0f3cf1d37ba0bf57

SHA512
41a8fa6c610d6511ea1c8c171cd726d2783d38b47e9263fbfec66f8764a6798a4ee2580dc5dfed63b9f5ccf3b8f3ccae34af999c754f71d1db556ce13bdfa021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
fa9ecba11a15baab2f115326db87080a

SHA1
ebee9bbf732ecc0019cd2939e976a1b9cba779b7

SHA256
d3e6779803f5dcf020dd093d3812626bef7ab876661dd9f877efeb2f57c9abda

SHA512
bcedd0142e058b599da32cbaed2eb6ed270742e5daf2706681e4e9a79773a8216dbfc92cb830446d15a00a14087039f5ba02be5bc51e3ead6714349671209174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
a9a8b37ec26cd2f3d59e9dece34c1e55

SHA1
4d5478108ffdc4718a638d643455523af156eced

SHA256
631d9c1938d556694fff5bbd5fa4ca36e76b710dec9aabe1d9a257a53e1ceb2e

SHA512
cc494bfad49b432bdf5dc0263566ab91049baede32004c2f5ff1595e116c00510d5ca811cd19a85527de2c1bcf085900e6b72d2ecb0830239ed8ea579433d215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
c0c49f44c9a7687b3249c76c2e35d45b

SHA1
677879bd121442644493349993e9813ecce9e52b

SHA256
acf77f2d16b38e9c6d7efbd27c028a00a8ee12773d636c5570ab975e636d76ed

SHA512
06363861662dc7898d5e572e875de1158751ce0006072fa1e6f8ae98d7806c6c9540741942de29e0e92da0555bfa03fad5469947b1d92aa555b3bca0e1b1010a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
ea783b5bd85a4ea23c594fdd4613541d

SHA1
9f7ef1ef5e269171217330c552c59254c9390ca6

SHA256
4bf86330619f04d5fd87e65d99f17a64bab67f47000ec4b3298a2df85d05f211

SHA512
1e203372ba9eb9465131d0724e67c55304fe3e3c5edcc14c3e4f930d788f922130d200d3a486a042312096962a6073e34dc074d82f87113e954fdb79dd44d311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5f1a47.TMP

Filesize
94KB

MD5
277640f3cbe2ddf26b9ae76baa2f52a5

SHA1
a3edb4b3ac653e06f41fa4d8662787362110e680

SHA256
791cfaa53e52afc9778200020604f985d266779f9c6703a4228ac15cae58878d

SHA512
890d7671cb366bf753ecf5e3a4f16c9289f7db309b34f82daec424d2a538752383b16bfdf5e77f6d09f08bd4c75ae5b0a128a2a6bbb8ab63a1ca3c5821353852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f8da8d05-26a6-44f5-9aac-609d765a6eae.tmp

Filesize
113KB

MD5
370fc7316ff7699ed7558a340c50cd81

SHA1
0cd8754e1329c062b8d1c0a698392da0d9e59c82

SHA256
dce92c507ccafe419a42d5cf16bddf56bbb47267643b05fc43ff189cd16e079c

SHA512
64982546c94850dae13818b2a201b7c5edbe00803b99ca5046650e9d9604cd4322f0a81bfc1dff1e84cd9ab3cb2da052daddab1474b9aaf6b1d6fedba96da30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp

Filesize
146KB

MD5
cc564ccf6e02fe7cc6292ec1bc3bd784

SHA1
8e83fd9bf78033fb1e4e7330ece8e04433e2ce41

SHA256
8fdddf21fac71fee33d7b6ed5310a1de8c4bc31ee24a19bf0045e73ceca7f043

SHA512
abad4d003a3cf1ba4749b99af72db79d733fc7582d20f787ffa1f727550987868c9b2e8e9b73ffd42bc19a6694993a6ae849bbe9d9216a13cddcf2aaeb4a7f5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe

Filesize
147.0MB

MD5
fa8ae7b23168823f3095955750048926

SHA1
aa098ec16aad816035fcdba9eeaf2ae00669fdaa

SHA256
9e6d6e2235b5ed5c3fe662a9667bfd0f121ad77011d89746a57d71df14743bf5

SHA512
30f50699597fce58a212f8af922bb2cdfcccb324e9925300649f69df84e3507e12403710cf5747ea3d10f5f2bc21741ca1df2c8edc02717bde22ccdc4fa214b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe

Filesize
147.0MB

MD5
fa8ae7b23168823f3095955750048926

SHA1
aa098ec16aad816035fcdba9eeaf2ae00669fdaa

SHA256
9e6d6e2235b5ed5c3fe662a9667bfd0f121ad77011d89746a57d71df14743bf5

SHA512
30f50699597fce58a212f8af922bb2cdfcccb324e9925300649f69df84e3507e12403710cf5747ea3d10f5f2bc21741ca1df2c8edc02717bde22ccdc4fa214b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe

Filesize
147.0MB

MD5
fa8ae7b23168823f3095955750048926

SHA1
aa098ec16aad816035fcdba9eeaf2ae00669fdaa

SHA256
9e6d6e2235b5ed5c3fe662a9667bfd0f121ad77011d89746a57d71df14743bf5

SHA512
30f50699597fce58a212f8af922bb2cdfcccb324e9925300649f69df84e3507e12403710cf5747ea3d10f5f2bc21741ca1df2c8edc02717bde22ccdc4fa214b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe

Filesize
147.0MB

MD5
fa8ae7b23168823f3095955750048926

SHA1
aa098ec16aad816035fcdba9eeaf2ae00669fdaa

SHA256
9e6d6e2235b5ed5c3fe662a9667bfd0f121ad77011d89746a57d71df14743bf5

SHA512
30f50699597fce58a212f8af922bb2cdfcccb324e9925300649f69df84e3507e12403710cf5747ea3d10f5f2bc21741ca1df2c8edc02717bde22ccdc4fa214b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\TrafficerMC.exe

Filesize
147.0MB

MD5
fa8ae7b23168823f3095955750048926

SHA1
aa098ec16aad816035fcdba9eeaf2ae00669fdaa

SHA256
9e6d6e2235b5ed5c3fe662a9667bfd0f121ad77011d89746a57d71df14743bf5

SHA512
30f50699597fce58a212f8af922bb2cdfcccb324e9925300649f69df84e3507e12403710cf5747ea3d10f5f2bc21741ca1df2c8edc02717bde22ccdc4fa214b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\chrome_100_percent.pak

Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\chrome_100_percent.pak

Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\chrome_200_percent.pak

Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\ffmpeg.dll

Filesize
2.6MB

MD5
ea54041a503389e9c10ec8675059312f

SHA1
6d72b3a06770adecee75fb104f6eeb988fb88eb5

SHA256
b9aa9053fc3fabdd551fe1f6ef4ed43d43cd2aee3a856f3d0aa13cb4c26f7981

SHA512
82a7df79ef36be311e7e05e3bdb5baf362783cc3b5e2ae329bdce319e3303f924374d87cc1e02ed3c5b53d601c31eac05285d5ad60c2dff99d65e58e2cffe5b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\icudtl.dat

Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\libegl.dll

Filesize
464KB

MD5
1bd48998a9902047dfc55d7be8c6123d

SHA1
77fef4039d9cd82a6ff63c0ee01cb643e3043646

SHA256
1a286469a1e4cbcb580b3e2717ffde66d0e775f9bc50fb61051e6d2a846707b7

SHA512
5787035dc2b28a11310e6fbc6287c436ef00ffdc0dca24a7c0b65801799e8d6b8f3462141cc07f0e186ed82309e6470b99138bcbc04ef7e1817b2e67d6923a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\libglesv2.dll

Filesize
7.0MB

MD5
4f12a8ca2ae3105a3c3a020a1af1fe15

SHA1
4abd4b53b85c92ffbdab16aed0fca67e301f35c0

SHA256
96d676319d2a2add410202b6273ce2e10f04277610cfb13e71d731af388ffc22

SHA512
791a5d3772b0a8f791beef5dda217084363598880c64b465a620e55a22ded0cb5bda315cfafa154550787d2ed4ae216841e3f14b954bf1b3e024b942277c91ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\locales\es.pak

Filesize
367KB

MD5
c8086dc25cf0a3c978b2c3b37edf8d67

SHA1
7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a

SHA256
11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b

SHA512
230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\resources.pak

Filesize
5.2MB

MD5
075012b3ed1aa28463e93bb34ae65bdc

SHA1
5f60eab16aabce3c9ee8865aa2a3cf99dfb2e500

SHA256
72e32776d916fe7b7952ac94e58bd94555a8a8b4542c76ac163372a80be9aa2a

SHA512
dac8ee0d0842ab5ed153fff615f8708da2747d2381358d58454ab2151e5f9d1474023baea133487ab736211c591e2fe9c3c312df8aa5952ee7b3e2f71794456c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\resources\app.asar

Filesize
129.7MB

MD5
4ffb629d00ffc1dfbddac0326f522fd3

SHA1
9cd8e9598d2736aed613c23e2a4a1f6da7c9fca5

SHA256
68e383d9682415458155f321c056bb355a236e61e51ac2755c9efc88b6b6860f

SHA512
d262531ad06733f781c8b736a63c079accd366a58e6d9dd70b9415a0b0fe80b26d7712278f61dfe3acee06cf4487b45b46780650606d2fc82f0c25e21ad3c728

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\v8_context_snapshot.bin

Filesize
710KB

MD5
4d582d568efb15b489a15be358d9a68f

SHA1
295393f0707d04ed60ebda8ea7c0297c411c7f33

SHA256
ea2ea0f97ac908fd127a423f505241ebf4acea0ba5d02635cae40f7cd9c2f464

SHA512
ed8a6af3d51904020abc8e8f3e734ccbf1663d8bd3c0f526e1d69ebfdf47b6061fcf3660b70239ba755f1273f6c608054d6dccd3721a4bcd81e7e9f3a3c7daf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\vk_swiftshader.dll

Filesize
4.8MB

MD5
8b8ea5d86bcc9c2171be4044d9382418

SHA1
5320359d0a0d7d61d46ea9a349bb2f7040befa22

SHA256
bc393473160de65726f1261ea0f70abfc8398a5b5f85519a9747099aef46fda6

SHA512
02e94d0ad8ebc6a29c76f63a61ea072070d001d7e1f9b216cb7cb18850c324c3be70def4ab4aefe327cbfd70d3a2c8b8142e747d316d11fd866e7a1c62f4f0c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\vulkan-1.dll

Filesize
858KB

MD5
c738e6dab0abe04d828ae02d6e0ba235

SHA1
08ceb9995b7a5ee455e6ff25b4e158416a8a1ddb

SHA256
ce993468d9f3cff7a0e6d649a37e46553df3811c16acce9b59c6b5964e84bbc8

SHA512
6769c590c83ed02be3c0ed0e2c7148b18e6af19e33ec23b96f8452d96b8adccf2aa32911764005c523fcfb0891f16183b0c7cbd81dc5f2a48d874bd36a28fc87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\LICENSES.chromium.html

Filesize
6.3MB

MD5
6e638956244aaded2c92b77f9d421a81

SHA1
f5269556b6fe04cfca5a1da21af718641708a666

SHA256
652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e

SHA512
f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\TrafficerMC.exe

Filesize
147.0MB

MD5
fa8ae7b23168823f3095955750048926

SHA1
aa098ec16aad816035fcdba9eeaf2ae00669fdaa

SHA256
9e6d6e2235b5ed5c3fe662a9667bfd0f121ad77011d89746a57d71df14743bf5

SHA512
30f50699597fce58a212f8af922bb2cdfcccb324e9925300649f69df84e3507e12403710cf5747ea3d10f5f2bc21741ca1df2c8edc02717bde22ccdc4fa214b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
ea54041a503389e9c10ec8675059312f

SHA1
6d72b3a06770adecee75fb104f6eeb988fb88eb5

SHA256
b9aa9053fc3fabdd551fe1f6ef4ed43d43cd2aee3a856f3d0aa13cb4c26f7981

SHA512
82a7df79ef36be311e7e05e3bdb5baf362783cc3b5e2ae329bdce319e3303f924374d87cc1e02ed3c5b53d601c31eac05285d5ad60c2dff99d65e58e2cffe5b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\libEGL.dll

Filesize
464KB

MD5
1bd48998a9902047dfc55d7be8c6123d

SHA1
77fef4039d9cd82a6ff63c0ee01cb643e3043646

SHA256
1a286469a1e4cbcb580b3e2717ffde66d0e775f9bc50fb61051e6d2a846707b7

SHA512
5787035dc2b28a11310e6fbc6287c436ef00ffdc0dca24a7c0b65801799e8d6b8f3462141cc07f0e186ed82309e6470b99138bcbc04ef7e1817b2e67d6923a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\libGLESv2.dll

Filesize
7.0MB

MD5
4f12a8ca2ae3105a3c3a020a1af1fe15

SHA1
4abd4b53b85c92ffbdab16aed0fca67e301f35c0

SHA256
96d676319d2a2add410202b6273ce2e10f04277610cfb13e71d731af388ffc22

SHA512
791a5d3772b0a8f791beef5dda217084363598880c64b465a620e55a22ded0cb5bda315cfafa154550787d2ed4ae216841e3f14b954bf1b3e024b942277c91ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\af.pak

Filesize
327KB

MD5
c9312ff081e600e5fb4483b46ddd7c23

SHA1
1ff05a6a06cc73caf2d7545a3821d90c228ac0af

SHA256
b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8

SHA512
20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\am.pak

Filesize
531KB

MD5
e8bac983607c5432f789afdacdda42ac

SHA1
95c26f47f7102be338263fd7f7e365632651f22e

SHA256
ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7

SHA512
5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ar.pak

Filesize
574KB

MD5
d1d99f4f2045531edc47d37a367402bd

SHA1
825385e524ece779c641a4ce2a57d14ff126d509

SHA256
bfa2a3c3ebb3c6afbca42cb70b4da8f997068d511cf40ee8a952a893b8f9d7cd

SHA512
4255b02c19ed373d711068a2d4639d462372071cc2aadb6afce459d9fe19bda21ffcbf1604e4937617cd5fee996f9b3786be1c2bed4dc4919d849c7a988a6ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\bg.pak

Filesize
608KB

MD5
96372403a9ded96f3a699262029a4580

SHA1
07069b20fe303f6eef1fb6c8c0a19266a0c705c9

SHA256
6c10b64d31e0dc2c4befc6703ac17343ca473b4350cfb3c6e01833f505b69590

SHA512
0df60fe13818f0c3c6838e77686c5de9fa03b97cbf0943f7a2a4ae2f3a0890d3d64b3a7652d8c81c23de876ac92e4c6b71d584fb106c3520c96ef76ba30250fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\bn.pak

Filesize
780KB

MD5
cb203032925be270222dc2c20fe771e2

SHA1
2f2f20bbbd07ee01cc996247bd9c2f40037dff80

SHA256
297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef

SHA512
052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ca.pak

Filesize
371KB

MD5
de21c7d001b771d4d59e2acfdd67dd44

SHA1
ef5870e9cf34416edbec6aa76a6feb77b70b9acf

SHA256
78bbee9bf6c95d239418037fd4660d081ebc0f369e727e613b6b652e380e6dd0

SHA512
3276a84a4b4d90b47789a7ce6a3ae34afec187145a438fbdb7f398152b182e97ba10acda4941456ea2387c03c101bc2b1716a8950897ea3be180b3d8c073902e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\cs.pak

Filesize
377KB

MD5
3e2c49143f4718ddd9c1c74f8599fac2

SHA1
7cce45de66a3895c3493b998fef7bedf045b29e2

SHA256
08e40f5efc616cdc0588fb4b1a706d997c69d17ddaf97eb91a4aabafaa11cee6

SHA512
a849ca0d09e0d4c025d9de6c8008c13e13581961c321f53a552deeaa210db891914386fd51673615aec8b5d8d68a921a968db5d0fe447963892ceb0948861e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\da.pak

Filesize
342KB

MD5
f3a47e259c59de0aabef03e6b5a263ca

SHA1
c45bd961c8bb84331d652f4399675b365f5dfe23

SHA256
13c9583127d9d723801c946039e60f72dbbde898dd23fb9f675b9e299d0ce72a

SHA512
4249456e572403249580905f1b4b4471b6a8d84c6c71201c42adc862d4e0d33f957ae1057109e900a10a029a8dfc45257b0e0e283ad9eca21a30498a0795eff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\de.pak

Filesize
367KB

MD5
cfc9d90273c31ccf66d81739aa76306a

SHA1
ecab570041654b147b3dd118829e2f7ae668f840

SHA256
8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a

SHA512
c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\el.pak

Filesize
664KB

MD5
8f5a15560710db2af852512b7298b93e

SHA1
30a13ebef10108effbad8c24b680228660658415

SHA256
bc07e403272a4d65305fe24a827404d7b931d01cda547f8c07a840d19e591430

SHA512
e3cedc0eaa82b10a68a40aca8ec1379a6bb924766e1c5abd97e39c621dcbc195d6c1ff80921c2320f0f1c87d160bc2a6258108399876339e5104f98d90a861de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\en-GB.pak

Filesize
299KB

MD5
05ac84aa6987eb1f55021b6fba56d364

SHA1
58cb66bba3af0c6cc742488ccc342d33fc118660

SHA256
e1e357c853eed83fb6c4133f8f4df377a8eda4fe6f0e55395f21c5ab6e38faa8

SHA512
c615e1eb01412c5e2c0402242d442a6cf08965318d1c0d261ca5bc6df9acba5efa2c87ade20e1e4740d2239ea56d1ce4d3fc7a4c3eabe81b876ecb364b3e91b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\en-US.pak

Filesize
302KB

MD5
3fef69b20e6f9599e9c2369398e571c0

SHA1
92be2b65b62938e6426ab333c82d70d337666784

SHA256
a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

SHA512
3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\es-419.pak

Filesize
366KB

MD5
13c6d0a268545541f325375d431b41ae

SHA1
5f5c41348f00c5e5539d261c2b76ae6e3ec7af83

SHA256
943fa8774ade38d57349a5d27869097a782bc06bd34c40864a85ba829457d127

SHA512
09cbb2b21304ca8afa8b760b738adb5422e83550085f1aed8e8590eeef04a2b0e131e1ead6723c3e85383630c483d7720e55f71305ff4821d7822fe6d7aa4252

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\es.pak

Filesize
367KB

MD5
c8086dc25cf0a3c978b2c3b37edf8d67

SHA1
7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a

SHA256
11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b

SHA512
230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\et.pak

Filesize
330KB

MD5
054865950b3b9e8312a7f9490268eaca

SHA1
28b0176112eddb7af58386b4f8aed4a49b9a2661

SHA256
3599e7138a24a31839da877cc9718b9c0c9522437ea93a6222a119080f108d14

SHA512
bfc72f19ad1a52c0da82409accb33a27b2844ed29010207268c7d695ad7562a8867a87b70ac50142909b50b81a5c84d6f6a43968353ae7a72bc042aea8cbb59f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\fa.pak

Filesize
535KB

MD5
c27431f2de37b9643b83e383f7eae5a8

SHA1
16d068d9738e1aa9b94658299a4eac3972520864

SHA256
bb28ad47e95aefaa2d8d7b6a7f449f9707cfadbcd4c21bad8bd8a6578108d2cd

SHA512
4ccc46dc7756ea0e60e6d278bcac1262a54ba03742fd0eb4d9f1f962486394fa56491844871dacb4cb0501c6f594334d3f23f3db82bfdfa1f938e1ae609d6600

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\fi.pak

Filesize
338KB

MD5
aac0554a39bb1ae91e2ed4246e04c30e

SHA1
031785024765eda1534fd9504eccbe1b471ae618

SHA256
df8cefa4831fc2fdf817dd6d49a6373edee4f51f23cf990c690e72ce348f69bb

SHA512
a6afc9464047c75157dcb8ece086c1c5bf4dccb48d33da24e35c43110f300cfea503c4cca093f3d4bcc7a0fdcb306138da5be288ef646881b625751e40d93689

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\fil.pak

Filesize
379KB

MD5
f989a7215cac1e3fb4759e5fba9aef67

SHA1
5ecf35f160e1f8242b3bca163673e24cf6d77403

SHA256
448bc8eae353c188ffaa4c2466956598ad807f0f0aae7f12e1bc59584e1aac2d

SHA512
b872beb5b1c2702f4eae616f633318b4575f573c06a3f1f0f1e1ab83585a52caf2f3c788c0c3a0d499c381fb7f06a3ea355b8686ded2ed1e392662f2746db01f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\fr.pak

Filesize
395KB

MD5
13968778147dad5af68fdb7464ca517c

SHA1
42abb9873c472a82d400e6896e90731b7cae06b5

SHA256
7af39af49846fba6d6b8ee18b2a212f1323ebc1cff1af0053194d01d8d5433f6

SHA512
c1f54ccf4f82e158173d9db8464adca64a88f8ddee23afbb51d80535b4f25f138dac16a337504ca3ff8c3dbe9aff05ecc2aaa40afe8d77bbbd4f141b07e39100

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\gu.pak

Filesize
755KB

MD5
7b476c423ce29e61b0b21d7b6a2a56b2

SHA1
5558dcec5b2580345b0797f1f2ea41952417335a

SHA256
047da4dfadcfc6bec8f4dc7d250b1757caf31a23bcfa2ea3e1f3b1cdbe9a3995

SHA512
a494ab32e45cf74e2b7e0424b4e3740470c5c6cfac8f6cc980a681eb8c21cab76255391b6884134593dc7b1029ffd861f74b47130533232881c137c41ef92cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\he.pak

Filesize
468KB

MD5
f4dad4f97b5f75d6d7219d43f630c2b9

SHA1
ed8c790b3b5e3faf683aa978895f266eea5b823e

SHA256
6649a844f222cfcec01e75d3de3cb3658f1347ea3851d31b8124597b87e7b57d

SHA512
f00e7e38ec0da1c110b4142dd13b3cae8b912c16518eeb4cfd7f19a0cef2c6601ec1e4959597066703b12b7dffb44fd918c7170231c2b42e40b0d90241b85133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\hi.pak

Filesize
787KB

MD5
1185163466551aacae45329c93e92a91

SHA1
0dcbfed274934991966ce666d6d941cfe8366323

SHA256
eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5

SHA512
6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\hr.pak

Filesize
365KB

MD5
04fdc1dac2cae614b0f566310dc83bd0

SHA1
74e460e19a5e9c8b6181fa37cb9085f93bbc6233

SHA256
bada5828fc0d80c842d1409b54e8da516ae737ca30d86658b3fad5c8ace4722e

SHA512
a07bebd16f00b0b46059a7b80454664757687a59903bc36cb837cfb55e69bf7f683157372f74ff8355ad50c3b747c9674ee942aac95a9804c39acb3841721d24

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\hu.pak

Filesize
395KB

MD5
410d8966721ff8817eb3a57f95a4b885

SHA1
f0fbe70c772bd635b0c4a927420e15b96dae05a5

SHA256
688312f38488c7256370b1517b84963a3ff886b31692cc504fe169db241a43f0

SHA512
d0aa167ee919589ff3b80640e8db4c6d11f9159e4a246082f0a564482789011c260f124b9a7102649d998c6a89cbff58cffab5a40e33769b990e64d6cc703378

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\id.pak

Filesize
324KB

MD5
0e82cf23475ab7328741670f4dfa3093

SHA1
fd854e31f4ab212d0b3bca676420d5600d8daa83

SHA256
21368245d99265e760b1b57a3169feb72e6b5099c3f1855155d147b2f788eda4

SHA512
52d694afeb3e7272740192e6b4cab9acab460ae6e66912f090b049a1f431a5c17a4c3d037fc9c450b8a224ed793605e234b4d649a95289770997acd43b5dbb32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\it.pak

Filesize
360KB

MD5
9fbb2f5d9c70d9e46368538853929f75

SHA1
45daceb422478c5a7b7b61f5ee68cc08a19f2ac3

SHA256
13dd077e5e8c8b04ac0854e4466ee074df67c74cd29cc48a0c2c9f96f768fad5

SHA512
77d8607ba52190258ed2e7c6e43a44bad1669294a441cc6ee9d91fa28c26c6675225e41cc309200aee01fecc1a0d369a8e4458c0095c297ed237bba50798c4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ja.pak

Filesize
440KB

MD5
67a379c826f0eb60750bfba0b8e10468

SHA1
62662d8efd773b18c99169752996b11f30a64ca3

SHA256
2c5457b0fa6fe41b7b524aa726dae4dd69e7072864f73f211c731810d00b9323

SHA512
38c44dd6c83362cd118543b7619811c671283618a3081f07a015f8110388d71b7767eb0a7a49c37c8e2e9e900dae6aa7f8560e5494afe6b29e01ede402e4944e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\kn.pak

Filesize
872KB

MD5
8a3427385226ab72e8421d84225f7adf

SHA1
701a85bc6bca0ed33dbe1aa3a617ce26576c7421

SHA256
c315e791770cea204c7e49ef5b68fa46fe42864a33e77fa5a1d42f87ba85124f

SHA512
310719fb102c1f892d354f1478bba06e856bd45da08416be970a0a76e44c7d81aaa9ddd878234b2348b625e0d18cfe7c966379115f35d51f4ee78a986c1243b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ko.pak

Filesize
369KB

MD5
3340fd0a5e8f97f122e1d6e9a2052ca6

SHA1
9c8504b78633b6d6e445723b351a08392916c7d0

SHA256
3ee7d79af9ec226bebfdd9d79907f1bc97d528d2009dbd0db23d74ad655e0256

SHA512
07eb8dab24ea8545cdaf38e35bc23a71a33bf87a1c0ac78ac564c103c6ae53357de2d4fd635b22995cefdc9d8e8241c66d78dd44d68a9f2f251be77c0afa7704

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\lt.pak

Filesize
395KB

MD5
c037c0d80be2c913c20e3fe96d9cdaff

SHA1
8dfd2a42fb2e0041d6ac9b90c78b3cad0283c757

SHA256
e7c133a8dc438870f97112587f5f223f5fcae4f1510874b95b72cc281fa150fd

SHA512
0a90dd7d39759e1e63205a827ed6611dc6e54b37c668795123de7f35c446ee41174675a0d813974dba7353c0a1cc4320049d4fd1368cdfccb9cf9afa47fcb4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\lv.pak

Filesize
393KB

MD5
b14f9d61e064903bc73d18e40846e1ac

SHA1
5a3da27335194707ffeb07add46662df1fefd76f

SHA256
6e99a3ef823a651f5187c5c549a6885002a2f8523c014f989ec6d53d87e7aac7

SHA512
dab97f5d75d5f60c82969ac01dfc1ffffc0ec5fbe2063c6df0535130ea1432363be1475a440b6075440f68217cd6840a63bcfea0409586d755ff8e57c029baf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ml.pak

Filesize
915KB

MD5
fc33673850c17a865cae7695fd3eb5b5

SHA1
72f3241ea35554c881e1849ba53b8f64b04502c1

SHA256
6295eb0b0d05d26b3fdaa19ad390ba30f267b7af7a60a214db558dcdbdb436c4

SHA512
6845293c0cd4ee1aa94972da1d58fd7085da5dd664d4031005200ae38fc4ab20f2c5cf44fe07ff80e003ef072f7f1cb23a452d6ce47124aa1efb3d26ae86b279

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\mr.pak

Filesize
743KB

MD5
d1f1c482775f60a868ca094108e3ac3c

SHA1
ba4396e5b585735e8505263ed42884876bdb564f

SHA256
f63460da44e2f71c237b2555eda621c8c211c13ae68927c27ad121f03daa0599

SHA512
2686c406b29750ee39b83247e4a4e6a0ce3325c1284ea11fc986696b43c672eeb0c5259c4834e4419c131941b9d1d35e53b05606168c766d27a614f49e223dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ms.pak

Filesize
339KB

MD5
52c793391de0e946616d31f7d5b90761

SHA1
50e014d9715df658221edea402609d7b09c9fb10

SHA256
ad044cb5cc56f8cba19ea3319081c194661f072d6b1193509e3690769bbfc2d3

SHA512
d5db7fb23779bf1b258f949ce6af5115adf3bd93760041ef70f1e2f599ef3be6a7a1ec871b18858a1eaca906b98b0a04348a427d5ecd26bc99d8e6d986843478

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\nb.pak

Filesize
332KB

MD5
f15c568a9ed8b2ca497571453ce6bce2

SHA1
957ffec56ce14f33fa75f493936552751e966d16

SHA256
18512064afcc3fb5a0e1f36400e592ff34e8c6c9a7ed0bbe3432255c4759ad8c

SHA512
3bd27f9612b39836e5e7654e6f07c2fd5a31f2c338db36daa51e2c1462986cf4b651d555245ee2e97acd044e44a5beffb8cc9d56c1af11f52fedf9f7fbf7da97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\nl.pak

Filesize
344KB

MD5
ae7b592c5885481f7bd8c382cf90bfa5

SHA1
fccf9ecbc0e9f3259e805a243928d80e8f3fa672

SHA256
bdb8fb52d8032a8f9cf5336698ca715b4beb4d567bf3657e12a47c36020ae256

SHA512
95dba1b426e4c396c4c4730d8cfc3f2fd1430864fae753423799142516c1d424c8534963676a6fad4061887754cc2b24fcbd0327f67de67b39420b96019e11f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\pl.pak

Filesize
381KB

MD5
cd2d3406f70bbc5ed427295da14cd92d

SHA1
cb9828b0ecf5db97cadb259b746590f03ed7c013

SHA256
65b6dd63aaba1692f36774413d372f6c6c66088d7ec4009a2dbee1648ca133f1

SHA512
bb18f667991900854d8e021e38b799828117f56c90d4d90bac1675a1786e5d1fa33186850e35f75de433f4c5717ac19cd81a424a692aca8d311d98d748e6e568

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\pt-BR.pak

Filesize
360KB

MD5
e4b1fb0229dc7a913012cb5313123c3c

SHA1
6c137b91712593040c6e02bedb82d90d85cc2b84

SHA256
7b171f2a6d46295147a8d10e475048bac4346c6a5162b32a0336334baccad520

SHA512
7224d310713d94f56aafbdb80a4a7ddab5e19dd18a7880f93770b86204e323072aa8e879d2f7e1fea25a6506836e8ca9ed73068e76f4ff9b74c0ecfb807c37cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\pt-PT.pak

Filesize
363KB

MD5
1df331064ff162d97dd13a78372487b3

SHA1
8c98bf3d6964f667df6bbc326c8bcb95ac264441

SHA256
f374bd5c54596aacbc35f47bdd4c9ab4045bebdfa479ae386fd2fdd2d0041216

SHA512
0dc4913b56900940d17c0780dccfff344b2b7f918b8c00dd1beb3fe020b7f61bb646ac636c152ef0bcb20a3ee9c4ee9a1ed6e01c9b7efa414022e4da3df5f160

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ro.pak

Filesize
372KB

MD5
efd3112d1eac487bb3dd2839385eed39

SHA1
d7a45ffdc10d24425c8b1590ef1239de34737a2b

SHA256
c50f824e63806e5782b693f7d474c48684b9e5174e93463a9bc2876c94990879

SHA512
f604f37f59c17e7a231ecc55121620138ba3c458f532889cd4b70a6046f0aa3ca0d53e0f342977d5ae0c1edf23706806ed429f72442ff90603b896125243e406

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ru.pak

Filesize
606KB

MD5
ac07a58897f578635b29c5d7bddaad5d

SHA1
d506deb804112aa690c60995613cd9e49496dce8

SHA256
44f0cbb2d5414b6dfca6abb40a435200670e2a71607b158fcbaba67fd6b3ba08

SHA512
ecfa1cd37782e76a5685a385222b87884dd29ef63059f389ce8efce7e814ba50ef8ae03c7bd7b18bd7a8502f29ff6f1fa168ce6395baff2b59cbd434ff400cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\sk.pak

Filesize
383KB

MD5
989d000fbe286c0fd4bfb35305b52f48

SHA1
5a30a2cc1abe9977b1ffc4c4712452e6d55bc7df

SHA256
dbd82a2a08f8e9ba9581b2672bc49e0fa5c89f073b58f152225f9e2815228ddf

SHA512
ed57c66237d5226d4d5cb63e98248c0df9d381ef86b6d4ef339523f430c54aab14f84121e05e9fedaf273323ec04b8a539c0aeb791245858890126de2ce38283

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\sl.pak

Filesize
369KB

MD5
234e628a62f822bd7b3546b91e79cab2

SHA1
10f48382495bdbfa3b30c15b91768817df13d828

SHA256
d0415bfa061b36a6eb93fa2c78563448da8b63c91e0523086c7eb2714933ab99

SHA512
51234fc3fb5199a3a86dcb7ca68d3c471f1b97897b1a9f90139cfff9846a6c6fd039a0c817e7611e0e59637746cc51045f6ce493cd6f2d4e144fec1c6a561456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\sr.pak

Filesize
572KB

MD5
aa4e2e54b648f66794f485318651b730

SHA1
18c1d5badcc5c05dfcf9e68df66f53c69e33e0ab

SHA256
d459c1a781ddc344de76558211983dd07d47e3ca6cacffb518043bd78dc48fbe

SHA512
cda7b189f48f28463d045174f3641f16737288b159adcf41da0c131a05a396a40e562b2f0aa10b08d323290f19d864755f238b074a698efa3c573d2b5512948d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\sv.pak

Filesize
334KB

MD5
c5437bb175fed93e85c5e7caf76ff352

SHA1
0d74f7df049ea73a47fe93b75c98e356b9bdd4b7

SHA256
3f0acf6f6319636c3e72cdc392b7b80ab0cfd8ae1a5a8e319624e4b46bcd3c42

SHA512
00af14e7d89a12f4f39fb45a3f9c136e20c06752f98fdedbad426ac9a5b820260a329059659cd82fd089ab1d94c1f51ab4202fb6b142b27538d0139e67877239

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\sw.pak

Filesize
351KB

MD5
e37fc1c3dce484bd0ce496f548f14a43

SHA1
02b088a11363b0a4c0527053669af32737f1403b

SHA256
dea6947693fceb6457801d912ea7c716add3c0cfb4c34782a9cfa4c4e06b9402

SHA512
c5c39d54f4eb6b0659903ce9b5c8804a750a254bf88cc7c6e729e7813ecbbcc88df882af9294b5b795ef5b8afe8f1a60fcb46b3929a9b2cdf41c84188e5852b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ta.pak

Filesize
899KB

MD5
5002d84bffb908a2dcc7e1b69836c265

SHA1
4cbbe387a6744aa6c51b15b5a3a223135a3f6115

SHA256
e0421b4cf2736bb465ec02cd85c2df09809f86479cb7624195373f25edbcedd3

SHA512
c2a4a46a27304eb080b066f049d2eae733470dbf0f8107220049eaefdd73fd8b41abd1b02b4a2ee6934b4cae18de97bca5360022a8e295427a0bd63603bec410

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\te.pak

Filesize
836KB

MD5
b1a4d471fd8af54dfb8ff252246bfde1

SHA1
2044ee38f8d8d76176a735e726de189feac14985

SHA256
f53e06181c9fa0f6028906a7388fd4e8f000ffb7277330634462433d34572395

SHA512
18248d3fa8f4cc409788d28a244889230b074fff416ba5998f25f3b67ad0c627172a5e7e3947e61e72ce28a5b4cb2134d6627b6252b3d282b54f84b424136c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\th.pak

Filesize
704KB

MD5
85f59bf2f1167e34ab2b666608805420

SHA1
f0d8e8fc644c15c52c5f9d3419f88e6072799736

SHA256
4fe2b7b6886e3ce068be0b7a0a71d45756eb797eda1e7d4fad52ab8a370e8336

SHA512
86d6061895c996ad1caa3f3871c014b656e7ba7bb91f05c72a591cb5877c3db61965bc1a5094dcf7c4127d11f8106622355464704fd0695372627d8400a16ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\tr.pak

Filesize
357KB

MD5
da4c47bef469c086cdb7e5b74310304a

SHA1
9f0569659eb21261003a232d5d92d3aae8d47b7a

SHA256
5df18798a35b502a18fb4f82e9b03b7ca100903ecd5d192ab2a3f0bc7646c366

SHA512
55c745cd8d0aba6f4a2454c494b80eb4cc74f733771e7279b9033d52716551a85154e9eb31eebe17dce05ba71e0213e581c4b98b59a6b88aa8b9569c411e397a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\uk.pak

Filesize
605KB

MD5
229325584cd98c8408f7fc5c5603c6de

SHA1
dd31356ede30833a138fc3a6b8838cef89344a00

SHA256
3fb15957c77f3635aa7cfca796b045a1ee1f1abfc0c12c163cfb537364f3c80a

SHA512
3b57f57649877700f03aee73bc6e6e863ad65ec7c13b9851a3fc7e5d06d11ea154ce087d0a64dc689cfc55aca9eb6492154c9eb18130f6d17b8d94ac8c37a6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\ur.pak

Filesize
532KB

MD5
6310a289e55b1022f12b4f3cc29fe831

SHA1
150d81ec8db4d9aec6c0e83e5577dcb7f1956b38

SHA256
06a0c18d978b54dd163c7f77b7ee0f2ecf3607c5dc14032326f21b4a1f304d81

SHA512
acb538fce25486e6a01401aa0e9204a6f519cd1dfbca48663d6142e1fb6280bab271dfd2b4c5ddc858de6920805e539b791c48eddcad124d0aae298d479dcf48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\vi.pak

Filesize
424KB

MD5
1b1b14f542bb4a9f014d1801fb2e4007

SHA1
0f56c35b2515fc92690126c54d57aa763a5c3288

SHA256
f1602637e7f3e0a908d7a9a3f630b8dd38bfd26704cc64ef432d2c88a1ee7017

SHA512
3e98c44ad74d905fee06851eab16576f6261a15336f1c1f625f646af725988b75957ed89c16876ec6127150e2b28778a5b65f897b9540ad1e4cec98be705cde7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\zh-CN.pak

Filesize
308KB

MD5
32b1659c7abe8a01a702e46c69f0a3ce

SHA1
43eba1f94417109834f25006a81653bf635ce9a0

SHA256
97fe793b325d0c27669f62235bd157c51a3e1aeaffba30e7fe028c9d64939c5f

SHA512
72b932cb9e19788a67a1a7beaea0b9b076af0a5f1c568f9d2d6e8653d3c9fd4bc17db1a39db1f12b8184112b8e67125f443b8b2b60f31e62e16ef9c6a8e2c4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\locales\zh-TW.pak

Filesize
305KB

MD5
14f3f547a54713f91251b38459a096b5

SHA1
02ac592a2eb4a7c6631dad5aae83726ef9c33ec0

SHA256
280ba35171dfb6a54efb13fc4ddedc13a0283a9a6eebff4c15275767beb4ba77

SHA512
0ad8c6a6eb0dcbcbbf6f9e114c93bc2cf6004dfa9ad7b68dba31c2a9856c0a56acb66507f65b1823434b1ad362c1ac812b72c254e5329a2858e888a761f45ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\resources.pak

Filesize
5.2MB

MD5
075012b3ed1aa28463e93bb34ae65bdc

SHA1
5f60eab16aabce3c9ee8865aa2a3cf99dfb2e500

SHA256
72e32776d916fe7b7952ac94e58bd94555a8a8b4542c76ac163372a80be9aa2a

SHA512
dac8ee0d0842ab5ed153fff615f8708da2747d2381358d58454ab2151e5f9d1474023baea133487ab736211c591e2fe9c3c312df8aa5952ee7b3e2f71794456c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\resources\app.asar

Filesize
129.7MB

MD5
4ffb629d00ffc1dfbddac0326f522fd3

SHA1
9cd8e9598d2736aed613c23e2a4a1f6da7c9fca5

SHA256
68e383d9682415458155f321c056bb355a236e61e51ac2755c9efc88b6b6860f

SHA512
d262531ad06733f781c8b736a63c079accd366a58e6d9dd70b9415a0b0fe80b26d7712278f61dfe3acee06cf4487b45b46780650606d2fc82f0c25e21ad3c728

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\snapshot_blob.bin

Filesize
410KB

MD5
c5d06bf7a12109e49dce962b6888f051

SHA1
63189d373271fd89079b4f55d035b7746f96ff00

SHA256
ece191beef3b53272a925c1f5e8c02a0dc78b00559799d27a0665fc480380b3c

SHA512
622854c9310ccd84dd100ced5eb3ba3d52f75dc68597cfb550b9b84e3798bbb90d39a41d3f9fa7b0fa58654e2ba0ac657d70b8dd89677126d39889abf9e0c008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\v8_context_snapshot.bin

Filesize
710KB

MD5
4d582d568efb15b489a15be358d9a68f

SHA1
295393f0707d04ed60ebda8ea7c0297c411c7f33

SHA256
ea2ea0f97ac908fd127a423f505241ebf4acea0ba5d02635cae40f7cd9c2f464

SHA512
ed8a6af3d51904020abc8e8f3e734ccbf1663d8bd3c0f526e1d69ebfdf47b6061fcf3660b70239ba755f1273f6c608054d6dccd3721a4bcd81e7e9f3a3c7daf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\vk_swiftshader.dll

Filesize
4.8MB

MD5
8b8ea5d86bcc9c2171be4044d9382418

SHA1
5320359d0a0d7d61d46ea9a349bb2f7040befa22

SHA256
bc393473160de65726f1261ea0f70abfc8398a5b5f85519a9747099aef46fda6

SHA512
02e94d0ad8ebc6a29c76f63a61ea072070d001d7e1f9b216cb7cb18850c324c3be70def4ab4aefe327cbfd70d3a2c8b8142e747d316d11fd866e7a1c62f4f0c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq4446.tmp\7z-out\vulkan-1.dll

Filesize
858KB

MD5
c738e6dab0abe04d828ae02d6e0ba235

SHA1
08ceb9995b7a5ee455e6ff25b4e158416a8a1ddb

SHA256
ce993468d9f3cff7a0e6d649a37e46553df3811c16acce9b59c6b5964e84bbc8

SHA512
6769c590c83ed02be3c0ed0e2c7148b18e6af19e33ec23b96f8452d96b8adccf2aa32911764005c523fcfb0891f16183b0c7cbd81dc5f2a48d874bd36a28fc87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js

Filesize
6KB

MD5
b175d9048b7be4c9d2e2bda4c021a42b

SHA1
4600163b5529a9ac280cf92975459c09c3776c64

SHA256
c11b347e4fd9bad406e3f4ebadfc64d3ba1a7362358d529caf2a2e8d4d9d4f7b

SHA512
4e3acdb83827e6b459827b19855e2143c5d88e1cf01d9cec6e6036c28004a491fb12ab7a6a127e302efac8d4128011744a0e63fb5bc34cca393430a28e858462

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b46efeba21bf114fd0e539b85f4b3a62

SHA1
8261cb285e50ff4fc4d06d1ab467dc266d6017cd

SHA256
68152adccf7fc5de13d817b33b9b4ad55e1e61382395ce857e330dc83ccc4696

SHA512
432a1ff42aee79092ccf7427946600d625fd1f3337cbbc81ab127db7bff149b23ffdb6da83dfff42a4e5e1563b7f36cdadc0aba927ed859b07c8cec322a2f7d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
6871e142a7b666882cb63054fdf20e36

SHA1
3da494b52a1765060e1949c6e58a259b4efbec69

SHA256
c8b140c9c8832a8b9b80c2ed5494cfba0367b648a9d6c00699145bb03a58a0c5

SHA512
4bd82e6622534d89419ee87dc98ea27445f391f200beb789150e17565dc4970744f284ac33e42f156cd264dd19f2f22151d49920df5024853030039d3284d3c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore.jsonlz4

Filesize
943B

MD5
41bb289d974183ddfc3cd2af62d62016

SHA1
b40d6a49f2bc63938d9f2989e439690b9e66c6e1

SHA256
0755dcb9bb25775d951d7ba134437269a41805e331a4675d250d08a4f49d0757

SHA512
61afbd98d5397a71bdbda47532206509fa578ad439d2192a30e3e686e231205dcb24b2a360e801d51b0802d11082541cabbbd2ef967d14234cad7bbc95d60771

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
13f4ea7224417985aabae4a2f59fc2ba

SHA1
2d20752d98ce84d37a69d349d2c008e302748b59

SHA256
929688d666a67a627252819b523a1a80c92a092a94b155728b8ae603ec370c4f

SHA512
0cf9e68368fff17491537a97f62cd1dc0ac9d1d7330cb2ad3f3e252ad973097fd53e416c70e9c0abb7a5cf97ac92e58f364fa96c47c95c071df71aca94dd8501

Download Submit
C:\Users\Admin\AppData\Roaming\trafficermc\Network\Network Persistent State

Filesize
643B

MD5
dfe935860139581bae256a50ca9c3e2b

SHA1
805b7acd1a2faa61f9c608d24c75e737f3030ca6

SHA256
8eeb33d1b2843af0031e5c84f115bc675bf128c849dd370a1636e88f1a7b61fc

SHA512
8252e666aabc2c8715ffdebcf1ae0942572ff5e869f5dadbe5ce18e02cc97860f44ad64cc319464e3316eab1ad624fe8562fead6b1db893fa08b45a05b316708

Download Submit
C:\Users\Admin\AppData\Roaming\trafficermc\Network\Network Persistent State~RFe60f4f3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\trafficermc\config.json

Filesize
233B

MD5
ae57cb4040838beff3d49a769f6f89d1

SHA1
f33d04b824da7305f3dd9dd622b7a4fa5cf8a295

SHA256
b3ecebd80e80b7171a078242605e42376cf7f80a26a2b740f4c2f915d7a2f6a9

SHA512
31f42c355ef8f76192d7c68527a62c608fbbb14273489f81269fe4731bbaa8a5cefa6e2885f51757882f6b348316d6347f1ad7636557715546a0ba416435d487

Download Submit
C:\Users\Admin\Downloads\TrafficerMC-2.1-windows-x64.exe

Filesize
62.6MB

MD5
1ed5b3d92ef8905a13521d1ebdf49462

SHA1
8ce8289e9fffa829c170296c698d17a7c252f964

SHA256
4dfbef2a0e1cb903e479e67a571da62afa09b75728b9efee6355fa378c5ad68a

SHA512
cb70e507bd74119c7f9ea28e5db4deaed2b3ac8a78870944adf2a6c29961e95b8a08590792ef0043ac21b784932e9b2cfafb3c39f48e6ed5b71190786ac986bd

Download Submit
C:\Users\Admin\Downloads\TrafficerMC-2.1-windows-x64.exe

Filesize
62.6MB

MD5
1ed5b3d92ef8905a13521d1ebdf49462

SHA1
8ce8289e9fffa829c170296c698d17a7c252f964

SHA256
4dfbef2a0e1cb903e479e67a571da62afa09b75728b9efee6355fa378c5ad68a

SHA512
cb70e507bd74119c7f9ea28e5db4deaed2b3ac8a78870944adf2a6c29961e95b8a08590792ef0043ac21b784932e9b2cfafb3c39f48e6ed5b71190786ac986bd

Download Submit
C:\Users\Admin\Downloads\TrafficerMC-2.1-windows-x64.exe

Filesize
62.6MB

MD5
1ed5b3d92ef8905a13521d1ebdf49462

SHA1
8ce8289e9fffa829c170296c698d17a7c252f964

SHA256
4dfbef2a0e1cb903e479e67a571da62afa09b75728b9efee6355fa378c5ad68a

SHA512
cb70e507bd74119c7f9ea28e5db4deaed2b3ac8a78870944adf2a6c29961e95b8a08590792ef0043ac21b784932e9b2cfafb3c39f48e6ed5b71190786ac986bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 588924.crdownload

Filesize
7.6MB

MD5
cd1d9d9aa0c048f7227bae30ee6d26b0

SHA1
9ce774b5fbb5035b2dbad5fe7c1b45dcf0144a7d

SHA256
bc44887e258346d4bac843e0dcdd8cdfae408b674f95fe90dd69cc37fce9b399

SHA512
519b42984cb98cbd463ef1c71a775d49979b0b0d35e23251e44cbdab48227673ab931ac6405bf1d67d2e6066f08be675a3a046cb2a71a22c0a3794ac1a394199

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 588924.crdownload

Filesize
62.6MB

MD5
1ed5b3d92ef8905a13521d1ebdf49462

SHA1
8ce8289e9fffa829c170296c698d17a7c252f964

SHA256
4dfbef2a0e1cb903e479e67a571da62afa09b75728b9efee6355fa378c5ad68a

SHA512
cb70e507bd74119c7f9ea28e5db4deaed2b3ac8a78870944adf2a6c29961e95b8a08590792ef0043ac21b784932e9b2cfafb3c39f48e6ed5b71190786ac986bd

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\ffmpeg.dll

Filesize
2.6MB

MD5
ea54041a503389e9c10ec8675059312f

SHA1
6d72b3a06770adecee75fb104f6eeb988fb88eb5

SHA256
b9aa9053fc3fabdd551fe1f6ef4ed43d43cd2aee3a856f3d0aa13cb4c26f7981

SHA512
82a7df79ef36be311e7e05e3bdb5baf362783cc3b5e2ae329bdce319e3303f924374d87cc1e02ed3c5b53d601c31eac05285d5ad60c2dff99d65e58e2cffe5b4

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\ffmpeg.dll

Filesize
2.6MB

MD5
ea54041a503389e9c10ec8675059312f

SHA1
6d72b3a06770adecee75fb104f6eeb988fb88eb5

SHA256
b9aa9053fc3fabdd551fe1f6ef4ed43d43cd2aee3a856f3d0aa13cb4c26f7981

SHA512
82a7df79ef36be311e7e05e3bdb5baf362783cc3b5e2ae329bdce319e3303f924374d87cc1e02ed3c5b53d601c31eac05285d5ad60c2dff99d65e58e2cffe5b4

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\ffmpeg.dll

Filesize
2.6MB

MD5
ea54041a503389e9c10ec8675059312f

SHA1
6d72b3a06770adecee75fb104f6eeb988fb88eb5

SHA256
b9aa9053fc3fabdd551fe1f6ef4ed43d43cd2aee3a856f3d0aa13cb4c26f7981

SHA512
82a7df79ef36be311e7e05e3bdb5baf362783cc3b5e2ae329bdce319e3303f924374d87cc1e02ed3c5b53d601c31eac05285d5ad60c2dff99d65e58e2cffe5b4

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\libEGL.dll

Filesize
464KB

MD5
1bd48998a9902047dfc55d7be8c6123d

SHA1
77fef4039d9cd82a6ff63c0ee01cb643e3043646

SHA256
1a286469a1e4cbcb580b3e2717ffde66d0e775f9bc50fb61051e6d2a846707b7

SHA512
5787035dc2b28a11310e6fbc6287c436ef00ffdc0dca24a7c0b65801799e8d6b8f3462141cc07f0e186ed82309e6470b99138bcbc04ef7e1817b2e67d6923a94

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\libGLESv2.dll

Filesize
7.0MB

MD5
4f12a8ca2ae3105a3c3a020a1af1fe15

SHA1
4abd4b53b85c92ffbdab16aed0fca67e301f35c0

SHA256
96d676319d2a2add410202b6273ce2e10f04277610cfb13e71d731af388ffc22

SHA512
791a5d3772b0a8f791beef5dda217084363598880c64b465a620e55a22ded0cb5bda315cfafa154550787d2ed4ae216841e3f14b954bf1b3e024b942277c91ed

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\vk_swiftshader.dll

Filesize
4.8MB

MD5
8b8ea5d86bcc9c2171be4044d9382418

SHA1
5320359d0a0d7d61d46ea9a349bb2f7040befa22

SHA256
bc393473160de65726f1261ea0f70abfc8398a5b5f85519a9747099aef46fda6

SHA512
02e94d0ad8ebc6a29c76f63a61ea072070d001d7e1f9b216cb7cb18850c324c3be70def4ab4aefe327cbfd70d3a2c8b8142e747d316d11fd866e7a1c62f4f0c8

Download Submit
\Users\Admin\AppData\Local\Temp\2MRHWzZIrZfDIw5wABLUWNprsro\vulkan-1.dll

Filesize
858KB

MD5
c738e6dab0abe04d828ae02d6e0ba235

SHA1
08ceb9995b7a5ee455e6ff25b4e158416a8a1ddb

SHA256
ce993468d9f3cff7a0e6d649a37e46553df3811c16acce9b59c6b5964e84bbc8

SHA512
6769c590c83ed02be3c0ed0e2c7148b18e6af19e33ec23b96f8452d96b8adccf2aa32911764005c523fcfb0891f16183b0c7cbd81dc5f2a48d874bd36a28fc87

Download Submit
\Users\Admin\AppData\Local\Temp\nsq4446.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsq4446.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsq4446.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2212-307-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-274-0x000001EB80340000-0x000001EB80350000-memory.dmp

Filesize
64KB

Download
memory/2212-361-0x000001EB806A0000-0x000001EB806A2000-memory.dmp

Filesize
8KB

Download
memory/2212-200-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-310-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-199-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-198-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-197-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-194-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-193-0x000001EBFFF80000-0x000001EBFFF90000-memory.dmp

Filesize
64KB

Download
memory/2212-192-0x000001EB80340000-0x000001EB80350000-memory.dmp

Filesize
64KB

Download
memory/2212-191-0x000001EB80340000-0x000001EB80350000-memory.dmp

Filesize
64KB

Download
memory/2212-190-0x000001EBFFFE0000-0x000001EBFFFF0000-memory.dmp

Filesize
64KB

Download
memory/2212-179-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-308-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-181-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-182-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-287-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-186-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-188-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-189-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-285-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-187-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-286-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-183-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-275-0x000001EB80340000-0x000001EB80350000-memory.dmp

Filesize
64KB

Download
memory/2212-180-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-424-0x000001EB80340000-0x000001EB80343000-memory.dmp

Filesize
12KB

Download
memory/2212-273-0x000001EBFFFE0000-0x000001EBFFFF0000-memory.dmp

Filesize
64KB

Download
memory/2212-176-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-173-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-269-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-268-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-170-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-171-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-172-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-168-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-167-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-165-0x000001EBFFF80000-0x000001EBFFF90000-memory.dmp

Filesize
64KB

Download
memory/2212-201-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-204-0x000001EBFFFB0000-0x000001EBFFFC0000-memory.dmp

Filesize
64KB

Download
memory/2212-216-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-217-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-218-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/2212-267-0x000001EB806A0000-0x000001EB806B0000-memory.dmp

Filesize
64KB

Download
memory/4684-152-0x0000021C5CA00000-0x0000021C5CA01000-memory.dmp

Filesize
4KB

Download
memory/4684-154-0x0000021C5CB40000-0x0000021C5CB48000-memory.dmp

Filesize
32KB

Download
memory/4684-117-0x0000021C58650000-0x0000021C58660000-memory.dmp

Filesize
64KB

Download
memory/4684-133-0x0000021C587A0000-0x0000021C587B0000-memory.dmp

Filesize
64KB

Download
memory/4684-156-0x0000021C5CC90000-0x0000021C5CC98000-memory.dmp

Filesize
32KB

Download
memory/4684-157-0x0000021C5CCC0000-0x0000021C5CCC8000-memory.dmp

Filesize
32KB

Download
memory/4684-158-0x0000021C5D060000-0x0000021C5D068000-memory.dmp

Filesize
32KB

Download
memory/4684-159-0x0000021C5D350000-0x0000021C5D358000-memory.dmp

Filesize
32KB

Download
memory/4684-161-0x0000021C5D470000-0x0000021C5D478000-memory.dmp

Filesize
32KB

Download