snakebot | 21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

Resubmissions

04-07-2024 06:50

240704-hlz9va1gld 7

26-09-2023 18:23

230926-w1zthsea33 10

Analysis

max time kernel
343s
max time network
335s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2023 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

undertalefree.exe
Size

126.7MB
MD5

69a1054bcf85084cc4bc33e332f1844d
SHA1

a3db1a7c5a07ea07c31d40ab4c7685215ac4f170
SHA256

21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44
SHA512

f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81
SSDEEP

3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

Score

10^/10

snakebot discovery snakebot

Malware Config

Signatures

SnakeBOT
SnakeBOT is a heavily obfuscated .NET downloader.
snakebot

Contains SnakeBOT related strings 1 IoCs

snakebot

Processes:

resource	yara_rule
C:\GOG Games\Undertale\data.win	snakebot_strings

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

undertalefree.tmpscriptinterpreter.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Control Panel\International\Geo\Nation	undertalefree.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Control Panel\International\Geo\Nation	scriptinterpreter.tmp

Executes dropped EXE 34 IoCs

Processes:

undertalefree.tmpscriptinterpreter.exescriptinterpreter.tmpsuper_cow.exedrm.exedrmdrm.exedrmdrm.exedrmdrm.exedrmdrm.exedrmdrm.exedrmdrm.exedrmsupercow.exedrm.exedrmdrm.exedrmdrm.exedrmdrm.exedrmdrm.exedrmdrm.exedrmUNDERTALE.exedrm.exedrm

pid	process
2552	undertalefree.tmp
5616	scriptinterpreter.exe
5268	scriptinterpreter.tmp
5644	super_cow.exe
5748	drm.exe
5216	drm
4692	drm.exe
972	drm
672	drm.exe
316	drm
5912	drm.exe
5632	drm
1612	drm.exe
3916	drm
1580	drm.exe
3924	drm
6056	drm.exe
5668	drm
3704	supercow.exe
4380	drm.exe
2476	drm
2236	drm.exe
2944	drm
4832	drm.exe
2116	drm
3012	drm.exe
4756	drm
1648	drm.exe
2840	drm
3792	drm.exe
3108	drm
3324	UNDERTALE.exe
2036	drm.exe
5992	drm

Loads dropped DLL 17 IoCs

Processes:

undertalefree.tmpscriptinterpreter.tmpsuper_cow.exedrmdrmdrmsupercow.exeUNDERTALE.exe

pid	process
2552	undertalefree.tmp
2552	undertalefree.tmp
2552	undertalefree.tmp
2552	undertalefree.tmp
2552	undertalefree.tmp
5268	scriptinterpreter.tmp
5644	super_cow.exe
5644	super_cow.exe
5644	super_cow.exe
5216	drm
5216	drm
972	drm
972	drm
316	drm
316	drm
3704	supercow.exe
3324	UNDERTALE.exe

Modifies file permissions 1 TTPs 4 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exeicacls.exeicacls.exeicacls.exe

pid process

3956 icacls.exe
2696 icacls.exe
5684 icacls.exe
5540 icacls.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3956	icacls.exe
2696	icacls.exe
5684	icacls.exe
5540	icacls.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

firefox.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1926387074-3400613176-3566796709-1000\{D07486F6-17A2-4F5A-8964-AC98A4DE1F01}	svchost.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\super_cow.exe:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\super_cow.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

undertalefree.tmpscriptinterpreter.tmpmsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2552	undertalefree.tmp
2552	undertalefree.tmp
5268	scriptinterpreter.tmp
5268	scriptinterpreter.tmp
5980	msedge.exe
5980	msedge.exe
5772	msedge.exe
5772	msedge.exe
812	msedge.exe
812	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

msedge.exemsedge.exe

pid process

5772 msedge.exe
5772 msedge.exe
5772 msedge.exe
1300 msedge.exe
1300 msedge.exe

pid	process
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

Processes:

firefox.exedrmdrmAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	5216	drm
Token: SeDebugPrivilege	5216	drm
Token: SeDebugPrivilege	5216	drm
Token: SeDebugPrivilege	5216	drm
Token: SeDebugPrivilege	5216	drm
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	972	drm
Token: SeDebugPrivilege	972	drm
Token: SeDebugPrivilege	972	drm
Token: SeDebugPrivilege	972	drm
Token: SeDebugPrivilege	972	drm
Token: 33	6056	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6056	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

firefox.exeundertalefree.tmpscriptinterpreter.tmpmsedge.exemsedge.exe

pid	process
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
2552	undertalefree.tmp
5268	scriptinterpreter.tmp
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

firefox.exemsedge.exemsedge.exe

pid	process
116	firefox.exe
116	firefox.exe
116	firefox.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

firefox.exesuper_cow.exedrmdrmdrmsupercow.exeUNDERTALE.exeOpenWith.exe

pid	process
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
5644	super_cow.exe
5216	drm
972	drm
972	drm
972	drm
316	drm
316	drm
3704	supercow.exe
3324	UNDERTALE.exe
4916	OpenWith.exe
3324	UNDERTALE.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exeundertalefree.exefirefox.exe

description	pid	process	target process
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 2308 wrote to memory of 116	2308	firefox.exe	firefox.exe
PID 4128 wrote to memory of 2552	4128	undertalefree.exe	undertalefree.tmp
PID 4128 wrote to memory of 2552	4128	undertalefree.exe	undertalefree.tmp
PID 4128 wrote to memory of 2552	4128	undertalefree.exe	undertalefree.tmp
PID 116 wrote to memory of 1996	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1996	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe
PID 116 wrote to memory of 1580	116	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\undertalefree.exe
"C:\Users\Admin\AppData\Local\Temp\undertalefree.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4128

C:\Users\Admin\AppData\Local\Temp\is-4782B.tmp\undertalefree.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4782B.tmp\undertalefree.tmp" /SL5="$F002E,132362071,185856,C:\Users\Admin\AppData\Local\Temp\undertalefree.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2552

C:\GOG Games\Undertale\__support\scriptinterpreter.exe
"C:\GOG Games\Undertale\__support\scriptinterpreter.exe" /verysilent /supportDir="C:\GOG Games\Undertale\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\Undertale" /productId="1456487183" /buildId="50921790503031850" /versionName="1.08" /Language="English" /LANG="english"
3⤵
- Executes dropped EXE
PID:5616

C:\Users\Admin\AppData\Local\Temp\is-DTB3V.tmp\scriptinterpreter.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DTB3V.tmp\scriptinterpreter.tmp" /SL5="$1D027E,569884,191488,C:\GOG Games\Undertale\__support\scriptinterpreter.exe" /verysilent /supportDir="C:\GOG Games\Undertale\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\Undertale" /productId="1456487183" /buildId="50921790503031850" /versionName="1.08" /Language="English" /LANG="english"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:5268

C:\Windows\SysWOW64\icacls.exe
"C:\Windows\System32\icacls.exe" "c:\gog games\undertale" /grant Everyone:(OI)(CI)F
5⤵
- Modifies file permissions
PID:3956

C:\Windows\SysWOW64\icacls.exe
"C:\Windows\System32\icacls.exe" "c:\gog games\undertale" /grant Everyone:(OI)(CI)F
5⤵
- Modifies file permissions
PID:2696

C:\Windows\SysWOW64\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Users\Admin\AppData\Local\UNDERTALE" /grant Everyone:(OI)(CI)F
5⤵
- Modifies file permissions
PID:5684

C:\Windows\SysWOW64\icacls.exe
"C:\Windows\System32\icacls.exe" "c:\gog games\undertale\options.ini" /grant Everyone:(OI)(CI)F
5⤵
- Modifies file permissions
PID:5540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.0.70026410\662341848" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1876 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41d1894a-bf86-4a2d-ad91-5c3143f4921b} 116 "\\.\pipe\gecko-crash-server-pipe.116" 2004 23ab7cd4b58 gpu
3⤵
PID:1996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.1.116976158\1369036922" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e13017e-3a3e-4fcb-8a3f-d542c465ef35} 116 "\\.\pipe\gecko-crash-server-pipe.116" 2408 23aab372558 socket
3⤵
- Checks processor information in registry
PID:1580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.2.48769090\2134142723" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3116 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe6f5408-1f0e-4214-a89c-14087019c81b} 116 "\\.\pipe\gecko-crash-server-pipe.116" 3092 23abbb92858 tab
3⤵
PID:1716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.3.413355615\1741331535" -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb33668e-1584-43d9-916c-3afb003cbe95} 116 "\\.\pipe\gecko-crash-server-pipe.116" 2548 23abcb25458 tab
3⤵
PID:3148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.4.339788161\2026147239" -childID 3 -isForBrowser -prefsHandle 3172 -prefMapHandle 3188 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d5c6d89-c85c-4865-a1ea-d5a83370bd3e} 116 "\\.\pipe\gecko-crash-server-pipe.116" 3160 23abd332e58 tab
3⤵
PID:3920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.6.1347331302\1480096623" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b624d5d-94c6-4132-84b6-7bfd16666db4} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5244 23abe1ad158 tab
3⤵
PID:1620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.7.258706043\1224784381" -childID 6 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {351b5d10-0ffd-42da-a3f9-dfa350720b8a} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5428 23abe1add58 tab
3⤵
PID:4124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.5.1242817493\957752800" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 5068 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4402aa3-29e6-4eff-b5d2-78e46867b35d} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5108 23abe028f58 tab
3⤵
PID:3912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.8.1813932386\262487668" -childID 7 -isForBrowser -prefsHandle 5816 -prefMapHandle 3596 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d86edf81-32c3-458a-bcea-003276f7a1c9} 116 "\\.\pipe\gecko-crash-server-pipe.116" 3780 23abf41a458 tab
3⤵
PID:5508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.9.1912915647\1184014910" -childID 8 -isForBrowser -prefsHandle 6208 -prefMapHandle 6192 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bd92041-f832-4b89-a3d5-827a2934241d} 116 "\\.\pipe\gecko-crash-server-pipe.116" 6216 23abfc82f58 tab
3⤵
PID:5808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.10.1523195620\1205567188" -childID 9 -isForBrowser -prefsHandle 3924 -prefMapHandle 3940 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fdff9f6-93ac-4c98-8736-1fb0ef105e08} 116 "\\.\pipe\gecko-crash-server-pipe.116" 3912 23abd365658 tab
3⤵
PID:5780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.12.1143995181\810374209" -childID 11 -isForBrowser -prefsHandle 4060 -prefMapHandle 4200 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {716c04b3-3cd3-42a3-8c23-331178b3293d} 116 "\\.\pipe\gecko-crash-server-pipe.116" 10132 23ac0124558 tab
3⤵
PID:2112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.11.1532476185\1833060485" -childID 10 -isForBrowser -prefsHandle 3956 -prefMapHandle 3880 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {158db48f-19a4-462e-b969-4dc407d94ea9} 116 "\\.\pipe\gecko-crash-server-pipe.116" 10136 23abab53e58 tab
3⤵
PID:3748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.13.659908201\860232663" -childID 12 -isForBrowser -prefsHandle 6056 -prefMapHandle 5396 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfe2f666-c325-410d-8211-0069b45f228a} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5388 23aab35c458 tab
3⤵
PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.15.1219117937\2088119192" -childID 14 -isForBrowser -prefsHandle 6256 -prefMapHandle 6220 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11883d31-b366-4738-a759-1b26232fe969} 116 "\\.\pipe\gecko-crash-server-pipe.116" 6280 23aba197b58 tab
3⤵
PID:5940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.14.1999986620\685670647" -childID 13 -isForBrowser -prefsHandle 5740 -prefMapHandle 5408 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49f6cf0d-52a3-4f0a-b8b0-8afe78a9ca7f} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5452 23aba089c58 tab
3⤵
PID:6040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.16.1301549319\582316761" -childID 15 -isForBrowser -prefsHandle 10088 -prefMapHandle 10036 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {911eb7a9-73f9-4d9f-b9f9-d510ca52389a} 116 "\\.\pipe\gecko-crash-server-pipe.116" 10124 23abf8a9558 tab
3⤵
PID:4748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.17.2128657708\340495502" -childID 16 -isForBrowser -prefsHandle 5436 -prefMapHandle 5312 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b9ccdf6-1a52-4134-9c8e-f6c9e2e78faf} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5324 23aba089c58 tab
3⤵
PID:5896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.18.626327701\1834139093" -childID 17 -isForBrowser -prefsHandle 5448 -prefMapHandle 6184 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8f6b522-0d46-43dd-abfb-01466019825e} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5948 23ac0eabe58 tab
3⤵
PID:2564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.20.492859075\261460707" -childID 19 -isForBrowser -prefsHandle 10388 -prefMapHandle 10228 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dc02a30-a786-4c25-af6f-04fdafaff8f5} 116 "\\.\pipe\gecko-crash-server-pipe.116" 9636 23aab362e58 tab
3⤵
PID:2520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.21.1193477162\2110308048" -childID 20 -isForBrowser -prefsHandle 9532 -prefMapHandle 5132 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1934531a-5ca7-4208-aaef-21e07063923c} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5628 23aab363258 tab
3⤵
PID:5612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.19.1980676836\195524453" -childID 18 -isForBrowser -prefsHandle 9676 -prefMapHandle 9708 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b820dc0c-1180-4242-a461-a8718dbb31fd} 116 "\\.\pipe\gecko-crash-server-pipe.116" 9700 23aab330258 tab
3⤵
PID:2448

C:\Users\Admin\Downloads\super_cow.exe
"C:\Users\Admin\Downloads\super_cow.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5644

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" b "C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.ins" i "C:\Users\Admin\AppData\Roaming\Nevosoft.Games\129.bld" w "C:\Users\Admin\AppData\Roaming\Nevosoft.Games\super_cow" a 0 k 0 m "0" t "nevosoft" g "nevosoftru" n 0 v 0 o "C:\Users\Admin\Downloads\super_cow.exe"
4⤵
- Executes dropped EXE
PID:5748

C:\Users\Admin\AppData\Local\Temp\6BDF.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" b "C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.ins" i "C:\Users\Admin\AppData\Roaming\Nevosoft.Games\129.bld" w "C:\Users\Admin\AppData\Roaming\Nevosoft.Games\super_cow" a 0 k 0 m "0" t "nevosoft" g "nevosoftru" n 0 v 0 o "C:\Users\Admin\Downloads\super_cow.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.nevosoft.ru/redirect/wrap?act=adv_install&id=129&utm_partner_id=0&utm_game_id=129
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcea9946f8,0x7ffcea994708,0x7ffcea994718
5⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3395293766015969625,10650306727146147073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
5⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3395293766015969625,10650306727146147073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3395293766015969625,10650306727146147073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
5⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3395293766015969625,10650306727146147073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
5⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3395293766015969625,10650306727146147073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
5⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3395293766015969625,10650306727146147073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
5⤵
PID:756

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" y 0 r 81 j 0 v 0
4⤵
- Executes dropped EXE
PID:4692

C:\Users\Admin\AppData\Local\Temp\BB47.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" y 0 r 81 j 0 v 0
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6084

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c87567df3a4a478aae0b9859b1919fff /t 3040 /p 972
1⤵
PID:3184

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
1⤵
- Executes dropped EXE
PID:672

C:\Users\Admin\AppData\Local\Temp\82AE.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
1⤵
- Executes dropped EXE
PID:5912

C:\Users\Admin\AppData\Local\Temp\C630.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
2⤵
- Executes dropped EXE
PID:5632

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
1⤵
- Executes dropped EXE
PID:1612

C:\Users\Admin\AppData\Local\Temp\F84C.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
2⤵
- Executes dropped EXE
PID:3916

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
1⤵
- Executes dropped EXE
PID:1580

C:\Users\Admin\AppData\Local\Temp\13E2.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
2⤵
- Executes dropped EXE
PID:3924

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
1⤵
- Executes dropped EXE
PID:6056

C:\Users\Admin\AppData\Local\Temp\34A9.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
2⤵
- Executes dropped EXE
PID:5668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.nevosoft.ru/redirect/wrap?act=main_dsk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcea9946f8,0x7ffcea994708,0x7ffcea994718
2⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,364297432636354394,410032622244799791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,364297432636354394,410032622244799791,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,364297432636354394,410032622244799791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,364297432636354394,410032622244799791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
2⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,364297432636354394,410032622244799791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\super_cow\supercow.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\super_cow\supercow.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3704

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
1⤵
- Executes dropped EXE
PID:4380

C:\Users\Admin\AppData\Local\Temp\C8BB.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
2⤵
- Executes dropped EXE
PID:2476

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
1⤵
- Executes dropped EXE
PID:2236

C:\Users\Admin\AppData\Local\Temp\D473.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
2⤵
- Executes dropped EXE
PID:2944

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
1⤵
- Executes dropped EXE
PID:4832

C:\Users\Admin\AppData\Local\Temp\E4CF.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe"
2⤵
- Executes dropped EXE
PID:2116

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
1⤵
- Executes dropped EXE
PID:3012

C:\Users\Admin\AppData\Local\Temp\2B7.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
2⤵
- Executes dropped EXE
PID:4756

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
1⤵
- Executes dropped EXE
PID:1648

C:\Users\Admin\AppData\Local\Temp\384E.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
2⤵
- Executes dropped EXE
PID:2840

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
1⤵
- Executes dropped EXE
PID:3792

C:\Users\Admin\AppData\Local\Temp\A09D.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
2⤵
- Executes dropped EXE
PID:3108

C:\GOG Games\Undertale\UNDERTALE.exe
"C:\GOG Games\Undertale\UNDERTALE.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3324

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:5188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:4988

C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
1⤵
- Executes dropped EXE
PID:2036

C:\Users\Admin\AppData\Local\Temp\F65E.tmp\drm
"C:\Users\Admin\AppData\Roaming\Nevosoft.Games\drm.exe" r 81 v 0
2⤵
- Executes dropped EXE
PID:5992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GOG Games\Undertale\D3DX9_43.dll

Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\GOG Games\Undertale\__support\app\options.ini

Filesize
97B

MD5
40ede613879f6406fd90c4bad9ba08cb

SHA1
234d1a88ecb5eb2f945f0f8959df69bc154a4677

SHA256
52a59e5417778aac32756ac0617d5b00fd47a9015e54b3865fdc17a867b58cf9

SHA512
c42b738b58298bdd8866b6f053df12a13b9eee3917e86846a7fa3d00248a7dc1c7658878c06f51d6b9e0450a4eee940c61d56ad11fe32656bd64f9341abdcaab

Download Submit
C:\GOG Games\Undertale\__support\scriptinterpreter.exe

Filesize
1.1MB

MD5
cd0222b112878c6b1074c2354aa026f0

SHA1
395bccec3fb71ef8f0c4ceb9dee63efa21d948b0

SHA256
6dd87cb725336bcce9c75eed40fe544cd5cab32a2ea3ed09c6fa901a47db2f53

SHA512
8afaeef70f6913b898621516900c133465d5eef481217417caee012fc776c2a75fe6aa589cbf6b01f9423838be4c898f7cf2051ac8729ce22e7075bd24535f33

Download Submit
C:\GOG Games\Undertale\__support\scriptinterpreter.exe

Filesize
1.1MB

MD5
cd0222b112878c6b1074c2354aa026f0

SHA1
395bccec3fb71ef8f0c4ceb9dee63efa21d948b0

SHA256
6dd87cb725336bcce9c75eed40fe544cd5cab32a2ea3ed09c6fa901a47db2f53

SHA512
8afaeef70f6913b898621516900c133465d5eef481217417caee012fc776c2a75fe6aa589cbf6b01f9423838be4c898f7cf2051ac8729ce22e7075bd24535f33

Download Submit
C:\GOG Games\Undertale\__support\scriptinterpreter.exe

Filesize
1.1MB

MD5
cd0222b112878c6b1074c2354aa026f0

SHA1
395bccec3fb71ef8f0c4ceb9dee63efa21d948b0

SHA256
6dd87cb725336bcce9c75eed40fe544cd5cab32a2ea3ed09c6fa901a47db2f53

SHA512
8afaeef70f6913b898621516900c133465d5eef481217417caee012fc776c2a75fe6aa589cbf6b01f9423838be4c898f7cf2051ac8729ce22e7075bd24535f33

Download Submit
C:\GOG Games\Undertale\abc_123_a.ogg

Filesize
40KB

MD5
0db017fdf19134876127376ad1d56a8c

SHA1
0f78b9af1858c6c7c01205bfaa99f3c4934c510e

SHA256
baf01fcee2fa3cc9769af20407a4de9b30027a5e651be601808ab521485fea55

SHA512
7fb4cb4a54ffe57ac7f5989f969ec8b6e0088d319479ca83c69b0ce71b8a06ef480a8184ff8e3bb827c7bb6f784a94654003dd63f59983a601997a989fb9b67f

Download Submit
C:\GOG Games\Undertale\credits.txt

Filesize
11KB

MD5
85ef2348d70f81de3b00be93348361f1

SHA1
6c734e646ca25e19391099e32aea9f1a006722aa

SHA256
5e5ab1852c4734a547e6143ef643b43d211e3cee334e949cb59fffb51bf04098

SHA512
01661bda880aa2ea085fa98eb565fd5b938cb86d673908fad80980ea3a13d0a5255a431a909388740a33b8e33e2ae4b4a38c9de141eb072048d47d81aa6268e3

Download Submit
C:\GOG Games\Undertale\data.win

Filesize
60.0MB

MD5
ff4f10d0434b332f46e1f35a900ec862

SHA1
845ce7e926ee2188821293707735fc56ac122b90

SHA256
946c738c6d6182f683431320a0e32470bc3deb50f3e8887e61998df0c4e3abc8

SHA512
60b8b3bf9a5819c493bf641bf339b41f56417e998fe06efb660da0c98f0f44a265098a000f4ba015dc5bba13211acaef6a9b9bc48a803863d40fd1358ec662aa

Download Submit
C:\GOG Games\Undertale\goggame-1456487183.hashdb

Filesize
7KB

MD5
17f41c26cc277c59e53c5bdb54343776

SHA1
5891b83ff264d03f2a1aaac2f167b421824a3f51

SHA256
07f899a497faa6d3befbead9cc86f8ca24fcad719426f106a1eb2c28217743bc

SHA512
450514f863398b115a5870941a00570879f4d1cc74a25ef51c6dbd217448769d0d57dbf67b14c8ecf1c8d3d2d7b08d4539a50ae1795a4b7943e59d776be91f17

Download Submit
C:\GOG Games\Undertale\goggame-1456487183.ico

Filesize
79KB

MD5
d292e2349754e997b1fc3ecc8c9955de

SHA1
3decdf189a116665fe52facafc072dd974ad27d8

SHA256
6cba65c3c927a68407e8941ac8b12e3089130709efbdb2399123d084f1475d54

SHA512
29f0cccdf471018b10cd72b80d9860d33ab16aaa0db8ddcc20ec664e72a61c9f60d37b442cdca415cd227fd53594632d0de8ed02a742828d26c2f27f33ac45c0

Download Submit
C:\GOG Games\Undertale\goggame-1456487183.script

Filesize
419B

MD5
ecfe49b9be64a0e398f861c8d5f16f53

SHA1
465087b4a0a9045d3de22ec0ec92287acf26b47b

SHA256
f1c0f97ea9a8dbbb37355cef6f2d42832e97acb47b5e9bc327ece2d9b397c5a7

SHA512
25239ddf866e6d0e2fa53b033e6aa26978ae8a342ee123592e974e911db9fe130204e675bb61079cc3f45451663e5276062d391638ecd83756c4d9e14c52474a

Download Submit
C:\GOG Games\Undertale\goglog.ini

Filesize
204B

MD5
65fb907e1079dd47bcfe5deb5893a39a

SHA1
603a807ab4dfbeb3e94023f9b6d2bfe0ef8608f2

SHA256
3c4634e30c9c8b54de5127cc6bdcd0a3d3d739313994810f154096d395c2c87b

SHA512
b101d5425521180c156c6ebb441f1a79664911ea46193a6cc6e489ba8c8d00fa49ba4e601d0eddb1ccb8c03ea25178c0fae436f295aab6026fe01e41f19ebc03

Download Submit
C:\GOG Games\Undertale\mus_a2.ogg

Filesize
186KB

MD5
ee6282e61da71efdd1da75676044c0a1

SHA1
6caffe6d1838fb16138ed30f1f89890ac7e5df5b

SHA256
244ca709fe88618b2ae34a2767bdea7ea6b79df4f795b5f4fc00eab3c03e2ba7

SHA512
3f81d07e73c0dbda25c3af2440bcf1e25e1dcb568fd1c2d337d615ee833179053f5e7983048dd5db258a0116604abc27ee3919397939e3dad95c23ae0b983cec

Download Submit
C:\GOG Games\Undertale\mus_alphysfix.ogg

Filesize
36KB

MD5
dcafc0871eb93693cc5b0f9bf169df55

SHA1
cea9c096f8285d77b348d92fc26e27d45a889424

SHA256
6f4cd2037b27e6dc0ab6044ce58a2e66db380a13e67b5167d50d9caf02e37ca0

SHA512
369a3bca748b14589da221746d681191a90221337c197871952006efe184c9eb9b499107013d90385056b9d44d496a74336cf603eaacb81843d600b186c5f608

Download Submit
C:\GOG Games\Undertale\mus_amalgam.ogg

Filesize
903KB

MD5
b962c05bd42cf19f3a61c8d7e2410677

SHA1
8e027bf46c905bb154bc9fcef6c4d7bc02923100

SHA256
249e51b1e8a06e4b1b4d9387a6a5362cbd65ec89e06f4d5028308402c6e1371a

SHA512
a981387faa1c440bcf2e6d646bf55cf0d945c8f997b8aa00acff5144fd31693f7f42dc6f72ac2ed95af8f408aac4a64345b758fa7391e97a4cf3a1e5139b22de

Download Submit
C:\GOG Games\Undertale\mus_ambientwater.ogg

Filesize
24KB

MD5
c5d95352887d3ba20b0fff600284822d

SHA1
aa3b09a27a46a196baafb03736b9493d9933e8cd

SHA256
195b5bdbc3066c2025b28667b5c7f72a22b01cd0f629d9601ec3c749858b706b

SHA512
02884b849ddafe1b736497b7bb1be0067f1d92842940c0435a292384023dad97a5880c3cf38e041a7630b6f908b78c1f0ec84840f05a04ac63d2d134bc1fdf51

Download Submit
C:\GOG Games\Undertale\mus_anothermedium.ogg

Filesize
1.6MB

MD5
94726a30486ad58169ac6bb1272a8436

SHA1
ecd3f44bf107d08ace8c0c19691674be8318c692

SHA256
6d43d0a4a8a67918e0f4add018580f9ef120b9e0190cbdc0581d12827fb07ab8

SHA512
cb60cefbb14048c07c7a717c6c1c20a5d0e7462b542d0b119ea5c825fc2b9b97d6626693ee6ead7b46724e443ab72783dbfe24f56705335d54feae02d8cd0117

Download Submit
C:\GOG Games\Undertale\mus_bad.ogg

Filesize
15KB

MD5
92952e0422d298e61cde62bb2a5f5f88

SHA1
b98324d43c5b5e59a9e767ee6b5db75c74d8fa57

SHA256
79d6af19bc9ac74221af85e1ab5fa67c466b08ede7979090870d93a368f5abf6

SHA512
c38300948b9c8553af11cf01f81a3d7d6875d32f40934c27030b844e206237ff36c1499d1e559b6b21bbff6c710a01a2b3e24f043c2df5b49e9c00ef4d1ac5aa

Download Submit
C:\GOG Games\Undertale\mus_barrier.ogg

Filesize
287KB

MD5
b5c9f5d843f07bdff5b49a600a9737cc

SHA1
3779f0e0a31cf06186db71d8d81cd7111012995c

SHA256
3424de311fc694a93a8bfa7fbee2cba120f7377fea174f75a2cf6fe86dafd9d0

SHA512
3d9281f9746ba012a1dc71c2c52e45c5742476bea738cd443b519ffa3d9c16620a447bc227bde7d65ab186942fe5d4ad3d375b9e37a1ba2a95860ab7a79ac45c

Download Submit
C:\GOG Games\Undertale\mus_battle1.ogg

Filesize
642KB

MD5
336e2f63c6629fcf4334b145e1adc0f7

SHA1
d26f7d8a4c901c6fed5a98d91bddbefce35d7c52

SHA256
7101b56bf94fba741e8d36ccc51e10616808a1d6d898e970c56b824973c6d529

SHA512
0367ac313439f22eb036d41566d737783cf59914f7f94b6d3f3aed61544c8ab43e2d75ce5f16f710dadfed01e36b30a1d82fc702018389d2319937d297b955f8

Download Submit
C:\GOG Games\Undertale\mus_battle2.ogg

Filesize
706KB

MD5
0a242440e79ca4ad5c5ad85bb4194ffc

SHA1
c06f6e41d67b2d7ca7f53616102ad30fd8eb3d2d

SHA256
c75329c5308e0e2184eb106dc7a946d54bc51ad0ea2eb790c0bfad8f7f1dfa4d

SHA512
082e8f684a3e10a2ba0eedc71f775a2b56f36a751ad1882ae5eb70cefd4a713a0de12e7c6bbe153aeb22d2c8628aaecc78cbfdfe92b72ef55574da1f9d068f8d

Download Submit
C:\GOG Games\Undertale\mus_bergentruckung.ogg

Filesize
135KB

MD5
33d2e6dba7df72da33035c3be20152d1

SHA1
29643f786d78007d810af7cf389a0c243b6e1594

SHA256
61c0413b9179fbdfebcf8f2cdd122d8dd142887c35aad12f47dcfd7630dd5f78

SHA512
54c918db41731c1896cfc9179b7522418ad17e78e1ac853cb5d1b65aa0e31f1c3ae1794455047eb70da491c52f72e221096c664f04bf1daa70f5664fc87fc13b

Download Submit
C:\GOG Games\Undertale\mus_bgflameA.ogg

Filesize
53KB

MD5
67f5e7072204bc20998066de1ff20e2e

SHA1
3aa37c53f9d5ac5507e5250bb07900e61c897f49

SHA256
0c9eee11f57a00368f7fa165ece1f97c345f03c28826d6dd55c49006c545177f

SHA512
7313a86d3fe5e0d151b6a503844758bb1af4713d1be313e23eb9d34ff79fe1666fb8d6c6af03a6f175ee8aa611e331aa56323bb7baeb1577b7e0804243fdeb8a

Download Submit
C:\GOG Games\Undertale\mus_birdnoise.ogg

Filesize
331KB

MD5
85e7b2bc28a0e551dfdedd1f6646b681

SHA1
a1aa92d97f6092979320544942edf6b746a67527

SHA256
f68530da7bae270a3779be498d04145fcd4012cbccd0720501263f1be59b2f94

SHA512
582ac73e9ae4a0643134ddba3d6bb918b017e540a1b87834b23dc8e30c3d41bf6b5b34afc35a1031ba7e4c6f3d84bb4c6f994657515d57ab297f2ee354fbb512

Download Submit
C:\GOG Games\Undertale\mus_birdsong.ogg

Filesize
251KB

MD5
fa7183f5b9d75a05bff866183f0166b0

SHA1
aff7e644834cdc5bd769b45cf73ad43dacf96be9

SHA256
618c46734918c8211b58a636c0a4280ee961842b22c91135a9da0d6970613be6

SHA512
5047f6628db2a7806f2d47acf01a973bb89c9d0cfde8a2dde956224c258443598345c03dcab6e39809748d39c140c1a7629722acff007805b7cc5b7e5e31c4c1

Download Submit
C:\GOG Games\Undertale\mus_boss1.ogg

Filesize
1.2MB

MD5
0bbcb73ab5f262f048af4ef813efaac9

SHA1
541bf218e80b46be16dd4b781ff859c09b731272

SHA256
ef21b8a3e3834771d073c70c384ea2a6e05cbbf1ff8314b73e84e53b620183bb

SHA512
063dbeb7cc64ce1a7d1387fb0f526ea1c546020f54a27cf388322e3ea7efa44a93f8eb53946f5169ba061aeeac0cc70739a17dd00bdd8558f024b1422242eef3

Download Submit
C:\GOG Games\Undertale\mus_cast_1.ogg

Filesize
411KB

MD5
91e6c5088ff417ff22e469fa057c7ff0

SHA1
e15bb06a48832fea9e5a29c224950c90dff3ad80

SHA256
d7c39d948c7e20e72dfb43d25d1c4806390495dd8410ea2c8071ba3f32efeaa1

SHA512
75d76502cb1242c8a9ecdde50e2d76dab039826d2e15558823bfa370af31834c88c69e0b2fcf2190abd2272547b510325416e7142622b7e7cf8ad981bb5ef92e

Download Submit
C:\GOG Games\Undertale\mus_cast_2.ogg

Filesize
213KB

MD5
0e757e12c0f27d8e6faaab0d67d9189c

SHA1
5c7b31369419618c61f072c4631fdd8cd6f8a7d6

SHA256
6b061c68869002370fcd2725977f01c2a68fa592d7fd0ad934f680600a1b6c1f

SHA512
e15803787eee5e3d40ef3cedecea9090a6f735d6b193c771b2f37fa093b5371837e1b5807ddef9d81e0e6826717daea5918f27750b3fff5cf95ed9aa80db4c8d

Download Submit
C:\GOG Games\Undertale\mus_cast_3.ogg

Filesize
409KB

MD5
5f1964a271e8c6c34f51e5e67e236114

SHA1
1ba1490bddf8ff05995779ccc4a08438875db20a

SHA256
1f263161035bed24f70dd343587c447e545ff8890f3fd63587b0e49dba43debf

SHA512
57fecd3f16877245b1c9a84c8a960d262d309d9e1dfacea91c1b5714f5bf04d5495a5e1fe95364034d44e0d44b09fd6006565df6648920c69ac91085e64af766

Download Submit
C:\GOG Games\Undertale\mus_cast_4.ogg

Filesize
530KB

MD5
25d6c1762b5b478c61b23be07f384314

SHA1
51b2beb223183fe6824fe1f7b45113a8cd1b55f7

SHA256
7ecfa22aa880f4232854095dd408d9211a396524a1c96a3fe0354ab040b2e216

SHA512
3ca8c772ec79a90f5a1aeb06b435a9f9f9418304e4607c1eff00e56ec19aba9ff77b325fd7fca184dfb06200b57a86aad29868a6328e9722971e8fa22980e9c5

Download Submit
C:\GOG Games\Undertale\mus_cast_5.ogg

Filesize
815KB

MD5
e8524403d3fc9708e1980f38ac00f36a

SHA1
a6b6ca0a567fa43d8222be40def80edc7546c028

SHA256
e799798cde27f5887a0c650a07ca29b99cdf84fdc3864f4e3569f72219e35043

SHA512
ff788dfa983e217df23b72d4f21273a2df580726b5c38db1d85efeba554f363faa4d9ef1c4addf9c01a1d9c012d674214ebb3333eac2b8a3d121622f15fd40d8

Download Submit
C:\GOG Games\Undertale\mus_cast_6.ogg

Filesize
208KB

MD5
87ee8f9cccff5d32e054c8737bde915d

SHA1
dcbf4e5a137f248b8c4b404f847b5181fae4ee8d

SHA256
5c35750896f5eec85c502a00b935c7a96a6aa6b8655936ae99059fe2bbc6b9f9

SHA512
13fb4afa9fb65e95092de7ed9bde3cc56a9172dee4fc89569205fbf672f936cdb306fc912e8f7bbef4e420534561177107b085f976861d3d580fd25a6aaf07d5

Download Submit
C:\GOG Games\Undertale\mus_cast_7.ogg

Filesize
183KB

MD5
aeefd8eee053a0c3186efe9c5d0d6e81

SHA1
a0957dc42d8c3bd8c064a3b91336ff115d47897f

SHA256
0c5d9697e3d40f21f32b027026e8c117b242bd522ec0f08abf545b236f6c7bc6

SHA512
6bdd0377d2fe3aa59c0b9799fdc0397f6cda8a3149acc2e2e6b267176f0970a9f68d3b260592577ebff81c775181dbebcbef27eab21f2c0b2da83f3d518ed297

Download Submit
C:\GOG Games\Undertale\mus_chokedup.ogg

Filesize
1.6MB

MD5
cae6f64fcdb667dc64515c3e6c07fbc8

SHA1
f54327a0d7d11d5942dd2a5bbc6069f1db909c8c

SHA256
b77e1fc84dc3b20e779f23c376a457eeb9ba78adf06365d20481a8cb97c7cba3

SHA512
86ce7dbda1f92ec2ed18340727b697618fac8e59499efd0c030eecd86797808c655c6100ba3eab5608abd0e471c067aaa70b86080db959acbde0b99760f4d267

Download Submit
C:\GOG Games\Undertale\mus_churchbell.ogg

Filesize
77KB

MD5
aa4061c1c89e8221087449b54f370784

SHA1
d33f4acf8838d0ac962199191590b838fc1068ea

SHA256
efeb11babe4a529587614df295b473896e03393fa73c897dde9b02120389d620

SHA512
bef6790840b062bca813579093e25a72570d428fe5906ad116011de6baa337bafc9016ce26cf689752e5c0946f687c8cf7c56f69577fbb013a57dd346b73d55d

Download Submit
C:\GOG Games\Undertale\mus_computer.ogg

Filesize
17KB

MD5
bf3fd98aad1f2414f286221bf127e61b

SHA1
69d7ba47a60c69490af8429dcc2808630d73b03b

SHA256
4c4062d9f91a6801715aeff168ae4a6568f5e280b729691e6962331c270978c9

SHA512
0c266c3dda15d38572621e10c4cd48ca3b2e142fc3af73bcdb3ac97efb068e269c70a507e6590ae20322ed0956fa174a75c8adae4f96fa0b91fdd2de7e8b88ee

Download Submit
C:\GOG Games\Undertale\mus_confession.ogg

Filesize
210KB

MD5
edfd9d675bb2a2ce9132f4f3e5c9349b

SHA1
06d4ccc7727628d6c2d1d787ace97570e60e7bf6

SHA256
a4ca01491ad3ebfdb466a1b129f59fa46dea1d02b8761ac81c016432d9d0f9a3

SHA512
fa8eff518047ee267e51ab5a69a4ec5f270250b6b26ef817626b603b3b12fcae7f76c49402a6a342619bc55af92866ecc7b9bd84b1906307f51849aef984042b

Download Submit
C:\GOG Games\Undertale\mus_coolbeat.ogg

Filesize
23KB

MD5
2d721315d4b952cd0413123744470cd5

SHA1
71905ca68789f608cd18b75811ef2e464a3c6061

SHA256
b2502de775ddd9cd544958795d6f5b4b771249cce9142424b48e732cdaa51699

SHA512
76d7833debc58f2f55a418657ae1bd0dcb48ec851a2d66620d16ecfbbe3cbcb04ec2af916ff2eaad9bdf1df7b04e9f8a1fbfffe31039ecad9ee2796efa9f3f30

Download Submit
C:\GOG Games\Undertale\mus_core.ogg

Filesize
1.9MB

MD5
52013a81b15d85d4ba782d1f615b81a2

SHA1
76cc3316f50546ae09a58c2633de421c9cbc600e

SHA256
bad6636afb54e3b2a387fd07127a9a1ad4ab6f78171627dfe318bbfb9bc56a25

SHA512
b1ace698d8cfa1f100c08a68a6dd6517f430c1cc081f9104e354029a771d08f6827c2a867855340ae3a270c7c7b47de346d88a8cddee8413f0b5682edd33d286

Download Submit
C:\GOG Games\Undertale\mus_core_ambience.ogg

Filesize
60KB

MD5
2cdb01b7748ec9e635897ce6ef73f56e

SHA1
7caa08c67929d607feaba45432447c35f17f95ac

SHA256
94169292a9f99fe70992d4c0749bbc1889bdc7565dccdd83e3c73abd2c9485d5

SHA512
09fa5dd823a5d5e9b5c59e088d3a97dac722c06edb5a3145cafd7c3fc3288a01cc307a4f77a4b305cc65134fd5a53410f854e427f0ec6d0681293cae2e7088eb

Download Submit
C:\GOG Games\Undertale\mus_coretransition.ogg

Filesize
119KB

MD5
fa3925cec8965ca76dfc062b7e1ae9eb

SHA1
5b28e1d4ba5164f4f05387b1cac9c65f01333485

SHA256
0b5d6a8dfbf5ad68b0318808f3c8edd0da2213fbf67b359f3fbbcec854f3374c

SHA512
9a4a2ad218ce66d6a0d9f1fb1c55839c01a23c73b32a0329b5c6d1f7533024837ad170592e14fa4ef69cfda5f885b01a6f2b9b6302a0bf0f160b6f5451b2c971

Download Submit
C:\GOG Games\Undertale\mus_creepy_ambience.ogg

Filesize
139KB

MD5
466bf722f3d469ce001682992f4240bd

SHA1
8304d66bfb92a8cc583023bd060bdd78f97b7cb6

SHA256
105e5f99a30e1b1836b8d3980ae1be289e06e0122e91d1f7910181a7720e9d6e

SHA512
a1421009ad5f4d07e0fb33883aa82a5e6fcc008386fb7a4718d8312d58beeb0aec7bd419c4b464aadc760b2c1daaf0907347939686cf25497f95d47f38d72dc0

Download Submit
C:\GOG Games\Undertale\mus_crickets.ogg

Filesize
509KB

MD5
dc5a47a35a9cefbb89fa2871cbbc0c58

SHA1
30b4dac52a4d4417d4aff50a7e94dabdaff21175

SHA256
42ffa30414831e2ba55984edf269cae7eca398773d84b93f554752bb91924af6

SHA512
d816386576c33b8d5349a1e418f06a84bb0564bfaa163e2585b4a6512f9416febc472e7ec605eb084f073e827e728cd6218595e75e32515efe3735855ad2d249

Download Submit
C:\GOG Games\Undertale\mus_cymbal.ogg

Filesize
53KB

MD5
90a422f31063a50989b358708e68f109

SHA1
1c4605a43688cb893947cf0342673e9a212f6780

SHA256
ad536a8aef8f7485ff1f9c76ea9aadc156b7d3702d82078165e38a39977d9d85

SHA512
05301abcbe370deb41f8271891c6418684b9a461e6fe38354b4effe6cf053cb1c4963824b342e8a7492d9e3ff21c4bfddab95d88e83a5bb222bcffa09a6c97a8

Download Submit
C:\GOG Games\Undertale\mus_dance_of_dog.ogg

Filesize
113KB

MD5
b4e28f5b3e88139674359c3a97f545d1

SHA1
7e33a017272db837ee5172d8cb0dd4d1ef538c95

SHA256
3dd733edfe675fd5ec84a0186d2784ff83ddd0ff69c1b96c975be5c0086893a7

SHA512
238be7129ed51cbb2062d1c9c382a528e43abc61d375a1007b2f173e92f4197635888bde5ad8adc974588ae8c4a71b8c07fda314c30c274e1d1cd662cb73698d

Download Submit
C:\GOG Games\Undertale\mus_date.ogg

Filesize
1.3MB

MD5
2ec4e784ed2f5b0bd9c4ba0a3d4bf03e

SHA1
d1a6a88547738092dc8b65f5cc410f88cf76d56d

SHA256
a303ee85751ae94b16a1daa0ad258285b0da885142ee1820948bbe72b1b9969b

SHA512
e2ee77cecebc51e8597c962f6c55031b4cea0adf2ada3fbed8c0b8918525adad06bb4b1b7ea1a3bfed0c6af31f2808bb49b71d437848ac9e4d4663aa202ddce5

Download Submit
C:\GOG Games\Undertale\mus_date_fight.ogg

Filesize
380KB

MD5
f48e2cbc55d6d7bef38054db905ced93

SHA1
8e299d008315c75441539d38759d6ce89ae3c742

SHA256
7ccba51e2205f014e550f472ef847575bd12b4fec677462a274a5e2af0468c1d

SHA512
c2923da574d8e2159e34ca9b32f88c6db9948ec11b6ffd6ce30e342e708097bea5640847f7dd5eac5341a87c55bd980fcc13180491a6079c3fb06e4abf097452

Download Submit
C:\GOG Games\Undertale\mus_date_tense.ogg

Filesize
287KB

MD5
687f5597ecbb83868feaefe1ad4d3b45

SHA1
19677da55f31fbeacb09aec999b6616684205f83

SHA256
fef99e4757e91191d97335da62b7aa49bfe7a116ebf216f79a863e6ac9ee72c5

SHA512
358fd5440f3f11f9e2759248e2566c8a68e253c616747d1d34d46d7126005259f1d2e220b11a13ba9825c4d239a1b50af84876f0e5e0985175297f3ddcdf24b9

Download Submit
C:\GOG Games\Undertale\mus_deeploop2.ogg

Filesize
70KB

MD5
d471a28314b4d267104419b00a9c4420

SHA1
be301daf432602439e16f9a42b1c61708d4c8ced

SHA256
5c4df79571d6e20216cf57d9c823b54f210fe4efb1b13dd0f9dce7d64d6beaa5

SHA512
eabb9139cdc22759c45ca29f136e79b643f0bacb984219dd601622770de8a2aecb11804b1fe078bc98d2e9eb1e4b394a0629bab9468d9715ee75d6ae18f11e1e

Download Submit
C:\GOG Games\Undertale\mus_disturbing.ogg

Filesize
82KB

MD5
629f9c621c906b0f1a2d445e0fdc050e

SHA1
52fc9035a8192ed872b92a51014beaafa5e677be

SHA256
86a66166b93962edb0455f63959eb53c297c1d52bec13e32877eb8bf6f6a4b34

SHA512
dec3ebe2158702d0f619d513ca4d62ddbfe76f8e969d0fa57078e1e6b2e9afb724257c46566e3d7f3e514513bdc76f05dccb7920a83572d32ba3707ed8b715a1

Download Submit
C:\GOG Games\Undertale\mus_dogappear.ogg

Filesize
24KB

MD5
2d2cf95ff2877f86dd5de21fa6df3758

SHA1
33345114743cfc37cbe76cfd4a89fc2ed84ca07b

SHA256
9c0dc0331ee3164c43eb7ba25028d3923433f88cf27c72a464fb64ded95dd045

SHA512
3a8d21ea725635ec25615e3139e4d69161c87ecf729970dfda6a14041677fd7cd14d13ece16704462814722d2524eb029cf2d4bcdac7a5542d6b6faf31c50a7a

Download Submit
C:\GOG Games\Undertale\mus_dogmeander.ogg

Filesize
85KB

MD5
2ac546432377f6e1f9b212353e26fd02

SHA1
356dbbb1f24a8b7238ef3547362540b96804e03e

SHA256
fdfd3d9e926427c5681c683c8523f34754fd5cc88da3308420f016cc9cbafc4a

SHA512
448d1af59fbe1d8031aa14c7ba2b73aeb4689500619847c91abd6d0f229a100cd282b98bd1ac7914cc62578c0bf7ead110cd16ea409feb394cdcac29393ae67d

Download Submit
C:\GOG Games\Undertale\mus_dogroom.ogg

Filesize
345KB

MD5
bf7de16b8a2a6aae1d3605bd8af94eed

SHA1
02e7d8e8ca785775ed21d4cc413e18478850ea42

SHA256
56386401e7e2d75ae1ebc148483654bec8d89cd0f2364f2104b2a0b529af6516

SHA512
b72ab2c3c3ec8cd5e587b0a84b9166051283e1aab2defc953c258ea8117f7bca9114fb4e7c2f0ee7cacbca0d4fbd1093cfb68ada7273eb142cb2349500516095

Download Submit
C:\GOG Games\Undertale\mus_dogshrine_1.ogg

Filesize
556KB

MD5
1898412d05c0cb107d5bf879b44aee52

SHA1
9b054610f1a61c92c129c77506e70dd8c9cfbfaa

SHA256
75480e33442c016d961e0c9af33c07a9d7131288de41ee700b8da1e09c84d191

SHA512
ee4139ba5e5526bde772d43090cca4d1c8b3a4631c584b2755476f44b2f4c1b9d5823f4751874f6dfe39bc332dba397117f9182943e7ad7ef76ce1a5f2cd2c66

Download Submit
C:\GOG Games\Undertale\mus_dogshrine_2.ogg

Filesize
175KB

MD5
c4f8ce27eeb6f4bab11f149be5048862

SHA1
0436080344e8a7d386a3caa5b512703a5d18241d

SHA256
06afb33e9b3f2a89c8ccee969ce52c0010a9319c4e0310d26eca4ff01f2ab673

SHA512
cf2e8fb31fecf85e1b756d6cb444df9c38a0f5f0a32243182085831b56dc5232f2b721d5a0459afe8b28dbec1f5c8e5735daa0e07f5c5022dca5e91a57c8a4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2b284832a4a26eb2629177ea14f0d525

SHA1
78e2779fd9db3f48551ddeaa73494a86671ac735

SHA256
5773d4cbc5192fa12342c4172c8ec5bf85bd4ed560dcbfdf4d48e5d6db3031f6

SHA512
ada172c89b8eb89a92eeb4116d3986370f019c958c751a953987e346d06a61afedf0d432de259677e3b9e0490db6954eaffe794b2649a93389be469d90b8dbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
237KB

MD5
2c23d215ec51f9c8d7ac49879aa7dc01

SHA1
c17d1bf5c572df450d1e7646e0b5bca4dc629771

SHA256
7c894d43b3d85974df94d2bdc312510c8a727d93b9c2b81410b33d0fef6faa50

SHA512
f849e0aaede498d7cdc0b29951defa20a6b0f0a38733bfce7f2d315f1e5ad3fb07f0c67145446f1fddac36d9ce3492bf2084d5a123b558e1835bbe10efee4eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
93KB

MD5
1969b8737cb6680fc5fdbcd82a5286b2

SHA1
ca08d301dfadbf18ea948ce4d9d62cf4b945d0aa

SHA256
866bc05dd48560f04d9a61d4324ee57b152c5980573b567e5c38df3c54c16272

SHA512
dd5d0443b47827393dd3a6ad3f32b4a32038806afa05ecfcdd693c73ab68c8b1422d49abe2a2bff43849a6b9b07b28342a2fb832aa3a0015199e758240ec6069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
30KB

MD5
1fe8614a6223d1de43b05d24560d079b

SHA1
5373def60561fce85372cae97b5cf190c531547f

SHA256
21c023167b19dc0002555ec84de09ff1680d06e6d8c3b64d7d034a6b446d4d3b

SHA512
275dba057d44d6b8d21c02fdd013401767391f284cef6178737d95b32ac02a9838cf5094326da3d9f84e339063f418a1aa26ebf6070466897ff77f442c7b9dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c45ff67c4dae05454ce70a579a8fb268

SHA1
8663f565ed3311e4eb1856a3aa320f007428138d

SHA256
7dbf6c5c92fe68aa8a9d6a563cfed820a6470a7b680c8cd0a00db1dde2d02c91

SHA512
abc6a7bcb724abe5adbcdc77338313c964f58ec60bbfa59b8d0ad01f7ae67917fc839dd5ad6ce2736b26377b739fab7dde19bbc4ab3cadef227aa0e01a9772cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
10cb55ceef86ef53e8fcba5fe676ae9d

SHA1
78cd9aede1f3b21d49cc74a60d84df165ef56260

SHA256
48f92639a79d444e8f9308053b983e3e0a4307783562f22b2e86dc2e18b13753

SHA512
735b818a0f928f2b8a1080c54935e80d1bed4db95e68918261844c007eb6c6a6e2db61a078949a9197bf8477d933b0e890b6ea411829ea1f6bf7a0ddadbeea8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
92a037d0f8c21a906614a3f7a8ffdd7b

SHA1
9a73b75b268714d720a8d69ee57d461d477e5b49

SHA256
bba8b1f6dc670e2a39d621db24e1c7f7a436dbf0d602550908af0fb81e97345d

SHA512
678e48740c9b0f6b647c4b3cceebee97c68764a14104d6ec9af1942e90b9669fca9b56a319aaf10849fa289e3df68295006b0cc4de081070d976eaef3bdfa7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fe1810ff8946affda7ea654f13d150a

SHA1
e6a8886e41e7e251ee08a424b9689f98daff945e

SHA256
4d50e3cccfb6e7c9ac03ec9b205a6a63787c4596ad7d1d7ec9d3061ef0bc1518

SHA512
6f8d12d72d281fee01189c2abfc19ec876cbd953fe61117be38328e2b0a56f99f10fdf700bceb3830b3927e408cd59c6cb785865f1b86f618087e4532ee5acf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da8ff414fb67884cb4475a7d3afce207

SHA1
99f9bef9510926a7b37d8a873ffa17d8af492a38

SHA256
404616819cb5feb3648d1108168a48379fea3b91fff3a5d6c6ec22637fd139bf

SHA512
27ce5a34d94dcba669b3d0876bd893c424973bab0dcb10c4700153749a5f4ec5bb7717af59690d6f99e54f29a3845d7d1afba6156c4e7b776de781c4a1f13cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02e7dce3dd366dca927d4013ad473732

SHA1
5665b07038255b9fc13993715d7dbfede8d308a4

SHA256
60997d046c29cc8166c8dba253b49d4cf52263befd3e5c08b862d9c00d1292e3

SHA512
c15d10fac0525e35b8685e1e9594a4587d1d0cc23ff76531f29ea85fca85e8d02797d97a838a2a4c58e7058fab06e2f24c9fef347a5fcebe6f646d8a37e1c5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec9f9a6c089957a90a8ea62883f93fb6

SHA1
652471570b3f832b12b8979a3e6da0a61fd41ab5

SHA256
cfdd53dd190762a87fc8972814d9298a76027c146da0b3d77a5d23c219a97182

SHA512
7d9e6103c849c4d9f7723c13fcd9eac5720ae648dfd2127dfbf9df877b9c222865fc48415a38401804fbc89ee7a9ce4e8b16bd5b8a39e84e5927bb5577c56cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac1d0471a91cedf5c34b7e584883dcd6

SHA1
755466ee0171ae8bbaef362a50989617c5281514

SHA256
456974f18d37871ecf326434d52830d6851f3bbff680c824be83ae99375f9157

SHA512
7c92292d32836d3f6d59ea02bef8696082ff4e94d2e3cba7921ae9b5c7d6dfc34d4282d8e96ecff8dd1f22fb45d821b2bf899aa5e6fdfa74b3143a2bdb709cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
d1a457b671b67774574e49c3739feedb

SHA1
292bb558e14dfe2e20e5054632cdd93b1206aed1

SHA256
872ad510f8f09c9e016eea8b5f1eca7027f128d171208fec592ccea3001dace5

SHA512
157e3b0ec65a20fde4686b5c9841fd1e8063c2a8fd204216dd8269ed4a655e24c30e164e6fc424d01be7eed601c1bef23ef8b9d07136db48c7e0565b4eb20cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f38e665a-5c30-4b42-a9aa-de851c920a72.tmp

Filesize
10KB

MD5
9b56db00a7d2374ebaeb80ec3a74c134

SHA1
272f9da2c6a984b6b2c1f7f4684fa83154794249

SHA256
085416c1206098749843788c2cb26f04821e0b9bd28cd35fafca1b093120c0c3

SHA512
b992820a5057b543b52833bf8062289b4f349a0a9012b59bb9d4ca2c38056da6f52e20bde426ae647a0853f136f29bd29afa297936a9d8db0defb618eb07997a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
1383738cf6d3088aad9df69137e8a3c6

SHA1
8e565c0f29d7e7aa7e4428a8ab879f509208e352

SHA256
e70aa57a7d21e05cf7b0efba3a3d5f816f697cdd9332f4da5eea0ee91a85b6b9

SHA512
cca7cd013c6a0918453d336b297e2dc46c7791091994fce9906804bc03a245375a53e358ec23496f21ef5f82379df1b6f557fa2a9cc2b19406af5e13c0cf25a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\14604

Filesize
9KB

MD5
bb4c6e4b5e919e6479bd8cbf8de17432

SHA1
833cec430bda7dc329952f00ebf5deef871d2202

SHA256
1c71bf2762271f2d75ddd630f2c0726ca4e073410a7c9d9b68559395963b7429

SHA512
b3b2f3c5e644ea2b8e96f8607d6cc04dfd403a04b4f94ac3a831e1871350a4ada39a5db324303638b36118571e58c4ba8fc2125e8fdd37bb3a5f7c9af206e8a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\16341

Filesize
9KB

MD5
ed3fe32007d033f1b3f10c8376763593

SHA1
47402ac94896f20d97c7c25245fbc260eb28f264

SHA256
a0e32c163424a90d92ce43cea07d96f400bc5e92bc0b0852d7dc1fa4b304465c

SHA512
49e73cb6a52fa9e0b38043d3058478adca790e7d6531dbe67f014ee59bae0a562a91b389dcddab1d18162d4e368c7a6d07cee0eb2c6245c82eed7842dfe5a17d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\17432

Filesize
20KB

MD5
058f309a4fbfe8328c504846f4cb329e

SHA1
39b366dbe9d6c54ab226c960684f6cb48e366097

SHA256
6255ff443648e4d2930e156654197bf19a331a73ab718ca3785d75951a6bf248

SHA512
bb2d34e26d282f0117ac876d697c74e4d1b0ce23c9dd68278d9630496ca55d55c8953f7b1b9eca5313a8fc7cc451aed9ee4e9d391ae0b01510c669b9a31153c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\18879

Filesize
9KB

MD5
d6fd89026b30f9033e911f5897004f78

SHA1
2d36279dad73ec5860f7bd160f17420261e0fe23

SHA256
31f970a93684393646d32e11c7df14f99de2102f4a7b02179eb6bbd984a5093e

SHA512
d47c6916a6684128588810bfa9510fedbef99a2b279cbe15fc2ff72257f639259545a4effc67a9df51bf81266030537cdab52d124cc0dde7948f4f04731d4da7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\19481

Filesize
21KB

MD5
d06d6224777a9a66e78164a864d1b521

SHA1
ae37fab8b8e83b9aa686ec9c9de1bb72ad4f643a

SHA256
39aeb5f44b99be2126b70d283bb32e609b59581950e9dab1ce35e57431d2d8d6

SHA512
8e2a97c6436450efacf90815a863bddb7cf109a929590b9a9495f8846debc80461f03c4be4fe8fdc59f3a193c3f5db601388645de6ed99c465d79762e7c4e524

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\25768

Filesize
20KB

MD5
ca717dc6422027be1598b2c699d72f50

SHA1
ae16a7256e4b0b94561781cf336aee9eeb3bfc6d

SHA256
f61072b484c5a8a667dac523ee3b3f4d097c8519374a5e3492253249d0341ad6

SHA512
bba9931979a581e38ed34d741841a14b9ce1fb9068a272ec3d0c700dc29e827302ff29fb2298bee4dd6d96ba7f3181e075305204942a0ad4eba191e3e6060b61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\26674

Filesize
9KB

MD5
58f313aadfd6b18d43b456ce82ed27dc

SHA1
1fd9049d4cdcc2cb21cda680bb885de6452427af

SHA256
9eef5198c7d77a4aa2129d1d58cf223936214e91cae465f95e0fd6269d01636c

SHA512
65ecf7b203029897e2dff8a33220df3572eb66d8c60f1672790607cc67c88f64c0603a7f54d28ec9c935e46ff806d1138919a5c3d98c52e8c314904963721799

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\27103

Filesize
9KB

MD5
1ee24c5286b41f86bf10da4536db36f7

SHA1
eadcfab18673da0f7554b5f498dd94c729caa586

SHA256
35a1365fd9d5a374811da394f594ce1fbfeaf9ebde5d08232c6107f1b07c1dc7

SHA512
a418499481fd43df6637a4f01de898a95a12c9a5a991abdfd30052147874ff4da8a79d7362b6ea7a59f7044e9fa292f34f01fc9d1b68b28528de3c917778e9da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\3234

Filesize
9KB

MD5
e4433409797740bf60766c2b9311e4af

SHA1
5f097443441def97a5ac8bca90a1e3cf1ae0d20f

SHA256
e035968632504760752bdd7e06d1e9783a064d04d3152760b957e2ed8dbfad46

SHA512
b604e439274c4123e6cc27d2121d088d18e265845095b9934e7bfc40cef7c2cfcf82dd7712cffc69fc486c034162e2c654a4e1b49e22dd6470766963ecdaf445

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\doomed\9036

Filesize
20KB

MD5
906794adc97a3760b4a17b18aa247bad

SHA1
c39bcf59e156eab36a0f586c2c1fe888f3897166

SHA256
3796f8b6a6a6b881ac52d7ccc7fe5772050c4ea6a17cd260925dcda31192ffe4

SHA512
5f74ff02dfa599d011e921bffe1e06c01f1f3c642b93d8cb9634930a9ceabea58ef4dab28cb5878efa93c68d16437a759a93e79f956a051b71479d5c3d0ee852

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\3DADB20DB30AF0DA585EE9BF2AE5BB9714F0A50B

Filesize
1.8MB

MD5
ecb360dfbba686fa6a5523812ec7d7f3

SHA1
b42b3961f4f75e6c3ad8d58d68d1e684eaf5b97c

SHA256
03dc055a781ba0692a5ebb07532503b356626c650da3288ba9bc8b2965d7c4ca

SHA512
576b63d32a46c4fb1441cc7d64d5cb1ba56e3a4789274f8ca6b22f30985268ef8dcafeee42c1cec4a8bf8d6d1b0e4fefd07199932825f9a81ff002b46b06ca29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\6FC704B5F3745EB1B4958D8629162A80AF7A25DC

Filesize
95KB

MD5
a3af68f0fe6b056ceea137b1cb397c30

SHA1
8f5319ae976aa35079148bb2c427b1d0c5541d87

SHA256
dff5e36d7961ec6f11272339e80314029d302493a24dae043dfd5bf37682e39b

SHA512
f598a2142b215010fabda1600b6f68ad84dc8975a95086f2d7058e6de82c318765b1e36b67ad30bfc98162eafa10f0abb8cc043e414eb68e56182a43a7790723

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\71DEAC0EDB01609497A2DCB8919F27E5A4E712C7

Filesize
775KB

MD5
014ba264732c98a6d51bde60517b4479

SHA1
c9c405e0edf6cbd57b0799e83ddfaf29b8926471

SHA256
63cc316c072c49dbb5fb494457b8fc06358cb3175af556a1d9d25744743c46e1

SHA512
14bc90b83d8a3e617ab640dfb8106130f348a84f1db4054276e1a385613439e9885356402e1b7b7a449471d9333a62231477f5fd0f7b867cd634e4e95184d512

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\8F2E5DFDA22FB1C4E6BD1ACCC89820C089DACCD8

Filesize
428KB

MD5
163c534046eecc43a80356e109b12e42

SHA1
a355f50a4897e301ee9a3ec7fe4813d024c5bc11

SHA256
2a0ca3e0db7af2db7f070bf932415fd933712a5da64faac8abd8bee0dbccb050

SHA512
c3ce81aaaefd0955325c53398fdeb75c9086edbcfb9d2992a7e0b97e3ee2f10023a660cb4741437a2ecf319e8371fb9633d707b4586d0d363cfd21d8d0597169

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\909FA28FB5B768AE724C6408CBF74278F04C0D86

Filesize
14KB

MD5
e04cadc7e7de6dcd586da3de695fba27

SHA1
ad0e30221f8542d5a2f121214853f4de4faced76

SHA256
9877dbcb70ee29c2e2684a5506ca44150ca8aa7266700f703f533e0cab87e468

SHA512
d4e826f3b81f1d34e0e70319fe19fc3177c65f4b5f654165e76c3edfc5a8eb9f3b109e548213678749f8af1a87ba29ea449a1086e25c6350a37a24297a8c0f48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\99AB3C0CFA370958C0B3C5F860C5DCF5169CE28C

Filesize
107KB

MD5
ff6222eb48ddef7f9de1955e6f3aac52

SHA1
3517a493144747c4be0f5068e1eee2362ecdb926

SHA256
f0ed790dd2633e5c3d21c24cca64bbb7f5937738ec92be20eca518f0f357f82c

SHA512
d50d9887a3951bcac65e369ea2de3ce1735434787d1ca1e793d3c21f8b8cc7e9ce9e99b6217009f1ddbdf0a9e1781d34341dd08c42864c0c5e111dd8ad8342e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\9D23353B46DE09C5BD4019DDC491F45195CE1566

Filesize
24KB

MD5
0c13300eea390d7b9ae1143087505731

SHA1
b30f45d8bb55c49437abf66ea352368d6beae1c1

SHA256
6324cc44d070034a11bbf039ad6f0aa6c7413d69d68ababd6ff336800160ee12

SHA512
862a9a2d365d96d273bb1ab9003af9a16ec4919e21e8a43eeebf20456644dbcb9a951c44c927327c9454e0d204035d27488f912e613d7d76a2de81b18c967c36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\AF105FA713FB5E9EB509C28AC4519C1D0BACA762

Filesize
1.1MB

MD5
0c3cb35c35df87f733718f0867c43c83

SHA1
087d4b1f84c5fb5ed63a8ece801bbf534d09c29c

SHA256
379434339668dbd27ca1fb42c9d8200ae3dac5f3dedda3bd5f34704690e1e5f1

SHA512
fcbda63d0717c9f66f69469484da9b221762eeab1da2bb1f626c79e6adbb6c94825a6656eef61e4b124f42b90b4d40c8507cd797e8ecebe8bed1b962a1cdf31f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\BF4744078133E70F19834ACD8EB32353A849E95B

Filesize
22KB

MD5
46c1bb4ab277b3a7247be2789787a79b

SHA1
d17525858b795fe4d0085c627618fef35640e7f2

SHA256
0a0a873d59fa3b9403ec42915a6980082400cf3d8618580f624d3de97eaec4a3

SHA512
ceda709d5c8669d723cef1de7a8267143557fb3795dc0f72fb534ecdb3d5891b4569056011aafefa51bbc508a749814d6169dd137574d9ad8753b5708acd75ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\D6A11F9DBB5E096F4036348E717FEAC6D4F3E4E7

Filesize
480KB

MD5
2bcb5a259779f28298b774d183f5562d

SHA1
c1cc4d52bef5fecc36c74d9ee491bdd9369f4223

SHA256
226d09b86fdf3dfa8de3e46ae192eba0ee278457df89b65a59aa3f38a0c266d1

SHA512
2a52fcfb7d909ce19c212f453d807ca69281f7a2b29beadece88802ce569f36d3d18d6ef3e5fe60c7b0e66c00fbf36ff693297e005f7f9bf16dc73e71b34b68b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\DB032F25021AF85253ACC80E777843647A348422

Filesize
247KB

MD5
7f60e17d48fbf732763c0b7eba8b58a4

SHA1
5f0447f97c3de121f434cb7a679b2f4fb3aa23dd

SHA256
9fe917919be4be811eb21115eaa18ecd9a61385e44ace18bb262a199e43976e7

SHA512
ee3005dd3763a057505de99fec133b69bde6640864cd2429fc5a2750f2f763a8a03eede47d254a0b0e43de2bd5d265fbf3e9e0da1635eae6fa23b91c883454e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\EE6EA200F049E18A6F9580A31024433A2AB5640F

Filesize
709KB

MD5
be2433749a34bf227a30310c1325dc37

SHA1
eb3da5a14f646077d7db85d90a2c4df30d764bea

SHA256
c3af19449bacb4de0aa54ffee78f279e740f20945cabc96db7a0f19a732df7ae

SHA512
aa67d876cccefc1e705f9762e00bb55dc2be83ad3a9727f95c4622cb04788a730a16e7cd9bab9d2ccf57acb4c5ad94d8e6eb159b04690d694a5223fbe90648ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\cache2\entries\F5E6447DF1433ED7599E550057FBE4BAAB2CFFCC

Filesize
13KB

MD5
37328d89283e6d06f19d164cbb7fcf6b

SHA1
a9b3bb9b6a600fcf9198049b3f01873c553d4362

SHA256
353cd6a0f0f47bf19ae9ef04287cbf8eba3a31e3cb2107299653c9b6515107e4

SHA512
f47c38b12be06aa1c010a913f3263d477b96e6d121515a24e8871e9c76954092dc085cd355338ef1f4065e294e08d46cc1981246aa3a3ea3605470c67bd5dabb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k16kyoly.default-release\jumpListCache\fR8wvD8JpAxXTDD7Ueh4TQ==.ico

Filesize
1016B

MD5
720a73f270f4a01e4ba790d726afdd49

SHA1
f2132a44d357e633a50a6169beb4f69c19b9bc89

SHA256
b32827818d4340619c07333cb02ebd45dfdd49f4c158da179631ba1dc8e09025

SHA512
8c94e2153765253ef2daa00484f2c86b2cdf1a55c50b2b3ba078c9f238dea923c36f9d2e1c0d41e4a82ee8e7f0d6b2a4beec9fc219c6500d635808de20f2403f

Download Submit
C:\Users\Admin\AppData\Local\Temp\82AE.tmp\drm

Filesize
1.6MB

MD5
8f352cb65aabb4b33742adeddd4abc34

SHA1
96b7d199205f97049bb11a3f1b02cdd060a45d4f

SHA256
f51d606b42064d443565d3d1922e4c27bafbeb8e8e8d420381d74e9c46b46f2d

SHA512
e078e470b732921a5176bd19429f64c3c10d55b7dea9f0e5d9deaa8d6297de691d9bbffbbfd42d05fa4401339fdcdcaa6467367691220020f82517edc0f42872

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4782B.tmp\undertalefree.tmp

Filesize
1.2MB

MD5
3602e9114e7254a36fcd909cfa490c3a

SHA1
198af4c93cbcf2195df4cb4aa42096a799c7f374

SHA256
a153c8db6f20f9c54f4bd1607b2502d3914662caa9615e1c557cf0abd8777bab

SHA512
eb1caf37de29467977088952b782dd1cd97969083ef60a0307aa4dd1dde1a44227ef4a871da775b05665f5fec780294c15d6c0f2d9c275e519054eb4628d7fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4782B.tmp\undertalefree.tmp

Filesize
1.2MB

MD5
3602e9114e7254a36fcd909cfa490c3a

SHA1
198af4c93cbcf2195df4cb4aa42096a799c7f374

SHA256
a153c8db6f20f9c54f4bd1607b2502d3914662caa9615e1c557cf0abd8777bab

SHA512
eb1caf37de29467977088952b782dd1cd97969083ef60a0307aa4dd1dde1a44227ef4a871da775b05665f5fec780294c15d6c0f2d9c275e519054eb4628d7fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7EPK6.tmp\uninstall.dll

Filesize
698KB

MD5
73e7b1edd7e389d8fddf31273b34bd14

SHA1
c4d51c194b1901b186c815101424a58419bbcb3d

SHA256
5091cd5eef67f8f4cf9ae53b52160d6bedf7245c580d8a231595ba39e55ffdb1

SHA512
1d0673f8c87a42cff4f3440527824e192c2fa3c410227ed46aa05dc2fe068f170df771777cea11f171f75b7a7897e9e0d9eb9106db56996f8c95cbe7abef5c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DTB3V.tmp\scriptinterpreter.tmp

Filesize
1.3MB

MD5
25909912e6190316be2fca698dc86d7e

SHA1
ddeb3a1b00e537e0cd364af87727bf4d66d39162

SHA256
5a1fa7eedda77ab1b422ec7bfa6ff22dd10449da5f3ad557c147302913cffd16

SHA512
1913ee97b93f6b2b3cb88ccf02e617bcdce54427fc5d6c4030bf5108f9143868bb98beb1e82a86269d64fce482810850fa8f6b6f2694e478eafa4b79f4bc4457

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\1207658702_english.jpg

Filesize
195KB

MD5
ed224bf981e588b310321e3364cde5cd

SHA1
b3a7c43742304b6541bd83b04104ba0511103cd9

SHA256
988c25e3d92bbce791a012beabe67b70d0f708fe658a75304261f9699de0c063

SHA512
9c1ee058e5adeb765b435c4de9b1c9d211dbfec1d6d9b78abb5c38887d21a9920d35cb61b8139662b03acc5b74132c4bf267a91927587ab59b490cdf519e3902

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\1449139823_english.jpg

Filesize
192KB

MD5
c86d1d0ecf523cbc44a0f3cff1f81586

SHA1
a906d195974ef3afd6d7da7d820dcc9a4efe3987

SHA256
5091f3f1bd82d677b364080052f9166a0b85ae179c6ab6bbd6b87f4203c14e1f

SHA512
fab06cea1446b58abeece64a7e4bcd5e9f8a6ca75aa2255ae65f3e5d88c81abd17be9946e3702a30d7978660ec363c73c4e9483678558e8a79ffdfcaafd24bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\GOG_new.png

Filesize
3KB

MD5
d5b63bdfa47ef5954917c148bacf7b13

SHA1
5302c6715d9e9b5d2768b130f3e516e175684cc9

SHA256
0804b385c1736e009fe8c3b1b14085b9b9abb40ce487360002ab4a8f3505f4e0

SHA512
b5cde681be9ad1c1211559dc4b363003bf547e8dc965dbb9560fdddfc28ee1d8f27cc534dd00864d800fd351c48694d7dc8df55fc3d8d69acf8b702c7b421aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\OpenSans-Regular.ttf

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\background.jpg

Filesize
308KB

MD5
79dd8f2494aef70c997f7627449d7e9d

SHA1
6fc00daa1c26ee76a90a55e39e0c3a72cf4b36e7

SHA256
502d1b67b2a2b390753fdcafd9b5f33c97796b580eaff893ba7360931092989f

SHA512
3af7da0eb62a38a3a4445cd0bd563a8fc7c3010830228d2bc075ae7b5bf990ca20bef806116c60d4a367548a821587328ab0509ab8ba73e6fdfc0a7be30a6c78

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\error_icon.png

Filesize
1KB

MD5
263720c4b8bb111567a2a49989b8f467

SHA1
cf346fa3c70164648e0eaf72a37c6f4920ab4792

SHA256
acdf96ee4261fae138e6350a0ad50b367022ed5b908fa168baad92644f566ee8

SHA512
94f06a81dc735cf264abde86e6169e5fd78d873d2e926fd48287d2ac5208fc930c3c432186e3510add002bd1b4ae32ad8d35270b17c3ce5f18c43764a8e9de43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\progress_center.png

Filesize
1KB

MD5
ad7fc1e37e40da38dd57adc446cc6c0e

SHA1
08033265deb9b45243cfa0065d98ffe13a039e26

SHA256
2b9dae87340e66b67ab1d8247d4a137628e324969f92fe1098f95a7c5bab2f43

SHA512
dd715d74f8e1ed6ab75b7b6530b383ac47040d8baa7728be160f6d230bf485a9cc54f15f7dc85b122ce56e54d63fa4890e510dfc89d9c9344e31f789ebac8756

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\progress_left.png

Filesize
1KB

MD5
290c7612ad7a077028cd3dc78ce99673

SHA1
18995fbe39d05e4a1cafc7cc2e0f6fb745442f77

SHA256
85e39d909a7300fa2043ec42818582867b981401264b14fc5408e477ae0b4668

SHA512
799841f5b8a1056e78a49c823009750e4b93af130a6c4ff9dc6d386c06b88614e53b46a6df62f5a217d5c99da01cf4e2fe8392c73d39e81000045291cf24205a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\progress_right.png

Filesize
1KB

MD5
c25a41f022a74308d944d1e807d72f44

SHA1
83c6bbec3fb373fcc78ce0e737742100994cd6d4

SHA256
396a3351fe409328782ab138282cf9cec061a5a9540a3506700a620db1f54e7d

SHA512
d2f4449195f3e60c826cfabb52a083d829eb9d0509272977d8fdb33bc5214678949cd27d0594684594e0a3eda2351c39cec8d91923cb716ad144ccf2b966c8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\slideshow.ini

Filesize
298B

MD5
dd34f5881d26a40468f4eb1a01aeb892

SHA1
6065a141c70d7eff63a0e879dad4868e1868a3f8

SHA256
23ffd13e24c21c28893f350c1283c8faa856a45ef554ecff9e96442bc51bc214

SHA512
34c7652ff16ce6895c20b63e6d9b33626f14bbbf549fd3662bb17c464f501d08a4cff8dcdcbc153cd7b76da09060d7e42babc683e441f8dbe69438ab9b98bf02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\track_center.png

Filesize
1KB

MD5
3f2b0c22f8ea28dcbb82b39a16a039aa

SHA1
b3f4dfc2ea86fbdad05877b4c356b7fa8016731d

SHA256
794f9eeca7fd99846968376b76a296c927532cef1271325cbf555caa0d0d5860

SHA512
b4bf65d751717e85418947662d315ae3bcb177f60914832fefeeb95da9eddb75eb5531c62e5a5a70ff03c8a025b5a03e61ffbdecc9f483bea9684454ca9362d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\track_left.png

Filesize
1KB

MD5
55dacb00cbe2825a8540236c5777a205

SHA1
18a52ac6c741b558500fbc1716d46b4fe4471982

SHA256
a8340fb5380c922b60ea40043590dba067dcfed6e22636851691df38156a3aa8

SHA512
2ea444cc1080f20761c8d71d96fcd04ef48254cdc1dc41d1d139f459ea5613fe12f6e4bd026bf33a5c01ff038e72e05dae2f8fba33ff517dd395e1911f10ff10

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FRT7E.tmp\track_right.png

Filesize
1KB

MD5
ddec70b6c49be3e8c3a7d01c2f6ff1c5

SHA1
5383271999f787c36b1dc8f3cc13c8407b195439

SHA256
f54cd6e42f2b2bc5cb8a15f6a28f1499abf094a519ebdf39f4c4e167312c9c16

SHA512
f43f94b194b5a7eafcec9e831f61042859c30e1af2e2447195bdd06b12c90982181161a1c1be5aa5223ff664f88e4891bd71cfffb7ef672d6fe4f614030e0e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4F21.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4F21.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4F21.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\thm7025.tmp

Filesize
877KB

MD5
7f1292e1b7a9999b30b29b78bab5e26d

SHA1
505e121bc2dddada7b4a790f19865c6c7d7c73c3

SHA256
701df03e8f3969b6521d5f92514e9521e6318efc3554cf8b2ba5136e8bcb955b

SHA512
8f763e7481886a6f13562fd3ab54920ccdb18d277f286e5987f5bd784006249df4acc04f2fd15140eca56c39d9ebc984c793fb6046647e3a2595f118139e87db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k16kyoly.default-release\prefs-1.js

Filesize
7KB

MD5
9b1553ae6c334d5b0e4c0ce50625afa9

SHA1
66d1dd23f29f68aeb3a52be88067312189f56205

SHA256
321f3c299936d7a4fbf32f9d3f68ffe8c63f1a1c8af835e02fdffd8b6e2ccd89

SHA512
e4e9181dc3bf4af5bc693ef2f3c128908b9882786fa10426284d213480daccbf6859f513dbff732426786e8c8a63e032b05bfce4fc67eeb338e5a4127c104e3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k16kyoly.default-release\prefs-1.js

Filesize
7KB

MD5
f082e7b3f04d514f0b1ff6118c9f4575

SHA1
1d41a04359ed371507709fb400f96701147a873d

SHA256
fae5ca4da0e050974ad61dc2a225d5e287696bd522456a828e47e665e0efc678

SHA512
26170e91036a9b08ff59a20ef36463cadb2ee5bdfad33646cee17a9a86d275f254fac0348dac91af3831ff5578aa6e291f9ab88baa20bae500b9e7ba11046855

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k16kyoly.default-release\prefs-1.js

Filesize
6KB

MD5
f61feaee8b6c6ea8126ef47d0e9199f6

SHA1
893c13d9d1f8ad1b1a9afe5874d9a80434e6530a

SHA256
1207afc4c903d500de81727e413ecb2258f1df4c7e7324c4c446d87b894125e8

SHA512
74184fb1aa93d2f23f63459ac1841e9e5cc3f6ceede02b9fd6c9cdbf520807064831574d455f206ca1b4581d3e3a1b38a3bd9d3af93105b4d431f457275a082a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k16kyoly.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
72f51336e0333437664bcd6302fce085

SHA1
160bcb874f5b97c1823c60f2b815695b02b407f7

SHA256
73ce5b227e32286af2b07c0940d834d994776e04731e2f259a92a8768aaf85e3

SHA512
75b9d042ee41c449a22f4dd524e34e216030118cf586699bddd18b2de129b161ebbe2715ff7d9467b51115504bd1772e604a57cd76aabe6fbcc8e1caee2f964c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k16kyoly.default-release\sessionstore.jsonlz4

Filesize
18KB

MD5
238d3f2c49644401b40086a494caad95

SHA1
bb74b25fca22989020eaa694d4b944bbc83630f1

SHA256
149e67488207e72e6afc958cf599f62a7ffcf0596a1236b528ecc908fcdc270c

SHA512
44ab3bf9e4f42b0f313f0f74043092ec6f40b06504f2dbcbd9c4b07e5c1ce5e7231566f8614bbf3e6e08e8ace6b548750e73bce59b5fa4b76cf7ea043d967d13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k16kyoly.default-release\storage\default\https+++nevosoft.ru\idb\431866221sbedn_dhpsuulps_e.sqlite

Filesize
48KB

MD5
d63f65369942a08e5e245a80086b68de

SHA1
68242ce134a52b1b5c3dc374cf7f4c6179d6acf8

SHA256
71f855acf65e6aaf6c2b554b307c4b6e860eb52a0d130ca946abb4280d20bc5d

SHA512
dadcaef582fb4fad27d87380e14afd35d2d1e13a7ade80acc527c066a73991bff4562d2a32f6642daba92c2c447d70fdb3abc2565071e58627686b46a50620ef

Download Submit
C:\Users\Admin\Downloads\super_cow.2-WIj9QP.exe.part

Filesize
152KB

MD5
6ba0b467e7e6e4b1c83c24fd86813dcd

SHA1
465756a96a03d4fb8b1e53c21fb64a322f46fa39

SHA256
912950a90123683188f783b4dec94c33e6d022598b0607ff8686272437b56f84

SHA512
98b2b68d1f9ea4e597cbaf1722b35cb52e2511dbbd04f5938265e161b84a6ddbe69a574f6eb8a868c832f3df7fd33cbb5336c995979e31bac07468d02892709e

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\c:\gog games\undertale\goggame-1456487183.info

Filesize
840B

MD5
72c5257a93fbeec975a4a4175b50080d

SHA1
7b28af62c13cc120f3ac3e0ef273be85116d8d76

SHA256
adb26c3daa0b8511e8219b7ee950c8cdc527795f7e3b2a6a42355f27fcdc1b29

SHA512
f8ec190ba65211588f6156e74d1e8e842fe959ab1f8830e8ee1c9adaf35bbbbcaff7814560fa7e5c7e075c5d33422144070e114727229343087465f6895fed2c

Download Submit
memory/672-3181-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/1580-3193-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/1612-3190-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/1612-3188-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/1648-3327-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/2036-3367-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/2236-3312-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/2552-571-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-226-0x0000000003160000-0x000000000316E000-memory.dmp

Filesize
56KB

Download
memory/2552-815-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-818-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-852-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2552-458-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-1409-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2552-855-0x0000000002BD0000-0x0000000002BE5000-memory.dmp

Filesize
84KB

Download
memory/2552-857-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-668-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-859-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-663-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-386-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-330-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-873-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-879-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-256-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-661-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-574-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-1184-0x0000000003160000-0x000000000316E000-memory.dmp

Filesize
56KB

Download
memory/2552-1003-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-210-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-6-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/2552-46-0x0000000002BD0000-0x0000000002BE5000-memory.dmp

Filesize
84KB

Download
memory/2552-1038-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-1033-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-1026-0x0000000003160000-0x000000000316E000-memory.dmp

Filesize
56KB

Download
memory/2552-1025-0x0000000002BD0000-0x0000000002BE5000-memory.dmp

Filesize
84KB

Download
memory/2552-964-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-1015-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-955-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-227-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-732-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-95-0x0000000003160000-0x000000000316E000-memory.dmp

Filesize
56KB

Download
memory/2552-225-0x0000000002BD0000-0x0000000002BE5000-memory.dmp

Filesize
84KB

Download
memory/2552-1024-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2552-1020-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-1018-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-1016-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-224-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2552-221-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-997-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

Filesize
1024KB

Download
memory/2552-222-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/3012-3320-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/3704-3301-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download
memory/3704-3299-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download
memory/3704-3298-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download
memory/3792-3336-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/4128-219-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4128-1410-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4128-1-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4380-3308-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/4692-3054-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/4692-3058-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/4832-3316-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/5268-992-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/5268-994-0x0000000000120000-0x0000000000270000-memory.dmp

Filesize
1.3MB

Download
memory/5268-888-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/5616-995-0x0000000000300000-0x0000000000339000-memory.dmp

Filesize
228KB

Download
memory/5616-872-0x0000000000300000-0x0000000000339000-memory.dmp

Filesize
228KB

Download
memory/5748-1681-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/5748-2513-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/5748-2665-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/5912-3184-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/6056-3197-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download