9a3245e6d3af81f8f515fca1dee9dc5e3aad9c2d263825ce975e2f2d19aa44e4

Analysis

max time kernel
134s
max time network
177s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-03-2023 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Smartphone.Tycoon MT/Smartphone Tycoon.exe
Size

1.9MB
MD5

fc29756628077940742f0540bae0ae4c
SHA1

6612192e8dfd51005fc078e069c971f16b7c3b4d
SHA256

7c5a8506b85cb9a80d2af9d2106ea02a2b142f1a6289a93d7a8f9aed3f2ebf33
SHA512

5acb17b0b37d1e8df1ac528a0335a7d5e689c104bc5cc969e67fa67da9e369afd7d01d9133d3ca709f213960833089d67903fa2339498edf0e0aee502e43706f
SSDEEP

24576:DvVACJt/RbRhLqYAy1Em+cq6vlB7F84Bn6JZUlN7MxU40KbZXH05jbXT1acPrmq5:DvVnLYyNjn6JZUfr4XF0NXT4rHAAA7

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Smartphone Tycoon.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Control Panel\International\Geo\Nation	Smartphone Tycoon.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

Smartphone Tycoon.exeSmartphone Tycoon.exeSmartphone Tycoon.exeSmartphone Tycoon.exeSmartphone Tycoon.exeSmartphone Tycoon.exeSmartphone Tycoon.exeSmartphone Tycoon.exe

pid	process
1012	Smartphone Tycoon.exe
1528	Smartphone Tycoon.exe
1528	Smartphone Tycoon.exe
1680	Smartphone Tycoon.exe
1548	Smartphone Tycoon.exe
588	Smartphone Tycoon.exe
2568	Smartphone Tycoon.exe
2744	Smartphone Tycoon.exe
2852	Smartphone Tycoon.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1408	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1408	AUDIODG.EXE
Token: 33	1408	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1408	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

Smartphone Tycoon.exe

pid process

1528 Smartphone Tycoon.exe
1528 Smartphone Tycoon.exe

pid	process
1528	Smartphone Tycoon.exe
1528	Smartphone Tycoon.exe

Suspicious use of WriteProcessMemory 36 IoCs

Processes:

Smartphone Tycoon.exeSmartphone Tycoon.exe

description	pid	process	target process
PID 1528 wrote to memory of 1040	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1040	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1040	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1040	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1040 wrote to memory of 568	1040	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1040 wrote to memory of 568	1040	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1040 wrote to memory of 568	1040	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1040 wrote to memory of 568	1040	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1012	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1012	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1012	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1012	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1680	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1680	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1680	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1680	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1548	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1548	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1548	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 1548	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 588	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 588	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 588	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 588	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2568	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2568	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2568	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2568	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2744	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2744	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2744	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2744	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2852	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2852	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2852	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe
PID 1528 wrote to memory of 2852	1528	Smartphone Tycoon.exe	Smartphone Tycoon.exe

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1528

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --annotation=plat=Win32 --annotation=prod=SmartphoneTycoon --annotation=ver=1.0.5 --initial-client-data=0x158,0x15c,0x160,0x154,0x164,0x75600cf8,0x75600d08,0x75600d14
2⤵
- Suspicious use of WriteProcessMemory
PID:1040

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=SmartphoneTycoon --annotation=ver=1.0.5 --initial-client-data=0xa8,0xac,0xb0,0xa4,0xb8,0x13d7278,0x13d7288,0x13d7294
3⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=gpu-process --field-trial-handle=992,6920615632323968312,14586642884700980940,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1528_16904" --disable-breakpad --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAIAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=11887381719202888887 --mojo-platform-channel-handle=1004 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1012

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\gen" --no-zygote --field-trial-handle=992,6920615632323968312,14586642884700980940,131072 --service-pipe-token=3333648789588239560 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1528_16904" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3333648789588239560 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=utility --field-trial-handle=992,6920615632323968312,14586642884700980940,131072 --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1528_16904" --service-request-channel-token=7767379051274625713 --mojo-platform-channel-handle=1972 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1548

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=gpu-process --field-trial-handle=992,6920615632323968312,14586642884700980940,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1528_16904" --disable-breakpad --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAIAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=712115321681989284 --mojo-platform-channel-handle=1020 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:588

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=gpu-process --field-trial-handle=992,6920615632323968312,14586642884700980940,131072 --disable-gpu-sandbox --use-gl=disabled --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1528_16904" --disable-breakpad --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAIAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=8610834704658216539 --mojo-platform-channel-handle=3264 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2568

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=utility --field-trial-handle=992,6920615632323968312,14586642884700980940,131072 --lang=en-US --no-sandbox --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1528_16904" --service-request-channel-token=12188943382688290898 --mojo-platform-channel-handle=1580 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Smartphone Tycoon.exe" --type=utility --field-trial-handle=992,6920615632323968312,14586642884700980940,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1528_16904" --service-request-channel-token=1155850231176284724 --mojo-platform-channel-handle=464 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Crashpad\settings.dat
Filesize
40B

MD5
239cef376f05e0a5ec1d2049f93f8d18

SHA1
b4f9617660fcebafae460be23496a66fee161cad

SHA256
279bf747300106bdd8128bc09fc17b22916a336e81369e3dce413cd643cc2b3b

SHA512
704f02088ec58be174509394acd39bbec9bf1e609c20a27b84bc2b9b1ec3dc8ccae4cb7181f4eb1bb6fedcc936e85634fa420a30bde70ea8ff1185a8a4eaf36e

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\Network Persistent State
Filesize
138B

MD5
71305b4c868460b24cf5a6ee1be521f2

SHA1
541f1f7d2a2e582ca25b7124e1eafccc0b1e1604

SHA256
b05a4106bc8d8c9cc8e66eb19d06524cfb295b94e1717dec1b21f8af7b425f85

SHA512
d90decf0ff4a50e5346fa552ca44b034a7e0145c8debd31f78e4d733a116eb23d72381a1f754d548caf3e9be1b1ad00574de2d03492bad44dfa8d22da61d1993

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\Preferences
Filesize
2KB

MD5
41c7500265205847d31f8f2c8cadc04e

SHA1
d7fa9eb5f2f5a3a47a5c10c9c7fa8b38a0af33e0

SHA256
3546964bf9a9354a882c3ec800705bb90cb478cd883d79d8c046dd1ef8608e29

SHA512
8cfacb22d93fa60bc8d90a22b69f99757aa9a233c18f56251bf18535b31361aef7d00b2899da8d10185947d72077e0f7f91a090237daf1bc6672da40c9c7dfaf

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\Sync Data\LevelDB\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Local State
Filesize
1KB

MD5
dc096bfe916e174feac17d88a722be9b

SHA1
94899de8123e701a5c54d2c2a99588dd82999800

SHA256
f2d82c0216d0892da4af8180da9c1158efae188dcf66a9511f12fa2724281d15

SHA512
e02d449bf903a33fe5994fcfa0de0c64fd652cf3ff706c63b71ce9256a897ef4d73ace0deac5f080eee52c4f1215e0388d638b162f89cd62714eef38ee4eb31c

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Local State
Filesize
1KB

MD5
f334c911d9ac4ce3a2db3010157a88e7

SHA1
acb34985987694bf9111e711367ab2dc5330bf4a

SHA256
29ca803625e37dc46e76047caa9189913c527d91762dee85fca8ca9d0b1be9e1

SHA512
aca89d5ee72a78c8ee586b0419d3c3d3aca315cb19b2f20322f68935267f61e0d33ecbf4e74a0db9d481701d4022966ff7ee07fb78d6305645e479cd81839dd3

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Local State
Filesize
1KB

MD5
8a549379df203e7d504b22eb011b27d3

SHA1
532c257be628efa46a468e59a2ea6d643a6df60e

SHA256
305e767a4f14927a8cc218d323acb973f4b551ee4e499b66214b0d3cbffdaed8

SHA512
1c731232207229f7235d41d9d224b57bb8822236d7c6429c9f7e81872a0e8e1adf79fd444ea873a8acf8605ebaa6b9d1d3ed03e8adc9471791271d0ffe48eb6a

Download Submit
C:\Users\Admin\AppData\Local\SmartphoneTycoon\User Data\Local State
Filesize
3KB

MD5
3dcc0c4028bfd9d0c54d6ff339525568

SHA1
19745789b5fe878bd14958cf8317d7c6ce15a3bc

SHA256
aa4962d651af9a0fe119f4c4e6c5f01e99ccb55de4a92df124e22e3316e54957

SHA512
b804ae6dcafde87f65c5897cf7099c32c1502f2207c9c5855d30995d06905bad976e830922789405a0ec2413dcfa6bd697211d96e0dc7ef40e1993b79fab4c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw1528_16904\icon-128.png
Filesize
32KB

MD5
ccf2ea1eb2c13f1ecd4f49d429ed1505

SHA1
78fea75b0c6b16ca032d3ff5681469e57ac83c3a

SHA256
9144b06589551cab2217f99be40af85c4c970037e5b13e5da859d2e5563aa1ef

SHA512
fbd34c0e75bdd0ef5946cd9f4eb7a775bc550ebf74d997111b977679faf1849db057def9bbc6a8d3020717e112deea7e241e2a5d5e76edb82b56d32bdd702c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw1528_16904\package.json
Filesize
614B

MD5
3298836767b0ca30941a7061bea8a700

SHA1
a0397e946ecaad34e2cf942ff74bb33f58de278c

SHA256
255c45efa50d788d75edb82591dd18a83e92b18922191113fa0c0f14c29e387d

SHA512
e5e420213353d3b12b1f39f978a4e327d8c2c6052a42ad3d32b4d0c856565e972268ca91b82718a21a8ad6eded8b0bd60a8dc0882999694a445d67df1a0fbed5

Download Submit
\??\pipe\crashpad_1528_IFTJZSSZLOAQSAWV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1528-1399-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download