Analysis
-
max time kernel
1406s -
max time network
1469s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
01-04-2023 14:28
General
-
Target
MinecraftInstaller.exe
-
Size
32.0MB
-
MD5
7b681d2a775f0505b4fa4e6899730ec0
-
SHA1
285e9a0f1c3a5aef9b63c1089c4e9847bb176d3e
-
SHA256
1369e029a6b0da91db5e735b2942b1a5549dfb909ab1e98b919481a04b7cf5e6
-
SHA512
4746fbd6b7094e07e82a9720b1243cb43663408a5c581a274508e8bf44fcb4e254ae24bec6951761ae488c6f64eeb938bf4d613587f93f3378174f7eea2f1016
-
SSDEEP
393216:Tbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9y:OZn/G4Gqk1cWe2iTVCMue3
Malware Config
Extracted
metasploit
windows/single_exec
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/wCtGf6gr
http://goldeny4vs3nyoht.onion/wCtGf6gr
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory 4 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 4 IoCs
-
Registers COM server for autorun 1 TTPs 24 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 64 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 53 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 43 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: LoadsDriver 5 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe"C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe" scenarioMinecraft2⤵
- Executes dropped EXE
- Checks processor information in registry
-
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe"C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe" scenarioMinecraft2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
-
C:\Windows\system32\svchost.exe"svchost.exe"1⤵
-
C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"1⤵
- Registers COM server for autorun
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /i "C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\gameinputredist.msi" /quiet /l*v "C:\Windows\TEMP\gameinputredist.log"2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe"C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe"1⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe"C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe"C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe" Global\GameInputSession_12⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Windows\TEMP\{2982343a-a444-a842-977a-661f5a05f066}\xvdd.inf" "9" "47a6d594f" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\drivers"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "0" "SWD\XvddEnum\XvddRootDevice_Instance" "" "" "48fe919b3" "0000000000000000"2⤵
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Windows\TEMP\{81b2307d-a915-7347-a1b2-7a9709a6cd5f}\gameflt.inf" "9" "472bc408b" "000000000000014C" "Service-0x0-3e7$\Default" "0000000000000100" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\drivers"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "472bc408b" "0000000000000100" "Service-0x0-3e7$\Default"2⤵
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "4feba5173" "0000000000000164" "Service-0x0-3e7$\Default"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Windows\TEMP\{4da8472a-7d7b-be4c-a35f-e4144c814b13}\gameflt.inf" "9" "472bc408b" "0000000000000188" "Service-0x0-3e7$\Default" "000000000000017C" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\drivers"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "472bc408b" "0000000000000180" "Service-0x0-3e7$\Default"2⤵
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "4feba5173" "0000000000000184" "Service-0x0-3e7$\Default"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Windows\TEMP\{36174478-1504-0947-9fb4-091bff8c1bac}\gameflt.inf" "9" "472bc408b" "0000000000000188" "Service-0x0-3e7$\Default" "0000000000000144" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\drivers"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "472bc408b" "0000000000000144" "Service-0x0-3e7$\Default"2⤵
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "4feba5173" "0000000000000184" "Service-0x0-3e7$\Default"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_6931cffa1f5f9fc9\xvdd.inf" "0" "40900117f" "0000000000000158" "WinSta0\Default"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Windows\TEMP\{c348248f-8f6e-b54e-89e7-485ffec02969}\xvdd.inf" "9" "47a6d594f" "0000000000000184" "Service-0x0-3e7$\Default" "0000000000000100" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\drivers"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "0" "SWD\XvddEnum\XvddRootDevice_Instance" "" "" "48fe919b3" "0000000000000000"2⤵
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Windows\TEMP\{605cb0a8-891e-4049-ba7f-cf0564744c36}\gameflt.inf" "9" "472bc408b" "0000000000000184" "Service-0x0-3e7$\Default" "000000000000018C" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\drivers"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "472bc408b" "000000000000018C" "Service-0x0-3e7$\Default"2⤵
- Drops file in Windows directory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.inf" "0" "4feba5173" "0000000000000190" "Service-0x0-3e7$\Default"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.XboxIdentityProvider_8wekyb3d8bbwe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
-
C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.GamingServices_8wekyb3d8bbwe1⤵
-
C:\Windows\system32\svchost.exe"svchost.exe"1⤵
-
C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe"1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe"C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd84609758,0x7ffd84609768,0x7ffd846097782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3252 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3380 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4832 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3488 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3560 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1848,i,4658680912209778379,3031724037959673510,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 4322⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1104 -ip 11041⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"1⤵
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\drivers\spoclsv.exeC:\Windows\system32\drivers\spoclsv.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"1⤵
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\drivers\spoclsv.exeC:\Windows\system32\drivers\spoclsv.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"1⤵
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\drivers\spoclsv.exeC:\Windows\system32\drivers\spoclsv.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\GoldenEye\GoldenEye.js"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\radFA56D.exe"C:\Users\Admin\AppData\Local\Temp\radFA56D.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\{fde320ea-d431-463e-bfca-4bf9a378f211}\typeperf.exe"C:\Users\Admin\AppData\Roaming\{fde320ea-d431-463e-bfca-4bf9a378f211}\typeperf.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\GoldenEye\GoldenEye.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\GoldenEye\GoldenEye.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\{aea63acb-be05-4062-9e4e-d0d7659c7ccf}\setx.exe"C:\Users\Admin\AppData\Roaming\{aea63acb-be05-4062-9e4e-d0d7659c7ccf}\setx.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\GoldenEye\GoldenEye.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\GoldenEye\GoldenEye.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\{94b73fbd-050f-4431-9e6f-fde277a314a0}\fontdrvhost.exe"C:\Users\Admin\AppData\Roaming\{94b73fbd-050f-4431-9e6f-fde277a314a0}\fontdrvhost.exe"2⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe"1⤵
- Sets desktop wallpaper using registry
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\7ev3n.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\7ev3n.exe"1⤵
-
C:\Users\Admin\AppData\Local\system.exe"C:\Users\Admin\AppData\Local\system.exe"2⤵
-
C:\Windows\SysWOW64\SCHTASKS.exeC:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f3⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat3⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:643⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:644⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:643⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:644⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:643⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:644⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:643⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:644⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:643⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:644⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:643⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:644⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\7ev3n.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\7ev3n.exe"1⤵
-
C:\Windows\SysWOW64\SCHTASKS.exeC:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat2⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:643⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:643⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:643⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:643⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:643⤵
-
C:\windows\SysWOW64\cmd.exeC:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:643⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"1⤵
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 152⤵
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Delete /F /TN rhaegal3⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Delete /F /TN rhaegal4⤵
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2485198992 && exit"3⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2485198992 && exit"4⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 17:10:003⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 17:10:004⤵
- Creates scheduled task(s)
-
C:\Windows\77C.tmp"C:\Windows\77C.tmp" \\.\pipe\{FB446F33-4C59-4F0F-A85D-209DF304E5A1}3⤵
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 151⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Birele.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Birele.exe"1⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM explorer.exe2⤵
- Kills process with taskkill
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e59d133.rbsFilesize
12KB
MD5b36063ba1feb79ff23d5c74a4dc09104
SHA1c09618baf4d2f89a68edaeafbbb6f01a5bf3565c
SHA2564969c399f7e63e1c8598cd3d39e0172e598a28ccd5984958a93ad89e33740d32
SHA51239005bee54b8ba8c0d96af8f7e46bcae25c5e38c453ce59661fc98cefc58ec8424818bdde26ea073e706c798ee04a7583c85bd41342bc9975121bbc8a4f5239f
-
C:\Program Files (x86)\Microsoft GameInput\x64\GameInputRedist.dllFilesize
361KB
MD5ac7817f3bb39f7a1ecd79b22e55c7814
SHA16044b28135a7969959e601403aabd353bcfdb960
SHA25668cd6170402ffc688e90e7e2ba81afe4c37fa8ca344763d3bfe7831ceb15cea7
SHA512f464161c245c876400d286697eec7c268902249d202490be59f15aeaab1b1a9ba7cb7158695e0653b6505e8583365b0c61615570a979dae04d1f374ab12490f0
-
C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exeFilesize
89KB
MD5efbb63a705d505ffbd154cc443054574
SHA1ec0ce2f04e3288a2f1e43f5ce2fb2195ea5b7ffd
SHA256858ecbeda0f6ed2722435c7f4847a323f872982ce6f1ab7fe861738344062d3e
SHA512b2675772157766d68c0dcfab31bb7bba7a68da840f37cd36afe3309588f46b4ef4f8d1da322097c9a053f6133d7397b1aac80dfcb6a6693e0e070c87e7503d03
-
C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exeFilesize
89KB
MD5efbb63a705d505ffbd154cc443054574
SHA1ec0ce2f04e3288a2f1e43f5ce2fb2195ea5b7ffd
SHA256858ecbeda0f6ed2722435c7f4847a323f872982ce6f1ab7fe861738344062d3e
SHA512b2675772157766d68c0dcfab31bb7bba7a68da840f37cd36afe3309588f46b4ef4f8d1da322097c9a053f6133d7397b1aac80dfcb6a6693e0e070c87e7503d03
-
C:\Program Files (x86)\Microsoft GameInput\x86\GameInputRedist.dllFilesize
236KB
MD5c6b900b9dca17d44dca701a65a96dda0
SHA1d4a6f237fe61a6558e0c9ce9af069f479794389d
SHA256dad5d0a672bd9a217efb1be8c6c3acf342ebd82e0f7b403359944aed8e624475
SHA51235413114afea11e4675b1f68c4f0485b65038f64457d7bc9e6b1883a030e94b275dc96abdbdf0b9f8736299998e719c1d15d41d78f65fb33b9cb505679de57a3
-
C:\Program Files\Common Files\System\symsrv.dllFilesize
72KB
MD5ccf7e487353602c57e2e743d047aca36
SHA199f66919152d67a882685a41b7130af5f7703888
SHA256eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914
SHA512dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c
-
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfmFilesize
16KB
MD544ec84c8637917ecccc9e00982598712
SHA1141c884afab690f5889bc522587c249555aeac0e
SHA25653413545a6092932788c5d0c5a676a4f3a3e0126d4d81c2ed5066c38445b8b5f
SHA5122ca86e7643704dc26f6d7ffaa7a4b71698d3c7c1a08af340c6d8cb9b95aa3d270a182745dac114930c83180ecd588ee087317c168c85c9841f6eab25931bb369
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5ec29fb3eea94e4e4adaed40de1e0f42a
SHA1e7437e58b66023a500a132b4bcaba7ae390d4124
SHA2563711addd5a709431c445617cd7b917985cb0562b06a977cec70e2452a9cacf14
SHA512394cfc37d89f6dbf65269d4e57d7c9fe65508e90ba8893c4ba3cc37ff0bd09839793bf37c614b90b68252fe2e8143c5d38ea1040b18e21a530329a166c2dfbc2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5a741cfc8d376be268c6d54ffc9bbd47c
SHA197ef05a75f21759c3d36bd9bfaddd884cac40050
SHA256cd1f8112a2239c22b85b388e3011bbd17d5e78bac32e8a81e10bfff9b782ca67
SHA51200289d2ce86f3d32f9d7eb1010151ac50290ec0624263df2032d2412632ad32aeb855a07b7426504c9eb6d534fd292906bf8f98a8dada80043e00ea15ba9e5e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD54a01dab355259792b37924504160ebba
SHA1c94ea179a8bc61528ea608e6432e0caa2f8169d2
SHA25653b7ea53a4d68661a11398f7510fbf56cf3bc0f6b24f110485a60c0d9a2bf234
SHA512173766fffd0728ec009dff67392b5aac52993a7659c2f2a5e35fc4485370bc1d7d30bf5ba48f98cb95df1527474f0335ef5500c36e380c7664d75de90d8ffd4f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5a3641f9e080575e35f600e6ce819b05b
SHA1bbafae6d0bcd049bea79994c2daa6706a6cb88ad
SHA2562c18670d19c4832d7a551887faea1311191ec12fe304ca82b480abd014428353
SHA512307f0f31accf432ba2315b200d21899ca8bd18ed48a538e8bcb62cd9c99bc7d2a872d4c7b1b7e1f1136b29bde50f6a1a7688c52cd1115b160729bd0d79543c55
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5a32c3ecc78824c0bd79d81c00ce2bb44
SHA1288a1db55b050a9d2155891dcd572285b1b5c3d3
SHA25670bcb0cc6d667c6ef64ab292dea890c531af0ee9bf46cbc92c530627659cf798
SHA5124cb18c7174d923dbfd8678c08763f51a657d8dd1d0723ed37234355a50eec0a7e83c1b036fc5d2c55cdb19bab1a5e4cfc1f87c7bba5a234e9f30cada0f9f2f0e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5c5d584bc7a20ee4ea0557be57db6cfaa
SHA1fe119cdbac18753fd7a94f2c91049b9af27418ba
SHA256f6f26e0d78eb700987382c6a77e91bd5ff4b2793775697468819c087f112634e
SHA512dcea07b92853754ee52c472a6c780b1a9dc065aaa84427092cee55172c2b6fad36c2a67ee057a0c94e1782b2a11942bfe7944b4a4a2b21c8b4625d0942ca6bcc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5a930fff42176f1dfa05ba20562554a0a
SHA1f3354d926763d5e33907cad00c80a6355bf23ac1
SHA256cbe4975be5fcfae76821163224b74ce5b175dad6061b141aff9f8c37954a9236
SHA512263b2c42c037757ea92fda457efcb839e3263670ae2f290d19baa842d1e58580954a220f955166c181898f6b1fb31b84544194145750ad686f7d897a4c4472f3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a68c3723e4d569d871d9a2fd0b7c3433
SHA1fb5e8569aa60237784fc329fbce1f18a40424bea
SHA256d5fcd227a32668b3f64349be849088bf87444ae85bf015eed86cf6a188fa87b6
SHA5121f45e7fe9e49707206be64b6b42f462a10449da3768422a45d07041c3b95d9c525a54c955009f426eea638c47e7ed3f87479fb45168c5ba8adb4d576f82ca7c7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD553d6e4359254a5c619a1a610ff88f98f
SHA190cf5cd3888b8c2cdd14766ad8ece32350878858
SHA256886358fa531e3f7560934b1f74782a3421650a96e3889df6804ba404153b03dd
SHA5123940cf5ee62eb56f0a7720f4336bcbb9e0b7fb45f63ed0aabccc005bc268b1008ef3bffb8b012f9b83b23a9fed0c89d99b2e4947b0fcaeac0c33e18fc847b658
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD56e3224c844712b4445fe75793659d8f2
SHA1619f0f9f04df5aa53580850e1a588c79b373a5bf
SHA25612f288b8957bc4009e48ec39a41fc49d4b53c261797ce8f8dbd3f2e9da345015
SHA512fca813c000990317944dc49af1120c9fec5eef5503e2c41f2863bb31c62464824e2155f2d1e4626386e9381a9faa798de8bf2d4a44f9229d0d5f1473057804e4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
874B
MD530784e32ec869465bc603ceb6ba6f994
SHA11aff76d62e06b739805c1281cbfb40d318b79ca9
SHA256b2061a9f59abdd16c64fd787a4103f70107623b4a2a35b4f202adaa45721d2a8
SHA51234bfda9b5e70454493191e6b8726eeabbee26504c0df54124ef2f0103d23c54ff562dd59eb92d352cd76393e127c2b23c2a9fdd0f1b503ab4b6e015fc01c1234
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD543a8c11eca2293b68e533581711eff3a
SHA1974a6d0e43ade40fef4783cd0b9245bf72ac9ef2
SHA25669a3af0dd41137a44f03d97e88064ec841159b0b2afbc160cc980c57952439a7
SHA5129a7a4745140e9dc12893a3c40bce5401b726753c3c21496117907da2339ea35632a59e980963d8f9f6de0b93ca8d36d0ef4b26cb41ae426e69091466a4483e80
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5bf17e0594d2d4ecd684251f53d77fecb
SHA1a19b55b7cb93fd8199bcc63b5cec1cdf01dd2865
SHA256abcefc26704c416df0593a6b7ca8647864dc34e6f9e0a8a8524b3e4da8a21e72
SHA512dbb150e426bd803aa14436935636d5dce5dfd0cb8ffbf39bea7adf8282cfb77ce2a5418feb82be183fc3b859c52c24404e6e0d5ed91cf5f8f0b333fc8f3522b5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD58b07467ef6b41ccaa07d2cd82faeaf90
SHA1829ff082caa36c8d96a7ccb136036c6af36b4771
SHA2565be1e760dc0032454310c4c4a2f4e77ae6be3f5b8aec8bd72a4af8769596585f
SHA5121702a159b2d4e766cea0d4285b2312026dc937be270e00632af99e1056b2f283b37c2bd47a06b5247c599f93d35ded7f5ceb4d773ff1e77dde8520725c41f7d8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5839477036307971f24163c422608760c
SHA1ffb63f2451fe621372f672a8d35f8d485def8182
SHA25624d69ac2ddf113f407cc2b664337d0ccb063ea20d7b962c37a99a4a84c523ec4
SHA5121a58d214089e50f97f1748531649422e10f838281fb1ddbc0a4d5db80baf926c9059a5a62f77d359235c7608b4d0fe7bf0ee94b566f18020cd9c2f52d36bcf33
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5149a44bf6de7deb76f7dd80a9edeaaff
SHA1ea42dbda484f9bfae9086a084acc374afd0dde3b
SHA2560e6e5d39cd5bb9e0c74b24a0afd8836a9376e7bc9f986de5d897fab5b144bf9b
SHA512b0ddb1c8084470e1585b03bf7a44896acf561e95d8879639508f22f87a2eb011d0c6aae9574835ee09206bbf5590219afaa5e5b3ca419670d292098dc99fca46
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5c6c37332fdaafd6c7c0039c55f7ca956
SHA1fbd4aee0ce5c52dd4c959f00e465d4c4660d5415
SHA2567f59393cd8c21a57fd5a751b221f1cfa9ee3db7e7a9e2f5857f532c4f9888f5c
SHA512c3fe5c85c86d0920ebe7ca073dd2d398d3d02967efc3a1b1d91da6ab801da3bc2f7690e1055c9fe8636a2695d3ee4b677c41bb2bdac04930c5c1396326429559
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c2c35d75-4f92-4348-a06b-ca569e00a6f7.tmpFilesize
7KB
MD50c9a2c060dda5d61b00773b6a3a799f4
SHA1d7fc624a6346726553fd62694570574a0e0a39f3
SHA256fc68c38eb48dd96fd2d6c581ee6c8d324340c84214b8c3fcb5571a99fe9a7e3d
SHA512f57a68817a0bf9f76a9e8ec153c3aa50ad4cd0a6fc7640d13fc41c4450dbc517b1b00ba031f220abbd7673f8aa3fd1542d7527973c33331c685ddcaad38935e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD5775d7e5f162c1168db609e0fc501d9bd
SHA17e558feb944c716a96ffcbd6e2c8d667692b6b65
SHA256d56da06ba5b57c80c2c47d527e99697923c436d1047ede541925e1e162fcb2a7
SHA512a9c06ae582ec5e69894e5991fbbf29b052e868609a56a9fa5c6e3a78c69edee4d4e216c7b33588b009168c31c3503d25f675ca40b1c7693be74ef4574e94ba76
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
105KB
MD576caaea154a47776dfb22d341ca12fd9
SHA1060c64094a4833da204af843d71ef4ad396603ac
SHA256c54e9f55158ae2e136711eef0d9f2d865899b77420f643a444ecfd9b70753ecb
SHA512e3b4416b22361293a31e0eef8a6b5c439e3e69e5e5551547ec9ccfefb77c7ed7cdfd6b7f914c20f64e7a76c01d72b891c1e27225710432d17d50db314a1dc2a3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
103KB
MD5fdedad07f1e198ee4e98f45b471b4c0e
SHA16f13428ec7d74e1cd9ebce09ed9d64fdd08e335c
SHA25697a62e8e7945a573651a9386ec4aa202a58d43cbae9f50aaad7e8d03089154cf
SHA512f37bac8ba98090191bc0cc25b1c2271a5903de85a8ae839a914d61a9fc8b2833b753ac37a014dbf219b28c7132227d608070b81ebaf1cbcffbd1c8d2b0379131
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe6454a8.TMPFilesize
97KB
MD55fc369a4f2a12c472aec89eff3e09310
SHA1ec946408f7dc1440d8ba66a92016d513a8457ec5
SHA256bb927beb901790eadc72bd5908860b5e2f805ad9439a381508cfc2372a3f6bc9
SHA512e9371d1f4881f71f6d6fcd2b2aa758a1cf1a149013f0b2fcde2031c99cae4cf42cc4b57adf5430eefe72884e38d0c8314f847f894cab319416d8f9134d731962
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\MinecraftInstaller\deviceId.txtFilesize
36B
MD55b59d9ecbd9b613e2efd987fcc6cee2b
SHA1e92e7aa935346d99bb501b9e05fb9ce647bad0ec
SHA2563a882bf8ccee5cb9751f2b7581273ab5c11d7520aa448f8cf23e33b07a7d6aa5
SHA512f14273a65513bebe5484d9c96d4169835bdc37d43fb77139bdc6a8602a28105c5021f0af4708654a6fdfaad9ad107e7271534b9c8a3890dec3e112e1c6ec573e
-
C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\GamingRepair1.etlFilesize
512KB
MD55814dc4168c025ed4511341e048ccd6d
SHA14ffc74c1816ecdca6d933435112cea1ba815adc6
SHA256d23ef1169479de6798a65d452c0a0a4e81109ad416901742f89eccb9a7dd6426
SHA5124e354c0fcf1ddab5fa3f25374aa387275a4ce5027345b4cc4f07df91a8d1a9fa475982ea7cfa724dcb759e1e2557dc0ec2ad3835c1c9202d84feb6077a5fd57c
-
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exeFilesize
209KB
MD58c8880c0842997e7e6f4288dce2c7eb7
SHA1c2aa3ee4cf7a0fa96bcb6c31e8b178c94edb3e14
SHA25638597aca8d2b9e3e6bda6f45826f558ea3add74442e2335b0dd49951c5a93c42
SHA512f022c9588b0fe6712557767cd09d6bab777f99c0eba92f70649a42f0e036e2e3ffe4a1679b6527ea47d09e774a3c9fb2f9c4d7656fa0790cc4988745b94ba276
-
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exeFilesize
209KB
MD58c8880c0842997e7e6f4288dce2c7eb7
SHA1c2aa3ee4cf7a0fa96bcb6c31e8b178c94edb3e14
SHA25638597aca8d2b9e3e6bda6f45826f558ea3add74442e2335b0dd49951c5a93c42
SHA512f022c9588b0fe6712557767cd09d6bab777f99c0eba92f70649a42f0e036e2e3ffe4a1679b6527ea47d09e774a3c9fb2f9c4d7656fa0790cc4988745b94ba276
-
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exeFilesize
209KB
MD58c8880c0842997e7e6f4288dce2c7eb7
SHA1c2aa3ee4cf7a0fa96bcb6c31e8b178c94edb3e14
SHA25638597aca8d2b9e3e6bda6f45826f558ea3add74442e2335b0dd49951c5a93c42
SHA512f022c9588b0fe6712557767cd09d6bab777f99c0eba92f70649a42f0e036e2e3ffe4a1679b6527ea47d09e774a3c9fb2f9c4d7656fa0790cc4988745b94ba276
-
C:\Users\Admin\AppData\Local\Temp\radFA56D.exeFilesize
254KB
MD5e3b7d39be5e821b59636d0fe7c2944cc
SHA100479a97e415e9b6a5dfb5d04f5d9244bc8fbe88
SHA256389a7d395492c2da6f8abf5a8a7c49c3482f7844f77fe681808c71e961bcae97
SHA5128f977c60658063051968049245512b6aea68dd89005d0eefde26e4b2757210e9e95aabcef9aee173f57614b52cfbac924d36516b7bc7d3a5cc67daae4dee3ad5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.datFilesize
247B
MD5d2d393b7b5d35d025ed98a03fa939638
SHA1483c2ebfdd96bc4d86c49f9b0c1c08b7416a056e
SHA2568df4ef0fae9e88abf12ba2689a6d053fa685073c0233412cc9c6061700922f6e
SHA512f85e0759accc31ac0a004ff42f97ce44992f59d608eedb618d052bdab1d4d4200de2948d483324a8150d70b8acb5eb73830027ef23541a82461b48949ed850ac
-
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmpFilesize
31KB
MD5e5e6669bf91b1d7b031c8c8a5f45d519
SHA1b2e984677d101595027cad7443eaa36521f48bc0
SHA2567222827e103698980c935fda7e307d876456da5addba52ff89fb09baa4dfe825
SHA51249063550ab1ab7604d24d6f44a274e1e7d414b9759b5f9db5a08cf986ee3439954ffdc92886e8211f0a7cdcce839905558d9799ed0fc616bc8a7a4af979390e1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
3KB
MD515b288ba67d1f5c47c779d3371634683
SHA1086835693d11649b8d34f432f35196e4478c758e
SHA256a2c3945b270d0bff361144533738c39073074f5634a8fcb9539a859ac7ac18b8
SHA51244bae4639d9f8460e7032a3a1eaf3fdf5448e226f143d1a3e6e1c311325998c5059036571d60771c542d9da6890bf91d74e03c8039908da3a1f62a786ab592b2
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
4KB
MD557ccec9a12ec32d69954d6b9afd36f62
SHA1e935d182acfe3b43da020d03918f61bd8d6b9bbb
SHA256edca7d3a2010c94874ccb49eddc6c34b990a8226bba7ef50d27e710d57411c62
SHA512bddd90e0143f5052cb55e600d22406b43bac8e0f3a428e7708238bed80c0a7be977ac887f1ec7af2d311c1b6e58238dd9af7225cf7c2eb121e37a719ac5b0d5e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteFilesize
48KB
MD534f713fbd922a3b13de762321f5ea5ba
SHA117aa7513ae09b55b028d080b798bfd2ba57b9dc7
SHA25692ffe80c2488dda9b8bbef16989a1574785d7b88e170b5f41426945c00fceeff
SHA5127482f2f212e6fb09af4489f3e38f8e18ed0462702b0f949a677cc063411b2b404dc33b011dde536074ebb7bd4df5fefd5d7879b56ae0f583eed0dbc3b4353450
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zipFilesize
176.8MB
MD5b464ca802b1b170b3c0acfc156fe5721
SHA1b9f64bb8d3a1ba8a9f5f9a0d22db43ae409add8d
SHA2560c35f5b724faaa4d0f4f17f62272610047408b381df876067c98fca735a3682d
SHA512ab861d76463197e0dddbfe72e409a73fbce0472f35262f022ed5e001247b3c4760cb3ba8a34b5e4b019cb1ab63b0d4adb3b5e3aa8406ae25e12a484fada80db3
-
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXTFilesize
778B
MD5a3ce67d9cd2f910f39b812a328cfa777
SHA1f372fa2f4aea12c90f35032d40092c4a5233a42a
SHA256fdb2c5c5aec2e26551aeff4a7a47a0571e85a3f262dadc60b0ecc1c6e3733eb9
SHA5129a1da6096b9f4e6afd1b81abcec1f8ebeba15aa0cca4da553fed713ecc8de398dca579dc7f4e66820e928c44c97ce3c210e49dc08bd9cb82349e592ebf214c2b
-
C:\Windows\INF\oem3.infFilesize
1KB
MD54c4cee49cca1c769dbf557a605de27b3
SHA13e57a87cf82a44eb72f6409e9db0ea5fa58736f0
SHA256fd1a86e7908fcc9f3157ff90cf7a1b56fe6d79e7943dbdbd8a3d2411a2e4389b
SHA512e467ff1200a8d0eb94a8aae802c7cb535cb108faedf71cd33e07dc0c97923b3011e18d18a2b4cf46df784ee41fc4cca45b9a1e98fff001ae82e9e3797404f4c1
-
C:\Windows\Installer\e59d131.msiFilesize
828KB
MD529b6790dfdba0a2513c331363ba8289f
SHA1150c5fdadc4d8c02989e20f627c90628cbdbf23c
SHA2567a8270f0cd3e03a7ee2fe37b26b769cbdf3c66e2e923e9dfb8715b817629744d
SHA51254ae7bcd53f9fdcb34ceee99245540b459f215b303f53ad7356d4f91de601634eb1d7f23a928c414f10227cbb66e1dd4f42e35333e85e23ce267452030eab8d4
-
C:\Windows\SysWOW64\drivers\spoclsv.exeFilesize
73KB
MD537e887b7a048ddb9013c8d2a26d5b740
SHA1713b4678c05a76dbd22e6f8d738c9ef655e70226
SHA25624c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b
SHA51299f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af
-
C:\Windows\System32\CatRoot2\dberr.txtFilesize
146KB
MD571b32075225daf28644da10d9f343c07
SHA107b2a13585e049fa6d66afed456a80f0ede2aaad
SHA25633d796445957da952eec0193d775e014d95d13b9ec297a4876dfc9e165a0ba8d
SHA51291f0945a4306968800b35f5e05abce3db9d0606f25ad5f39060228c3f56e168e4d31e89729b3aa55a1fe4b8c92fd7d92d33e3f180d69134cc9ff355851fa9a18
-
C:\Windows\System32\CatRoot2\dberr.txtFilesize
146KB
MD5672c6982583d8c8423edc25849e0c52e
SHA158e7ddf3a8b5438ffead8182a6fa191bc73adb74
SHA2569fc6cb7039ea9a0817ef8db62b921ef6023dcadef67e19e1bfbdd9143b03aaaa
SHA512f78a6c09374cd0532bcd75fdf53c31c8ad0bf7638d82c55fde80ba479015dcd58cfb3e567c383d4b2c5773d6f65e614698309cd3d319f4768676004210fcbb65
-
C:\Windows\System32\CatRoot2\dberr.txtFilesize
146KB
MD5672c6982583d8c8423edc25849e0c52e
SHA158e7ddf3a8b5438ffead8182a6fa191bc73adb74
SHA2569fc6cb7039ea9a0817ef8db62b921ef6023dcadef67e19e1bfbdd9143b03aaaa
SHA512f78a6c09374cd0532bcd75fdf53c31c8ad0bf7638d82c55fde80ba479015dcd58cfb3e567c383d4b2c5773d6f65e614698309cd3d319f4768676004210fcbb65
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.catFilesize
11KB
MD55cc15dd48fcd80244ada09bdf598930a
SHA170095c02cbc7d2448c0676453b0915517afc198e
SHA256fa413bc01e3685901fc8cf9c0834fc52fc75ba20fa2493649c385806b8cfc479
SHA5129e7a755086687363130ec97a21c9696b8cf81fc205c743c6f12a38e99e990bfcd911a41c18ca7bbd22e04009eb4a82dca2c755ec3b151cac363112b2091dca60
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.catFilesize
11KB
MD55cc15dd48fcd80244ada09bdf598930a
SHA170095c02cbc7d2448c0676453b0915517afc198e
SHA256fa413bc01e3685901fc8cf9c0834fc52fc75ba20fa2493649c385806b8cfc479
SHA5129e7a755086687363130ec97a21c9696b8cf81fc205c743c6f12a38e99e990bfcd911a41c18ca7bbd22e04009eb4a82dca2c755ec3b151cac363112b2091dca60
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.catFilesize
11KB
MD55cc15dd48fcd80244ada09bdf598930a
SHA170095c02cbc7d2448c0676453b0915517afc198e
SHA256fa413bc01e3685901fc8cf9c0834fc52fc75ba20fa2493649c385806b8cfc479
SHA5129e7a755086687363130ec97a21c9696b8cf81fc205c743c6f12a38e99e990bfcd911a41c18ca7bbd22e04009eb4a82dca2c755ec3b151cac363112b2091dca60
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.sysFilesize
147KB
MD54f3cdfb7602baec0e79795c429a2175d
SHA171077b1266f982b76c8e161ca8a411ef7afe6a52
SHA256511a1efd4c6423bdd21e708a4b89fa255e7ec3424ca6e2b702a7670586ba4482
SHA512fdd52318a20ec94edfc000f6dc9c714ecccdc1054a39a9dacdfe092fba692b90ae4f96881ddf3492af0bbedf6b40ce746fbea86da054a6c4ffc5c748065e3191
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.sysFilesize
147KB
MD54f3cdfb7602baec0e79795c429a2175d
SHA171077b1266f982b76c8e161ca8a411ef7afe6a52
SHA256511a1efd4c6423bdd21e708a4b89fa255e7ec3424ca6e2b702a7670586ba4482
SHA512fdd52318a20ec94edfc000f6dc9c714ecccdc1054a39a9dacdfe092fba692b90ae4f96881ddf3492af0bbedf6b40ce746fbea86da054a6c4ffc5c748065e3191
-
C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_efd4ff0f2481f72b\gameflt.sysFilesize
147KB
MD54f3cdfb7602baec0e79795c429a2175d
SHA171077b1266f982b76c8e161ca8a411ef7afe6a52
SHA256511a1efd4c6423bdd21e708a4b89fa255e7ec3424ca6e2b702a7670586ba4482
SHA512fdd52318a20ec94edfc000f6dc9c714ecccdc1054a39a9dacdfe092fba692b90ae4f96881ddf3492af0bbedf6b40ce746fbea86da054a6c4ffc5c748065e3191
-
C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_6931cffa1f5f9fc9\xvdd.catFilesize
11KB
MD561c88dca8c4c5dcd81d1030f07c86fc0
SHA18dc6f880dc42b95bf5662e3fe92a45461e7e4849
SHA2561d0c17c2d0e8f8c6b5c5dee185222e7cdfb22b07a9f45f2f1e8a915daa784c93
SHA512c54e2f5096cb5109b73f1da2edd0fb54cba7fb73015b6e67d9047a70e202b9891088b308d02572129c5a9f184ec4c3c9422eacdf655da9452920b01e141c4982
-
C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_6931cffa1f5f9fc9\xvdd.infFilesize
1KB
MD54c4cee49cca1c769dbf557a605de27b3
SHA13e57a87cf82a44eb72f6409e9db0ea5fa58736f0
SHA256fd1a86e7908fcc9f3157ff90cf7a1b56fe6d79e7943dbdbd8a3d2411a2e4389b
SHA512e467ff1200a8d0eb94a8aae802c7cb535cb108faedf71cd33e07dc0c97923b3011e18d18a2b4cf46df784ee41fc4cca45b9a1e98fff001ae82e9e3797404f4c1
-
C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_6931cffa1f5f9fc9\xvdd.sysFilesize
667KB
MD5d79bf46de8c6e78ae449be1d308daf9e
SHA1bb55d21842106732db618a7d5bbe274c9370a06a
SHA256c07639e81061086ad062cdfbdb3a5edf125a61c46edd45767c4dd71694afe430
SHA5120f6f6a4e26589136fd14f35f3ce0419d6de3ff63c52d64cff7f695cf82d198de02e3da120e20c45b9d441c4d2df59a14932b5d77a3015601b26c46ba1409fb53
-
C:\Windows\System32\DriverStore\Temp\{7be6a4be-2e6d-024f-b67c-0f638e3282ed}\SETE620.tmpFilesize
11KB
MD55cc15dd48fcd80244ada09bdf598930a
SHA170095c02cbc7d2448c0676453b0915517afc198e
SHA256fa413bc01e3685901fc8cf9c0834fc52fc75ba20fa2493649c385806b8cfc479
SHA5129e7a755086687363130ec97a21c9696b8cf81fc205c743c6f12a38e99e990bfcd911a41c18ca7bbd22e04009eb4a82dca2c755ec3b151cac363112b2091dca60
-
C:\Windows\System32\DriverStore\Temp\{7be6a4be-2e6d-024f-b67c-0f638e3282ed}\SETE631.tmpFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\System32\DriverStore\Temp\{7be6a4be-2e6d-024f-b67c-0f638e3282ed}\SETE632.tmpFilesize
147KB
MD54f3cdfb7602baec0e79795c429a2175d
SHA171077b1266f982b76c8e161ca8a411ef7afe6a52
SHA256511a1efd4c6423bdd21e708a4b89fa255e7ec3424ca6e2b702a7670586ba4482
SHA512fdd52318a20ec94edfc000f6dc9c714ecccdc1054a39a9dacdfe092fba692b90ae4f96881ddf3492af0bbedf6b40ce746fbea86da054a6c4ffc5c748065e3191
-
C:\Windows\System32\DriverStore\Temp\{800dd87a-b569-7942-99c6-a4e68753460a}\SETE0D1.tmpFilesize
11KB
MD561c88dca8c4c5dcd81d1030f07c86fc0
SHA18dc6f880dc42b95bf5662e3fe92a45461e7e4849
SHA2561d0c17c2d0e8f8c6b5c5dee185222e7cdfb22b07a9f45f2f1e8a915daa784c93
SHA512c54e2f5096cb5109b73f1da2edd0fb54cba7fb73015b6e67d9047a70e202b9891088b308d02572129c5a9f184ec4c3c9422eacdf655da9452920b01e141c4982
-
C:\Windows\System32\DriverStore\Temp\{800dd87a-b569-7942-99c6-a4e68753460a}\SETE0D2.tmpFilesize
1KB
MD54c4cee49cca1c769dbf557a605de27b3
SHA13e57a87cf82a44eb72f6409e9db0ea5fa58736f0
SHA256fd1a86e7908fcc9f3157ff90cf7a1b56fe6d79e7943dbdbd8a3d2411a2e4389b
SHA512e467ff1200a8d0eb94a8aae802c7cb535cb108faedf71cd33e07dc0c97923b3011e18d18a2b4cf46df784ee41fc4cca45b9a1e98fff001ae82e9e3797404f4c1
-
C:\Windows\System32\DriverStore\Temp\{800dd87a-b569-7942-99c6-a4e68753460a}\SETE0E2.tmpFilesize
667KB
MD5d79bf46de8c6e78ae449be1d308daf9e
SHA1bb55d21842106732db618a7d5bbe274c9370a06a
SHA256c07639e81061086ad062cdfbdb3a5edf125a61c46edd45767c4dd71694afe430
SHA5120f6f6a4e26589136fd14f35f3ce0419d6de3ff63c52d64cff7f695cf82d198de02e3da120e20c45b9d441c4d2df59a14932b5d77a3015601b26c46ba1409fb53
-
C:\Windows\System32\GameInputRedist.dllFilesize
361KB
MD5ac7817f3bb39f7a1ecd79b22e55c7814
SHA16044b28135a7969959e601403aabd353bcfdb960
SHA25668cd6170402ffc688e90e7e2ba81afe4c37fa8ca344763d3bfe7831ceb15cea7
SHA512f464161c245c876400d286697eec7c268902249d202490be59f15aeaab1b1a9ba7cb7158695e0653b6505e8583365b0c61615570a979dae04d1f374ab12490f0
-
C:\Windows\System32\GameInputRedist.dllFilesize
361KB
MD5ac7817f3bb39f7a1ecd79b22e55c7814
SHA16044b28135a7969959e601403aabd353bcfdb960
SHA25668cd6170402ffc688e90e7e2ba81afe4c37fa8ca344763d3bfe7831ceb15cea7
SHA512f464161c245c876400d286697eec7c268902249d202490be59f15aeaab1b1a9ba7cb7158695e0653b6505e8583365b0c61615570a979dae04d1f374ab12490f0
-
C:\Windows\System32\catroot2\dberr.txtFilesize
146KB
MD58666592871a1d8e7cdc33d46dd1cff26
SHA1ef4910e1859595a5d48d66737b10cc453c4c5495
SHA2560b44c53f43268160750f8f5957516940849ac3ec1b57aae84829261d2ebfc24f
SHA512f24c8456a6509a3a7396947b5fcfc1d0e14cca4fced1bb65c13633cfb9bc48251f853420556dc6c0608f693a902f7bd4fa7406d35aba8d55461e8468811bd0ce
-
C:\Windows\System32\gameplatformservices.dllFilesize
465KB
MD59a04e152a772fbb8a979b8a3f0ca5a36
SHA150f7870ad0ba4a4ea86924b5358684e8a713bca8
SHA25651f8cefd2c5d3e88fae29c670151f3adf5a9628f8ba764297aecd0c12c3ad09d
SHA512fa96c0e1aca9e9d5d27381005ef9b276ac4e59d4b2d3aec4ea5a43dea0b3188c987ac965906cd4c965ef943814586fcbdc82f443755e561c2fdf81342d102736
-
C:\Windows\TEMP\gameinputredist.logFilesize
1KB
MD508bb42baa213a5cdc9ca43f9a8f0ea09
SHA1697422d7cc6c394b3f1bce80696c16096f0855f6
SHA2563cda6371ec68f88690d6ce6d9f26286983e9de1d13c967e47aa627e528faa743
SHA5129dc616182c6d91a3fd42b7fc9f0f614fa1d70b9a36e043ce9c2d474d71ee6b730c85c567b8f81fb5861a3bf5117b911cc0b34db71c14ed3aabb4ed2bd8fe1bcc
-
C:\Windows\TEMP\{2982343a-a444-a842-977a-661f5a05f066}\xvdd.infFilesize
1KB
MD54c4cee49cca1c769dbf557a605de27b3
SHA13e57a87cf82a44eb72f6409e9db0ea5fa58736f0
SHA256fd1a86e7908fcc9f3157ff90cf7a1b56fe6d79e7943dbdbd8a3d2411a2e4389b
SHA512e467ff1200a8d0eb94a8aae802c7cb535cb108faedf71cd33e07dc0c97923b3011e18d18a2b4cf46df784ee41fc4cca45b9a1e98fff001ae82e9e3797404f4c1
-
C:\Windows\TEMP\{29823~1\xvdd.catFilesize
11KB
MD561c88dca8c4c5dcd81d1030f07c86fc0
SHA18dc6f880dc42b95bf5662e3fe92a45461e7e4849
SHA2561d0c17c2d0e8f8c6b5c5dee185222e7cdfb22b07a9f45f2f1e8a915daa784c93
SHA512c54e2f5096cb5109b73f1da2edd0fb54cba7fb73015b6e67d9047a70e202b9891088b308d02572129c5a9f184ec4c3c9422eacdf655da9452920b01e141c4982
-
C:\Windows\TEMP\{29823~1\xvdd.sysFilesize
667KB
MD5d79bf46de8c6e78ae449be1d308daf9e
SHA1bb55d21842106732db618a7d5bbe274c9370a06a
SHA256c07639e81061086ad062cdfbdb3a5edf125a61c46edd45767c4dd71694afe430
SHA5120f6f6a4e26589136fd14f35f3ce0419d6de3ff63c52d64cff7f695cf82d198de02e3da120e20c45b9d441c4d2df59a14932b5d77a3015601b26c46ba1409fb53
-
C:\Windows\TEMP\{36174478-1504-0947-9fb4-091bff8c1bac}\gameflt.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\TEMP\{36174~1\gameflt.catFilesize
11KB
MD55cc15dd48fcd80244ada09bdf598930a
SHA170095c02cbc7d2448c0676453b0915517afc198e
SHA256fa413bc01e3685901fc8cf9c0834fc52fc75ba20fa2493649c385806b8cfc479
SHA5129e7a755086687363130ec97a21c9696b8cf81fc205c743c6f12a38e99e990bfcd911a41c18ca7bbd22e04009eb4a82dca2c755ec3b151cac363112b2091dca60
-
C:\Windows\TEMP\{36174~1\gameflt.sysFilesize
147KB
MD54f3cdfb7602baec0e79795c429a2175d
SHA171077b1266f982b76c8e161ca8a411ef7afe6a52
SHA256511a1efd4c6423bdd21e708a4b89fa255e7ec3424ca6e2b702a7670586ba4482
SHA512fdd52318a20ec94edfc000f6dc9c714ecccdc1054a39a9dacdfe092fba692b90ae4f96881ddf3492af0bbedf6b40ce746fbea86da054a6c4ffc5c748065e3191
-
C:\Windows\TEMP\{4DA84~1\gameflt.catFilesize
11KB
MD55cc15dd48fcd80244ada09bdf598930a
SHA170095c02cbc7d2448c0676453b0915517afc198e
SHA256fa413bc01e3685901fc8cf9c0834fc52fc75ba20fa2493649c385806b8cfc479
SHA5129e7a755086687363130ec97a21c9696b8cf81fc205c743c6f12a38e99e990bfcd911a41c18ca7bbd22e04009eb4a82dca2c755ec3b151cac363112b2091dca60
-
C:\Windows\TEMP\{4DA84~1\gameflt.sysFilesize
147KB
MD54f3cdfb7602baec0e79795c429a2175d
SHA171077b1266f982b76c8e161ca8a411ef7afe6a52
SHA256511a1efd4c6423bdd21e708a4b89fa255e7ec3424ca6e2b702a7670586ba4482
SHA512fdd52318a20ec94edfc000f6dc9c714ecccdc1054a39a9dacdfe092fba692b90ae4f96881ddf3492af0bbedf6b40ce746fbea86da054a6c4ffc5c748065e3191
-
C:\Windows\TEMP\{4da8472a-7d7b-be4c-a35f-e4144c814b13}\gameflt.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\TEMP\{81B23~1\gameflt.catFilesize
11KB
MD55cc15dd48fcd80244ada09bdf598930a
SHA170095c02cbc7d2448c0676453b0915517afc198e
SHA256fa413bc01e3685901fc8cf9c0834fc52fc75ba20fa2493649c385806b8cfc479
SHA5129e7a755086687363130ec97a21c9696b8cf81fc205c743c6f12a38e99e990bfcd911a41c18ca7bbd22e04009eb4a82dca2c755ec3b151cac363112b2091dca60
-
C:\Windows\TEMP\{81B23~1\gameflt.sysFilesize
147KB
MD54f3cdfb7602baec0e79795c429a2175d
SHA171077b1266f982b76c8e161ca8a411ef7afe6a52
SHA256511a1efd4c6423bdd21e708a4b89fa255e7ec3424ca6e2b702a7670586ba4482
SHA512fdd52318a20ec94edfc000f6dc9c714ecccdc1054a39a9dacdfe092fba692b90ae4f96881ddf3492af0bbedf6b40ce746fbea86da054a6c4ffc5c748065e3191
-
C:\Windows\TEMP\{81b2307d-a915-7347-a1b2-7a9709a6cd5f}\gameflt.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\inf\oem4.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\inf\oem4.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\inf\oem4.infFilesize
2KB
MD5ce6fe0b58bfd85afedd3493a7f865e96
SHA109c88d13da4f3816c9fc4974961c812de3684df0
SHA256f438d5936484b20f68eb14feed510eb5b0a46d59ca18394854a0397f3e055f3f
SHA512a42893197967885a609e84b4ee7259af4fa669749cdb1675c4e51808791b5dc886e2f29e3445676fc9b0a366b4449ed6a11a672f16a3614f6cb451d756f55603
-
C:\Windows\system32\gameconfighelper.dllFilesize
197KB
MD55d34640fb8591ad9fe1b7c00538e0c63
SHA15e542b875918a1044240f7ccaa47d14a0717b32e
SHA256c5271232c2bd33d3a872b58e239c4e3dbaa149a16f61f5591df80a3f1113f78f
SHA5127cbbd505aeafb7c2c1540ead83a3b91ef87dabfb472bfe1851fa296ccffa132d1e85a4fd11d107d98845ddc3f4ea9c8f92c0c139deb4259ff4bda7577a71dc5c
-
C:\Windows\system32\gameconfighelper.dllFilesize
197KB
MD55d34640fb8591ad9fe1b7c00538e0c63
SHA15e542b875918a1044240f7ccaa47d14a0717b32e
SHA256c5271232c2bd33d3a872b58e239c4e3dbaa149a16f61f5591df80a3f1113f78f
SHA5127cbbd505aeafb7c2c1540ead83a3b91ef87dabfb472bfe1851fa296ccffa132d1e85a4fd11d107d98845ddc3f4ea9c8f92c0c139deb4259ff4bda7577a71dc5c
-
C:\Windows\system32\gameconfighelper.dllFilesize
197KB
MD55d34640fb8591ad9fe1b7c00538e0c63
SHA15e542b875918a1044240f7ccaa47d14a0717b32e
SHA256c5271232c2bd33d3a872b58e239c4e3dbaa149a16f61f5591df80a3f1113f78f
SHA5127cbbd505aeafb7c2c1540ead83a3b91ef87dabfb472bfe1851fa296ccffa132d1e85a4fd11d107d98845ddc3f4ea9c8f92c0c139deb4259ff4bda7577a71dc5c
-
C:\Windows\system32\gamelaunchhelper.dllFilesize
161KB
MD5ecdb2ca493b01f8606505a34e9069257
SHA1a8621ba7aac0ec12382590d7b68873931b447e94
SHA256ca27a7ca245ffb98d076593eeb5f1cc862c7c117903c554b52fae2b3b5f0cee5
SHA5122d8095ce5410fb99881a9817acdab4fb222debd01c37c4e19482bb39ca8beaca6f9f95faeb0ab91ad3a4d4aa6161d4cf1abeef3bd5f75c60ffc3a309504c6819
-
C:\Windows\system32\gamelaunchhelper.dllFilesize
161KB
MD5ecdb2ca493b01f8606505a34e9069257
SHA1a8621ba7aac0ec12382590d7b68873931b447e94
SHA256ca27a7ca245ffb98d076593eeb5f1cc862c7c117903c554b52fae2b3b5f0cee5
SHA5122d8095ce5410fb99881a9817acdab4fb222debd01c37c4e19482bb39ca8beaca6f9f95faeb0ab91ad3a4d4aa6161d4cf1abeef3bd5f75c60ffc3a309504c6819
-
C:\Windows\system32\gameplatformservices.dllFilesize
465KB
MD59a04e152a772fbb8a979b8a3f0ca5a36
SHA150f7870ad0ba4a4ea86924b5358684e8a713bca8
SHA25651f8cefd2c5d3e88fae29c670151f3adf5a9628f8ba764297aecd0c12c3ad09d
SHA512fa96c0e1aca9e9d5d27381005ef9b276ac4e59d4b2d3aec4ea5a43dea0b3188c987ac965906cd4c965ef943814586fcbdc82f443755e561c2fdf81342d102736
-
C:\Windows\system32\gameplatformservices.dllFilesize
465KB
MD59a04e152a772fbb8a979b8a3f0ca5a36
SHA150f7870ad0ba4a4ea86924b5358684e8a713bca8
SHA25651f8cefd2c5d3e88fae29c670151f3adf5a9628f8ba764297aecd0c12c3ad09d
SHA512fa96c0e1aca9e9d5d27381005ef9b276ac4e59d4b2d3aec4ea5a43dea0b3188c987ac965906cd4c965ef943814586fcbdc82f443755e561c2fdf81342d102736
-
C:\Windows\system32\gameplatformservices.dllFilesize
465KB
MD59a04e152a772fbb8a979b8a3f0ca5a36
SHA150f7870ad0ba4a4ea86924b5358684e8a713bca8
SHA25651f8cefd2c5d3e88fae29c670151f3adf5a9628f8ba764297aecd0c12c3ad09d
SHA512fa96c0e1aca9e9d5d27381005ef9b276ac4e59d4b2d3aec4ea5a43dea0b3188c987ac965906cd4c965ef943814586fcbdc82f443755e561c2fdf81342d102736
-
C:\Windows\system32\gamingservicesproxy.dllFilesize
237KB
MD512784562fa40df03a586909c2d204265
SHA11b384bda391baaf242fe0b6fbb6abdb3748bfed8
SHA2560d5e83aac13fcf6b37d4e9d3ca84aff7df1065d004d721e01f1c577fa8606964
SHA512b90ab0132b3adb6d24a495c9625212c494e9ab8ca5bec7b1044b74fb3d48252c1646737eea2140f99b36dae8b33f0b61bd8d518aa078688575d78966e4840c53
-
C:\Windows\system32\gamingservicesproxy.dllFilesize
237KB
MD512784562fa40df03a586909c2d204265
SHA11b384bda391baaf242fe0b6fbb6abdb3748bfed8
SHA2560d5e83aac13fcf6b37d4e9d3ca84aff7df1065d004d721e01f1c577fa8606964
SHA512b90ab0132b3adb6d24a495c9625212c494e9ab8ca5bec7b1044b74fb3d48252c1646737eea2140f99b36dae8b33f0b61bd8d518aa078688575d78966e4840c53
-
C:\Windows\system32\gamingservicesproxy.dllFilesize
237KB
MD512784562fa40df03a586909c2d204265
SHA11b384bda391baaf242fe0b6fbb6abdb3748bfed8
SHA2560d5e83aac13fcf6b37d4e9d3ca84aff7df1065d004d721e01f1c577fa8606964
SHA512b90ab0132b3adb6d24a495c9625212c494e9ab8ca5bec7b1044b74fb3d48252c1646737eea2140f99b36dae8b33f0b61bd8d518aa078688575d78966e4840c53
-
C:\Windows\system32\gamingtcuihelpers.dllFilesize
128KB
MD59cff543bf826f95a6944453f73f48ba6
SHA1d295dc6af0b0fb580c0f91d94ba0798cd9bd9432
SHA256c321b3119b8b6691f91e124f58711741ece17a0c74929ed81ad49b850c76551c
SHA5126e049f7632ec1e12a35b0918662d198a480ac92db05674607d45b1ff4a836eadd2565f06303aa3712f79b0420b6b1d8e8395ff84a221eb5d01701edd4accb56e
-
C:\Windows\system32\gamingtcuihelpers.dllFilesize
128KB
MD59cff543bf826f95a6944453f73f48ba6
SHA1d295dc6af0b0fb580c0f91d94ba0798cd9bd9432
SHA256c321b3119b8b6691f91e124f58711741ece17a0c74929ed81ad49b850c76551c
SHA5126e049f7632ec1e12a35b0918662d198a480ac92db05674607d45b1ff4a836eadd2565f06303aa3712f79b0420b6b1d8e8395ff84a221eb5d01701edd4accb56e
-
C:\Windows\system32\xgamecontrol.exeFilesize
61KB
MD57ec9ef5d32eaa7d6ffff79ef1dce9fdf
SHA1875f1bf211d700ce67d56b5935a33f7631f677c3
SHA256542343c16a2903fce29cc7f3f72547aa88d6cc05d559d3c787b1d679aefbd705
SHA5124e5a9b19ce800136bfd0184a64d2f5b3e85acbe86e5cbca24359950aff6bd6bd7472449e734770f66d1c73b1d3cd682a3c1696ee285a22c1bac108c34a910117
-
C:\Windows\system32\xgamecontrol.exeFilesize
61KB
MD57ec9ef5d32eaa7d6ffff79ef1dce9fdf
SHA1875f1bf211d700ce67d56b5935a33f7631f677c3
SHA256542343c16a2903fce29cc7f3f72547aa88d6cc05d559d3c787b1d679aefbd705
SHA5124e5a9b19ce800136bfd0184a64d2f5b3e85acbe86e5cbca24359950aff6bd6bd7472449e734770f66d1c73b1d3cd682a3c1696ee285a22c1bac108c34a910117
-
C:\Windows\system32\xgamecontrol.exeFilesize
61KB
MD57ec9ef5d32eaa7d6ffff79ef1dce9fdf
SHA1875f1bf211d700ce67d56b5935a33f7631f677c3
SHA256542343c16a2903fce29cc7f3f72547aa88d6cc05d559d3c787b1d679aefbd705
SHA5124e5a9b19ce800136bfd0184a64d2f5b3e85acbe86e5cbca24359950aff6bd6bd7472449e734770f66d1c73b1d3cd682a3c1696ee285a22c1bac108c34a910117
-
C:\Windows\system32\xgamehelper.exeFilesize
77KB
MD50215c6d6614749498f2a4c06f3ac4dd7
SHA116775e45b57d2d8300e8a1292e1049f9b2a92202
SHA2568bfc1c98f0eb6073ac8465509bb31560f5978d28a24f6f94cb0fd0897f23ebdf
SHA512d8a2bcfc4410403261f977e1a82a20f5bedf927db7ae19b4766a4a8d8da99062310f1bd9967e1b64e4bc8032f679e7fe851d7657519811bc7d183422a6c84689
-
C:\Windows\system32\xgamehelper.exeFilesize
77KB
MD50215c6d6614749498f2a4c06f3ac4dd7
SHA116775e45b57d2d8300e8a1292e1049f9b2a92202
SHA2568bfc1c98f0eb6073ac8465509bb31560f5978d28a24f6f94cb0fd0897f23ebdf
SHA512d8a2bcfc4410403261f977e1a82a20f5bedf927db7ae19b4766a4a8d8da99062310f1bd9967e1b64e4bc8032f679e7fe851d7657519811bc7d183422a6c84689
-
C:\Windows\system32\xgameruntime.dllFilesize
2.7MB
MD57a6c419ff0869b86fa64c1578020b3d9
SHA1d75a4882ce4236e6782a88bcbe219ddbd14269bb
SHA2569ed9cc9f5692d32750ced2c8503608b83dece56306012c41d4b505cbcc72e19c
SHA5128e80b18296f14b61e3be7d61ad86d0349f1366cae6a412d0e9c704a654ace4ae707743cdb19eac525b4d7a691a27e2eeea7f7f2b96c92256c29d85b7fe756458
-
C:\Windows\system32\xgameruntime.dllFilesize
2.7MB
MD57a6c419ff0869b86fa64c1578020b3d9
SHA1d75a4882ce4236e6782a88bcbe219ddbd14269bb
SHA2569ed9cc9f5692d32750ced2c8503608b83dece56306012c41d4b505cbcc72e19c
SHA5128e80b18296f14b61e3be7d61ad86d0349f1366cae6a412d0e9c704a654ace4ae707743cdb19eac525b4d7a691a27e2eeea7f7f2b96c92256c29d85b7fe756458
-
C:\Windows\system32\xgameruntime.dllFilesize
2.7MB
MD57a6c419ff0869b86fa64c1578020b3d9
SHA1d75a4882ce4236e6782a88bcbe219ddbd14269bb
SHA2569ed9cc9f5692d32750ced2c8503608b83dece56306012c41d4b505cbcc72e19c
SHA5128e80b18296f14b61e3be7d61ad86d0349f1366cae6a412d0e9c704a654ace4ae707743cdb19eac525b4d7a691a27e2eeea7f7f2b96c92256c29d85b7fe756458
-
\??\c:\windows\system32\gameinputredist.dllFilesize
361KB
MD5ac7817f3bb39f7a1ecd79b22e55c7814
SHA16044b28135a7969959e601403aabd353bcfdb960
SHA25668cd6170402ffc688e90e7e2ba81afe4c37fa8ca344763d3bfe7831ceb15cea7
SHA512f464161c245c876400d286697eec7c268902249d202490be59f15aeaab1b1a9ba7cb7158695e0653b6505e8583365b0c61615570a979dae04d1f374ab12490f0
-
memory/432-1187-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/432-1188-0x0000000000030000-0x0000000000032000-memory.dmpFilesize
8KB
-
memory/432-1189-0x00000000021A0000-0x00000000021D6000-memory.dmpFilesize
216KB
-
memory/432-1201-0x00000000021A0000-0x00000000021D6000-memory.dmpFilesize
216KB
-
memory/536-1180-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/688-1381-0x00000000005D0000-0x00000000005EA000-memory.dmpFilesize
104KB
-
memory/756-2613-0x0000000000400000-0x0000000000438000-memory.dmpFilesize
224KB
-
memory/756-2618-0x0000000000540000-0x0000000000546000-memory.dmpFilesize
24KB
-
memory/920-1176-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/1104-1168-0x0000000010000000-0x0000000010030000-memory.dmpFilesize
192KB
-
memory/1104-1173-0x0000000010000000-0x0000000010030000-memory.dmpFilesize
192KB
-
memory/1332-1185-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/1616-1353-0x00000000005A0000-0x00000000005B6000-memory.dmpFilesize
88KB
-
memory/1616-1354-0x00000000005E0000-0x00000000005FA000-memory.dmpFilesize
104KB
-
memory/1640-1190-0x0000000000020000-0x0000000000022000-memory.dmpFilesize
8KB
-
memory/1640-1191-0x0000000002170000-0x00000000021A6000-memory.dmpFilesize
216KB
-
memory/1640-1199-0x0000000002170000-0x00000000021A6000-memory.dmpFilesize
216KB
-
memory/1656-1181-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/1784-2628-0x0000000000500000-0x000000000051A000-memory.dmpFilesize
104KB
-
memory/2216-1184-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/2468-329-0x000001E51E4D0000-0x000001E51EF91000-memory.dmpFilesize
10.8MB
-
memory/2536-2187-0x00000000005D0000-0x00000000005EA000-memory.dmpFilesize
104KB
-
memory/3180-141-0x000000000B570000-0x000000000B57E000-memory.dmpFilesize
56KB
-
memory/3180-143-0x0000000007690000-0x00000000076A0000-memory.dmpFilesize
64KB
-
memory/3180-146-0x000000000BBE0000-0x000000000BC06000-memory.dmpFilesize
152KB
-
memory/3180-136-0x0000000008640000-0x0000000008648000-memory.dmpFilesize
32KB
-
memory/3180-137-0x0000000007690000-0x00000000076A0000-memory.dmpFilesize
64KB
-
memory/3180-139-0x000000000B4E0000-0x000000000B4E8000-memory.dmpFilesize
32KB
-
memory/3180-140-0x000000000B9C0000-0x000000000B9F8000-memory.dmpFilesize
224KB
-
memory/3180-142-0x0000000007690000-0x00000000076A0000-memory.dmpFilesize
64KB
-
memory/3180-135-0x0000000007690000-0x00000000076A0000-memory.dmpFilesize
64KB
-
memory/3180-145-0x0000000008120000-0x000000000812A000-memory.dmpFilesize
40KB
-
memory/3180-147-0x0000000007690000-0x00000000076A0000-memory.dmpFilesize
64KB
-
memory/3180-133-0x0000000000BA0000-0x0000000002B9E000-memory.dmpFilesize
32.0MB
-
memory/3444-1186-0x0000000001000000-0x0000000001026000-memory.dmpFilesize
152KB
-
memory/3632-398-0x0000027912DD0000-0x0000027912DD1000-memory.dmpFilesize
4KB
-
memory/3632-370-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-365-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-371-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-372-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-367-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-399-0x0000027912EE0000-0x0000027912EE1000-memory.dmpFilesize
4KB
-
memory/3632-373-0x0000027912C90000-0x0000027912C91000-memory.dmpFilesize
4KB
-
memory/3632-395-0x0000027912DC0000-0x0000027912DC1000-memory.dmpFilesize
4KB
-
memory/3632-368-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-346-0x000002790AA50000-0x000002790AA60000-memory.dmpFilesize
64KB
-
memory/3632-369-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-374-0x0000027912C80000-0x0000027912C81000-memory.dmpFilesize
4KB
-
memory/3632-364-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-363-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-376-0x0000027912C90000-0x0000027912C91000-memory.dmpFilesize
4KB
-
memory/3632-366-0x0000027912F60000-0x0000027912F61000-memory.dmpFilesize
4KB
-
memory/3632-362-0x0000027912F40000-0x0000027912F41000-memory.dmpFilesize
4KB
-
memory/3632-380-0x0000027912C80000-0x0000027912C81000-memory.dmpFilesize
4KB
-
memory/3632-383-0x0000027912BC0000-0x0000027912BC1000-memory.dmpFilesize
4KB
-
memory/3632-397-0x0000027912DD0000-0x0000027912DD1000-memory.dmpFilesize
4KB
-
memory/3804-1177-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/3972-1203-0x0000000001EE0000-0x0000000001F04000-memory.dmpFilesize
144KB
-
memory/3972-1205-0x0000000001EE0000-0x0000000001F04000-memory.dmpFilesize
144KB
-
memory/3972-1197-0x0000000001FA0000-0x0000000001FA1000-memory.dmpFilesize
4KB
-
memory/3972-1195-0x0000000001EE0000-0x0000000001F04000-memory.dmpFilesize
144KB
-
memory/4280-1358-0x0000000005880000-0x000000000588A000-memory.dmpFilesize
40KB
-
memory/4280-1357-0x0000000005940000-0x00000000059D2000-memory.dmpFilesize
584KB
-
memory/4280-1356-0x0000000005E50000-0x00000000063F4000-memory.dmpFilesize
5.6MB
-
memory/4280-2086-0x0000000005B10000-0x0000000005B20000-memory.dmpFilesize
64KB
-
memory/4280-1355-0x0000000000FA0000-0x000000000100E000-memory.dmpFilesize
440KB
-
memory/4280-2584-0x0000000005B10000-0x0000000005B20000-memory.dmpFilesize
64KB
-
memory/4788-1202-0x0000000002AC0000-0x0000000002AF6000-memory.dmpFilesize
216KB
-
memory/4860-2608-0x00000000020A0000-0x00000000020BA000-memory.dmpFilesize
104KB
-
memory/5004-1416-0x0000000000500000-0x000000000051A000-memory.dmpFilesize
104KB