observer | 081ae5c21adb12d5661e6849efa6003d14f8be48256db982281d66adf956818d

Analysis

max time kernel
39s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

99.7MB
MD5

3d54a88bea517fb58ecb46f3d7f94777
SHA1

b51360050b9785d01484d3d7b5c9796f98a8a0d1
SHA256

13dcfc1aa528addb278f703cd8fc7b0aaf8cbeb8242bdd0a070401099de854f2
SHA512

92c68b0b329b80ef892ffa838dd94e6c9d10e48e0e6f8840b9933b777bfa50cf5ed1c0ddea2c74a3c27d05310087a33ebfcaa6d8df71e8cdce46eab703d4299a
SSDEEP

3145728:qbzHAlMRvSvTXKX5U1LAcHbBlpmDHxc20Z/s:iTAmcLXKsxr2R4Z0

Score

10^/10

observer stealer

Malware Config

Extracted

Family

observer

http://5.42.66.25:3000

Signatures

Observer
Observer is an infostealer written in C++.
stealer observer
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 9 IoCs

pid	Process
876	Launcher.exe
3540	Launcher.exe
2816	Launcher.exe
2348	Launcher.exe
4348	Launcher.exe
1372	Launcher.exe
2440	Launcher.exe
5052	Launcher.exe
4924	file_xvo34.exe

Loads dropped DLL 25 IoCs

pid	Process
876	Launcher.exe
876	Launcher.exe
876	Launcher.exe
3540	Launcher.exe
2816	Launcher.exe
2348	Launcher.exe
2348	Launcher.exe
2348	Launcher.exe
4348	Launcher.exe
4348	Launcher.exe
4348	Launcher.exe
2348	Launcher.exe
2348	Launcher.exe
2348	Launcher.exe
2348	Launcher.exe
1372	Launcher.exe
2440	Launcher.exe
2440	Launcher.exe
2440	Launcher.exe
2440	Launcher.exe
1372	Launcher.exe
1372	Launcher.exe
5052	Launcher.exe
5052	Launcher.exe
5052	Launcher.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files\nw876_1717194150\nw\background.png	Launcher.exe
File created	C:\Program Files\nw876_1717194150\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw876_1717194150\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw876_1717194150\nw\index.js	Launcher.exe
File created	C:\Program Files\nw876_1717194150\package-lock.json	Launcher.exe
File created	C:\Program Files\nw876_1717194150\package.json	Launcher.exe
File created	C:\Program Files\nw876_1717194150\node_modules\.package-lock.json	Launcher.exe
File created	C:\Program Files\nw876_1717194150\nw\icon.ico	Launcher.exe
File created	C:\Program Files\nw876_1717194150\nw\index.html	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3324	4072	WerFault.exe	115
4092	4072	WerFault.exe	115

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
2632	tasklist.exe
5012	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Launcher.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528493417157508"	Launcher.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1860	PING.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3540	Launcher.exe
3540	Launcher.exe
3540	Launcher.exe
3540	Launcher.exe
876	Launcher.exe
876	Launcher.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe
Token: SeShutdownPrivilege	876	Launcher.exe
Token: SeCreatePagefilePrivilege	876	Launcher.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
876	Launcher.exe
876	Launcher.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 876	3128	Setup.exe	87
PID 3128 wrote to memory of 876	3128	Setup.exe	87
PID 876 wrote to memory of 3540	876	Launcher.exe	90
PID 876 wrote to memory of 3540	876	Launcher.exe	90
PID 3540 wrote to memory of 2816	3540	Launcher.exe	91
PID 3540 wrote to memory of 2816	3540	Launcher.exe	91
PID 876 wrote to memory of 2348	876	Launcher.exe	99
PID 876 wrote to memory of 2348	876	Launcher.exe	99
PID 876 wrote to memory of 4348	876	Launcher.exe	93
PID 876 wrote to memory of 4348	876	Launcher.exe	93
PID 876 wrote to memory of 1372	876	Launcher.exe	97
PID 876 wrote to memory of 1372	876	Launcher.exe	97
PID 876 wrote to memory of 2440	876	Launcher.exe	96
PID 876 wrote to memory of 2440	876	Launcher.exe	96
PID 876 wrote to memory of 5052	876	Launcher.exe	100
PID 876 wrote to memory of 5052	876	Launcher.exe	100
PID 2440 wrote to memory of 2216	2440	Launcher.exe	101
PID 2440 wrote to memory of 2216	2440	Launcher.exe	101
PID 2216 wrote to memory of 4924	2216	cmd.exe	103
PID 2216 wrote to memory of 4924	2216	cmd.exe	103
PID 2216 wrote to memory of 4924	2216	cmd.exe	103

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" /fj230ur90f90329039039093/Launcher.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:876
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ffafeceb960,0x7ffafeceb970,0x7ffafeceb980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
      C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x1e0,0x1e4,0x1e8,0x184,0x1ec,0x7ff76c6cda20,0x7ff76c6cda30,0x7ff76c6cda40
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2816
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2056 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --nwjs --extension-process --no-appcompat-clear --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\file_xvo34.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\file_xvo34.exe
        
        C:\Users\Admin\AppData\Local\Temp\file_xvo34.exe
        5⤵
        Executes dropped EXE
        
        PID:4924
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k move Bathrooms Bathrooms.bat & Bathrooms.bat & exit
        6⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:2632
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
        7⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "wrsa.exe opssvc.exe"
        7⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:5012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c md 18835
        7⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Compound + Injection + Emotions + Worm + Participants + Richmond 18835\Awareness.pif
        7⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Subsequent + Controversy 18835\Q
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\18835\Awareness.pif
        
        18835\Awareness.pif 18835\Q
        7⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 1536
        8⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 1464
        8⤵
        Program crash
        
        PID:4092
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping -n 5 localhost
        7⤵
        Runs ping.exe
        
        PID:1860
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --mojo-platform-channel-handle=2420 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:8
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1372
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1980 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5052
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --mojo-platform-channel-handle=4500 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4620
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --mojo-platform-channel-handle=4628 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw876_1717194150" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4472 --field-trial-handle=1984,i,9864667799006441498,14915415413762256900,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4072 -ip 4072
1⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4072 -ip 4072
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\nw876_1717194150\nw\fav.png

Filesize
248KB

MD5
3faf439a6cd9d9a9fa9f8aeb85cd0f05

SHA1
2af297f14c4a0d9ade6663d6eecb8fa051ea85f8

SHA256
a04a437646dc6d3ca3f6563384c0ed1a14364ce502df8fe75d6200cb53d229e0

SHA512
2b9bacb4039f967871af6fe772245e1f83f584ef17e49345eb4f000d49a4ba8c9ee3d154e61713687861775ab5e5496959b58b606edad4e489d2444c487db971

Download Submit
C:\Program Files\nw876_1717194150\package.json

Filesize
554B

MD5
fef3c629b4988e5756d334f251e96748

SHA1
02ec04f252e2a00de7f991c212847b533a1c1165

SHA256
b94cbaf6c5e5c6f2222852305bca0013619f49ec1cee54e5cf4f84266d1eb13e

SHA512
8f488a4a40c1ee7103c30ba1c1b17fb43d7fdd01dc98f81008d16cc2ffb8fa419985d212d4a00e50e4d470d27c1438af3861c70b23ac4f191a7ffd2b96d2245a

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b866f916dd9f403f80ed3c679789e2a1

SHA1
4335fac036740359677ffe4ce2126133354b1ab5

SHA256
ee1df700cc07fdf9f376219c781312b907795b17d74ba6caca320d082c50dbe4

SHA512
2102fe856caa9ce4830a755df66aa57ff95cc7cac4c88e9dbc44abdddd295f05758f9c54eaefa7c49d51af96a8857fbe45dcb7a184f6da97fd60a71db67ea2b9

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\82afbe74-5d0e-4939-814d-9fd402ad449d.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
90034d3f6db951e789f58bd8c1984928

SHA1
c4297e04c66dfee112c5e2fad8eb54c94309a1b3

SHA256
98926a559d5026055d40a9a44403cbe06999db65872c4dac02c208b302230f24

SHA512
7c4f39d0b63b7067b7b9d817039f1fc4fbb6848d1223d7b3c543a849398485d53ebc6dd33c1cdc386efb39d2a7932503b1af29caab2caddd4c64d4419baa480a

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State~RFe599fd0.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
ee5379ce410d5f07ef711cb07fb02b17

SHA1
c206bc93846cdb362060596708c2de8c11eca73f

SHA256
c55eba72870e5b6b5b4b7d7a6f50db1fdfa29c0e1d42d7ed6a47d1e6896de21f

SHA512
9246f99246a498fe4ac56279bab3fc22887aa565e312f11abcdbf7d02c416170bf33bc9963415fe9ab43749c13c2731c2381740c85e16d3b703e1e6c864834f8

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
64b0e6961cc80df03307dae9896a918e

SHA1
20b40c4c0ce303ea87837101fee13e4b89bcc63b

SHA256
778e4a90e454d0f2a2bda8dcdec502054fe78d85be7a500c6957ad4930b51aa3

SHA512
722455d76862747f135c15951a0ccd259ae50db4142a8432c15078e354b25fde7b84a8980f6b67ce8d9ea1b8380e9d7d15399b8fa267f46f54765a6d477082b8

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity~RFe599fa1.TMP

Filesize
355B

MD5
dfdeb387d216821f1eb004834ded032e

SHA1
5c86b6e3b203f3aa3c97f404d68c7b0dbed9f20c

SHA256
9aff5fcb704f2bca0ad7ac3fcb2b2084241522776f1a00a7089381e4e8ac4eb0

SHA512
1a010e2193c3f9533c025b23b3ec03f00a5ff6bab58be9a6e1fd2e1df44e729ccc35720d6ac24c5602134daea74820c008c2615b8efeeff504e158a7a93e8926

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
3e291c02a7597f40d0305b2ccdfaf7e6

SHA1
be3f0d88c0c4ae90ebc8deb3c7629c891d4199ff

SHA256
c884c9153e4739f72815db69592373b8432e53dc84bae86af38e8cc8376a4efe

SHA512
963549b81b410fa26b4cbeb4c0ca8dfe6023838a65c98516cf2d38c748fae6e71bb2d28ac43c94a422a5a9dcf02e1d5f0ae9ac5c0cc1c0eccbc2c8658a7bdc86

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
a54e4faae99695585a40fcb8de899545

SHA1
071a1c27c6332850d247d53c8292b2863c508b01

SHA256
36a9466482c00dfd6a7e7d59a922bed251ef53c59d2b6294b9e42844c4cf0a57

SHA512
cd2c1a864480d92446620a482b4f087d58d9ba5e29b16a4ecbaafc7beae734f471f5e6bba476c872042b7009a3eacb9b17f476035587bb0c2b8844e18bd7d10e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
d338131f9b61dbb03af10bb737c39146

SHA1
70441cd92a231211bc5bc1593f27e4186e99da49

SHA256
6c369516b182bf1b4f31e423f6f31bf2ca8365d388fa42879533c78c4ca498d4

SHA512
5237ec6343b2a7ef4d87db116766988dd943a123164a52a166284ba86532a5055a1e76f057e5f725a0053ce62876bc08264841cae4eb8ea3343ef4c5ed0a0725

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
8d2ced6423f440e8871edae9232cf8ed

SHA1
1e40282b82e4b97678647451025ad1fbcd1a2bf9

SHA256
eebff5db7bc7800fe52754b1bb91d515e841aecb6f05a0c81e4bc804298368f3

SHA512
c8283a5e1f941913f8916218f1e15ee874d00a0a7de48ba22d5c5ce0a8034ad15bdd8e30d527f137da4aa4eaa30df3a6acfa2f4a5d98c4dc3fb9c4e07a8dcb8e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
66f32608d75ea109bfb0ee0fb30861be

SHA1
36c37f87785d3f33a2589f12649d7f7fadb125a6

SHA256
01ccf05fc18aec276f0433a4624b4e2e21c600be510a9552f3c9a6d63c7be6e4

SHA512
f6202d26e2965b9d336d587dedc6cece85ea59613cb086a429d40909c7c44d68e3e9b15d747e31f13459c412b2b4849d45cae1b8fee037ad446828920c94ce9e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
84067bddc338f85a0fdfb8e8572f9dbd

SHA1
1fd21dc8d10e719f28a5c44a2bab25ef1ebfc356

SHA256
8d73385ef9dffec5bd6e4c4df5ddc7cc2721f0dbe3ab2b385faafad09dc0c9eb

SHA512
9ae023886afabb67279f83cb0d505487f9c917e6c6b4c12c65b1b86d37e8d0d394f33332c6b4577cd8fa872a735a54d0fc2a2fca15c1d0602897df3b38689458

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
5104fbcf8ae4806ff9479d1cbec70a9c

SHA1
2888b17d71d7204a62ee4a6a671b5d549cb41974

SHA256
2f508ec57136ea02607e373d34bc4e95e6b4433309aa9e68c7685a027753c32e

SHA512
328c55746e3595dda3ab4fe2cd3347d49bab525a4c4bccfdcf4814dcc820899e9439b04c0d07809a8fcb53b94d5ef0d032412ebdfc421f99abd4d020291167b0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
e3c3c260e2b66f5d8aaedc43a033b7db

SHA1
8b822054a84f66951fb2bb77930eb72af36e06d6

SHA256
f71ed277899e12cfc2dcdbe5250c243f2edfab2ce36ce4625291434e1c932c8e

SHA512
fe5912b70132edccce955c2ebef978bcacdaf9e6b7f8a7b5e2494a9c391ef9b70c7f2175652d448e9897a64d172492330cd11403dde0ec1c70bafc317ad5cc38

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
8c82e53d54cd3d12a9adfde2a3199909

SHA1
fe7d3d3d2171da98c1d189e34d270492c42cae8a

SHA256
20c6a6a8234f7533035454fa44ab9df332d08ca8ce94a5b5f0f3866e2cfb2c1a

SHA512
37b5630e56f5a2bda8411f1a6f502513a5b95a331731750f3f30888ea1ed245a19b165c945e1869a8ab181d1c0e18b7753e82cc81d98a8bcaaa463f07b46a975

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
7e78fd775254c12cb3f93a4de15e81da

SHA1
07a0d0c1bc6a534ef1ebf7f56f92d41c4f15c54a

SHA256
a2b8ac872705162f3d032729f12e8c1e3dff05445566f17b71d49961bf980f6a

SHA512
b62f950357e7d146b105ff5459d8812a0cf1da5508037f020742546990d93a2f70135b51305f397cb626731cc40fd7e36055a1ca6e810d4d4e24d85be8dc5eaa

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
1fa00284eff8d44b9969881f7418baf3

SHA1
7ab6cf20a78521ba4a217f4d79a77f67c7bae790

SHA256
353a01881d37c78eeaeaa3e1a2696804a0b404bf3915063278a7acff93b7b023

SHA512
4ffb397301163f7e86e16367d3c2552debfe81fb6f9879b13c6597328d6363a30dafd1874e2a927374ef7a6bd569282aa9f8ed75fd7503fc735e93641dc7a9b0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences~RFe58cacd.TMP

Filesize
4KB

MD5
834c8a4e0f241b6a3678f0dcdabb0d48

SHA1
a878d8a3cd9f1e53c4102e0907e029dd24ac09c4

SHA256
cc48cda3a533c94c51485d2403b6b8eb86befef823ef9a17a83392f89e60a9d7

SHA512
59e38a1fd5b3a331d7e90dea420ec66e37f8eb65fa1eafde50daa8ff1483b4e973cc73530ef9a7ba29796bb4bb0be5fc9db6b73c25d14a42f85c39f8c0a00ab1

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
5ecb0f3efb904be2cb7ec4a5f199a263

SHA1
fcb5d9663215b75efec9acccf23dd86490d89d1b

SHA256
d0c8045ba2844c2df3ec26cc40e0e82febda36515b0c61c1251ea8eca8cc1cfd

SHA512
c87f2cbaf70375776bc2193828041467d93368bc54bdc6c9029e19c718ab0fc04a3cce5fa6534b4a0cafa9cdda01f21092b80177167a165ed403bf67b5c26bd1

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State~RFe58a11d.TMP

Filesize
868B

MD5
b65d4ea2d94328870f7393636dd369b9

SHA1
7cd76a1984eb96546ab8b05769419c9d389ebd65

SHA256
afa34e3c516a77fef577b439b9767320ecc3b2f656aa780557574b19743e8442

SHA512
9f22429fa51eabc8ee980fd83ebbd4b6914fb5fad5229c14955ee0b822597091568e696b262487142c533566155a3b1fb7288dd0b493dacee8cd315e3b0911f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Bathrooms

Filesize
11KB

MD5
b1ef379960b1cc12b80454174ef222b3

SHA1
e85d00b4822433613e0d1523abc1edc4220421fe

SHA256
cc9605d93f0b3536ea951b84f3fbe3d0196f361de2276038165ceb2200c92c7b

SHA512
7a62f6413986032298a8baaed564becbadd24ed70949d64ef3411fbec488b82820c04d7c250165ea57371784168710403f94940acae8a97ff10ace57c27ec2a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Compound

Filesize
277KB

MD5
2ec41cd75e4e41ee8c1b1e0b9d31c7e4

SHA1
1ae820229667223c05471140f04486174f818306

SHA256
703e01cdb77a38db64afbcc43b8567a808dd0e5702eab102e16364437ceb2420

SHA512
46ea1d8606dedad2acd591c7591956925065952465423f1f77431e5b55de2955fe5db8ab8a46d92ef5ca0458e09a0dfa99461d6c849c0818f28d3863b358649d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Emotions

Filesize
222KB

MD5
041ce253674ba21b9d38fc9fde7f054a

SHA1
7a59249c38c6a5bfe7766d2b5ac226a9cfd408d1

SHA256
a2d9ac3903c9299a993206ec17f7ec8e06bee2293239e8a8b517eef561de2d3d

SHA512
48ed73cb5f6872980018050a07741e08cf3abb3b7a1365eac635906b832c9963330d7523e21ac6a0f5c40485daea78df206d04a4c51c5ff9aec424f56edcd2e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Injection

Filesize
117KB

MD5
246eaad20996e50d7ef60b9200bd9651

SHA1
65d11b058e25e584ce67489c1ccfd85d09f15d0c

SHA256
851183e54980e91bdc772a752f738547841b22629afc14d05da9c954f320127a

SHA512
a0c24a4792afbc20f9b166e7a8764016409acd474091a0978d4b2dfd061ca142103549d19459f23d1dbdb0e624395c1258b8a609c6c283992ff625891e83eefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Participants

Filesize
167KB

MD5
f8f388e977f31c5fe1748541b54920ae

SHA1
e7136e52621f93ffb84325b57e98985ebc6512c1

SHA256
a8fd7c611b67f141db0423e5069f0e6fa5e8b4d441f920ceb0378692a2528754

SHA512
98d423d056f2bf9e63651d0106a6bf96af135c8f190e34222ba72786b5f2bab5ad8ffe82df47e34ba446fca03d3db3f7bc3b033774b79edffe6262f813b84e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Richmond

Filesize
21KB

MD5
1ca5141d992262432ba4fff828d7d092

SHA1
5e9aec92c0e85c0b7f576bf18adba9e3c3e93897

SHA256
9f7a626c7d33e97f707c415aeeb3f8f3697edd0988fee6b3be07e9a02b74ba75

SHA512
198e63037f7906681467daed4cffc6b07885ade1d80b5855746fe02c2d86689e1c6dbae6432784d67fe092e041e4943de846e0aa791bdc5c5a5e08da06af0242

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Subsequent

Filesize
426KB

MD5
c42dc09d03678e36fcd19b13b8f8e502

SHA1
be31c2f6e43f87a56eeea107ca20822f5d2b6c52

SHA256
4e84c8cea810d1466db293cb934b60e10067d34c851a2eff44894c60681810f0

SHA512
fd5028a518bbdfaddf75e6d2ce10956bd573535ab3f4f17aad11062711b10259c1983a2627ce283c49ee768148e993f4f0453304f8b0b2461e9c0c5b6ac29ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Worm

Filesize
120KB

MD5
8b9a2094874a50a5d6611512322a41df

SHA1
649b2fc4751a857ac795637890c3ffd1a1f6c069

SHA256
5dbffacd5038833530ba781b5b1a020e504257ae796793b3b47c516549a9be0f

SHA512
f5a4e4460e1881e8a6e6db0e21d59efc4e635e2ba6c8620856d27e7b940f1f7784846e3fa7a8e5468506a7db6397ec411325bd60ea8c9f833bbcccc1a523491d

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_xvo34.exe

Filesize
442KB

MD5
9cf51561e1c916d305920aa68d90649e

SHA1
24e4b43ac53c02f69b51bc60f0235c6a3da7a72f

SHA256
624c1291cc5eafde656355fd10c84f05525edea4f7a3a0045b34d45f65a3a941

SHA512
c03d580f27a3fb4d693730add7ea9bc6815fe8af9a0aa7e5eb72863a3a0e7fbcb3c5eafbb2ad6849d3ac21f1ae8f179a0f876d626166c3d6a22219de068f75eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_xvo34.exe

Filesize
499KB

MD5
29f440eef38eae24b2c469d483c6eb40

SHA1
f11a4664a9eca82c37559f97b6ae45dc5fab419d

SHA256
3cb2656f944c279d79a6cbccf9bd82960c51d026ecc7f0ffa29ca0a8655ad774

SHA512
e1fbff304b365adb10f3f5151c8d19bf3b6788abea4e702b98b4b78fe8050533cf6b40c2353f57da3f083b975d2ffe03d7aa008c03fcde1d0b79394f15d99bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\D3DCompiler_47.dll

Filesize
1.7MB

MD5
460d6ec91d2f97616ef2ab1241d19cb7

SHA1
96166eb06a20968ebc8c8c6221dc8c44296b3d84

SHA256
707700db89c016e0dee1f1a9aa85c71c5607229cec2f8ef8573474180553b440

SHA512
edc65e3772e8d103360256868a0fdf3296efc2fdb1dc9489998642194271b5199e5bc9a973bf3b9032eec3f1ee7ff3fb8645d4fae8e5c76121e67c61e94cfb5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
2.5MB

MD5
2784b288057106a5e08f16377339d4ad

SHA1
62a5705f96a2665519a7940fb309745b791e98b6

SHA256
6f7833e864e20b2fa1ef454fc60590b7f246fe4a81f22c35dee247c7d8df03e6

SHA512
663e06957d3de5dcdad6559391d733c350efffdb85363ec00943bf0ff07fef61fde164b71c4f9bd5f2e8d0570f85a1734c03c53e9ad85f4b55ac7628b5664331

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
1.6MB

MD5
df437598620a536e76d3b0a527591cfd

SHA1
e0c7f0f0b62517817f2148351c8f983fecb10ae5

SHA256
039e968c6e6c06f3b0972eb8c8fa14aebd42c7bd43410fd19d0b85fe478fcf8c

SHA512
0f5de1e976a565ba8bdd55281d7a57b9d1469a532055549c4d394fc2b60be8805993b6ac49a511946e40e6d1662e216bf159eb990861e991291ff1b0e612e16f

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
1.5MB

MD5
312922985538ed4fb77734e639dd4b58

SHA1
6fcaf81adbf41a50d89201e7c2c2ab45d1b4a4aa

SHA256
d1c59dfc966a0da91daa2f6fed526d5d9dd8f7b0a17345176d46ca59cb27f0e1

SHA512
059ae39e236f42ed26c4b335383e8d00f3a1d657909c662a11a1eb653228bf0728a3b1195ffa06c5f74b1c8ddfd4992260b64d7487aab94bf07cd028fef74e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
576KB

MD5
ccf15ecc8365f86684b217205e29bef2

SHA1
9ade80d3077fc81ffa6df3674a34db33e8d0a44a

SHA256
d68d065c520ca25aad0034844c07b6f9c793964e48fe6003fabe84399b28c963

SHA512
c27a8bbe3eb22b282a7be023baf182a4db7ec39a9d8152146cc0be1e95fe6544553b51b092c596e64be27b032fa54bf465e55fdb43e48b979509b9d5bf357034

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
2.2MB

MD5
440273b3b7b53a3f499d4d8d5947d9df

SHA1
4dc2d171db0911509ed3309e5ee541e3de8a16db

SHA256
136cc5d9ba7977eb916aad7238e1d4ff360eb24864e6ca5e543fbbb6cc352349

SHA512
abbb33e606647a940eb9d12cf3653f0b9f677f53b5a266f921e427a8842ff4d8300bbb6a342d9caa7747ed9257e20e3c02776780b6186224713de9c563f45bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
1.2MB

MD5
238cdbef39a50e3a9a0ac7ef49f50263

SHA1
17d74ccbc6732c241c4739228ad0811956dc24a1

SHA256
d9d5305100389c7b2032955d5bd774b6b1ba1346b063f6743ce0e596dde99ecb

SHA512
975bc97e16ecf47101a624e4714d8dbd9b5a03f62d1bfc3a35ac7e1406ddd950c6919d8bc7a87857fc3d3b5df8299a270120557cbc47cfad3e071881f92d25fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
400KB

MD5
ea78c51e74fc656e58a43d2361dfc79b

SHA1
912cff0e378f431bbb3d89e5ebda9d0dfbd0a3fa

SHA256
b7453ef3cef0466e717dd38895f6616607c563429554464593b76f3600a94e7c

SHA512
1b5c22d3ddc61c6d8e6588647dfab09efe5508a74e89260011dc4cd9a77551efdf5326260b63a77eda0ac208b2f8fb0fcad9d0e9f4b413403581938ce365404f

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
915KB

MD5
1007ef07e6f7d55a9391d730beebbc04

SHA1
bc871f01cc95d089dc34fb76aea7953141690ee3

SHA256
186a9daa2ba2aa092d1249c7f2aacab2655ef51a294927d9cc93489e0a46c39a

SHA512
cdf43f03883f6efeaecc24fe770b14563395bdfedb8a70f26d3461a4c94c34e04cb0c1c03d7e97cb8150de12564c3e38952c9dee23f1357583aa8291116021e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\d3dcompiler_47.dll

Filesize
1.6MB

MD5
2cb1bb94de806669e68c7dbd31f3a9c5

SHA1
87b0009fe38c45f4009c67a6e8f60b1c42893044

SHA256
357d7ef6b9d8c8ecbaf9ea43c189a0ca9d98a76ac205535f434abe35309df5c1

SHA512
52d6f78a1ee985ea08b6de708e6c67d91f821c89314829547668f90babcc9485aa6fdad55074075b5b55625744ea7c5469a7c70b2db2d2b1c2c2a458f9239b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
1.9MB

MD5
8fb19b8e58a567a27619a91b99ad8bca

SHA1
9f24a832705ea853b4c0cfe9f2100f42aacbd0bd

SHA256
424a34741ce0e5104df6d33ea16633c018af5f3a7396734218d1a6eb4f70b1c4

SHA512
b0415aa5728d39efb01d3e0cb082bbd4f42ff1284447ad89f85604e7ebc6da2bf479af7d326282920c543f351e856c5e3b1a97e2fe6c3bcf198e619165f3be5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
1.8MB

MD5
54d00ef4ca91c265e1ae2b262ffad73d

SHA1
2f664a9eb46e1c4e7e36c053e973e436d9048390

SHA256
3396168353fd3f3ea8c7afa34ae39362abd069b9908eb583ce5963b5d633a18f

SHA512
20a1dd838deb9fecc99ff8c73d3e4ea56dd5eb976ce666edb520e3111d318e3bcd34a1c90c7c183d80e99bf8d1898efaff0e4f80c024120dc0cc90dd228f920b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
832KB

MD5
1412f7e96dc289df1e5d5ccbe3767036

SHA1
e60e4442c066c1b23b0c8f6a6d0d67d32597b55b

SHA256
1d02cb2e86b4cbb48c90f0ebecb51a7249096685c9bf1f3a0aab7af7b02f33c2

SHA512
fae74aca2053de0eeb6d27b664152603a531ec416107134411dce310fc5e9973628a3d57a12ad39fad1cac6bfffae52da8569d0164e36a2711a77002a4de2322

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
470KB

MD5
592e7f00c6402be2d4d23e3e0760b0ff

SHA1
d70c7a6d2ed9792368fe24cdab9ea3dbc0c894bf

SHA256
f0b52ab1c0382df1d12c8a1c91277dc8a77a8cabb380ec6ef70f361f5effa5ac

SHA512
29ff6218bd72708626f413050d73d98c7968fb1e1fa51957fc54c47d3885f0d922b56d12c0d5978bc1eee15737b7915e38f5b19bca3604536b71b3510b5fdc4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
449KB

MD5
5c5a28b93ad4a98c3861d604a2648f4e

SHA1
1098681b6982f953df572b3c130bc26629ba00a1

SHA256
c5abcb8cd2f1e7e0951b69545c8ad15303de22a90548e8379d1765f874f63850

SHA512
8f60deb540f3e16950c95b4a3d6dc9d66e4a9baf2a07887d0d1f75e13fc8ffc73f4a31b9dac70be5d735b6ab60031af31027ee3c4299180fedf7cc3f6773d15a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
704KB

MD5
b7c16333ed1a5874cba6988ef4f9a431

SHA1
c9c4a9c22de0956fe81f5d0f5c6e137ba27d663a

SHA256
26ca92b6d2dd7ebe402b87c8d2845beb6cc904366e00cbcc16f7f4cfa274656c

SHA512
bd00dcbd302cb965623f5f735db92efed2361719120352e1d2c805de723fa5e7de366b01fa87191c2175d85606d5604de5fcdbe51e5df6c684a9047dec8476e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\icudtl.dat

Filesize
666KB

MD5
52adbf7fcea468e1b8353301226a3462

SHA1
d3113ca2aaecb826a5b5316782aa08d39250e0ac

SHA256
7f5c8731e86564106d94a59b731dc1da03257ad69c17d548727930de8cca5efe

SHA512
1ac1493454305be8a03554468c5d8740ce414744b41cb0ae1638680d22c87b0df6659d6ae5999de96ffae11596b948267a041ea0c13e6e866c04baa4319df07d

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libEGL.dll

Filesize
192KB

MD5
f77279ebbac5902ed6bf5ef6754bd11b

SHA1
f9fee750963af34f5eba8b7edb4b5c6e0516f767

SHA256
3f5ffacbc8ad938d2b4dee2fe2972633b1156cf07279124c1c540211bdbe0a22

SHA512
b3415dd418099f941d8269d2b1a5675dff148501f1c8cf4ffc1d1794d2075b045953ba79a924321f01336817fa8cc44ba11179230102456c4e5c5c4c8348c745

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libGLESv2.dll

Filesize
192KB

MD5
81fbb2f9fa06cf3e224d7cc72b083454

SHA1
77a8e0674b5241d47ea809b8e5c0b3190dec2984

SHA256
3270e36843bf2c5c204bf5f903253515f122096444695e5307d394250ab730db

SHA512
4dcf41a470d34944e6c9866867a639dc7fdcf61928a4ed9a1cb5fd60cde8e2776ad4f47b16af926cd146511bf22b0ae729a2d7f5dc70dd9a60c14ecde9d626aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\ar-XB.pak.info

Filesize
1015KB

MD5
edaef65b3082ac1502e46a7efe9a7260

SHA1
80fd9d68b4a0af62ef7f53d58ee9fb3ef1ef32c4

SHA256
7f8d7ac684642fb44625b0e32c0d8d20df0f661db616b157be04dfec918416eb

SHA512
3564bd96293d4a07c15d2ddd50abb531aea0a62cd4e0a8e70b60c7ef015b6e11f8221f353b668b0670938299770cf3607303075fc5f34bb73f9abbd48f666726

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\en-US.pak

Filesize
448KB

MD5
09a27daab8ed231994af216a98a73b85

SHA1
c2211a4cdc878c7685f30454bf9742b68025d22a

SHA256
b8a8ee9f3dd6946649beb4f3ff96889bc010aec561678903316cfb26d7819479

SHA512
40016c3fe93989936cd63ed1e20da403f9b19f712efc31b65d485f06daa7df41ba86da76ca0ea04db2932cb4ef928ff2ab70aedc839a8ce472b83a92ac298e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\node.dll

Filesize
373KB

MD5
d9e61e65fb210304fa85c29efdd24375

SHA1
57fdc278b81c96ea88621411f479d72ca3bad510

SHA256
b002b2169ffc6d73edbcc323b5d486de239ff0abd75c317f90a09cd2d9afce22

SHA512
ab63f2171d54ac47cb7c8ad8b2a5392a64e9751941fafaf29ee7dff7b621408126729f1791e25d362be74c9ddb6cd73e259f42788850b0711862c2a003a39612

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\node.dll

Filesize
323KB

MD5
8ba9f9773afb89b886a846bf991134b6

SHA1
9959c852b10463e538e807bdbe6b5f4e60415c8d

SHA256
1f002f978e89fcca14a0eb227078e4855389a2f7d35b7bb09f6d7c5d75eced3e

SHA512
dc9311742960612db4924fd157a6ef9aae3da7cf596f1d3c82cc662479cf7bcfd8c06bbf6cf8bbc2d92df64c75d4f32e3d2a929c91eecec16b6d901279f52889

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
10.0MB

MD5
bf939384065b5ff0d6f690bb0a1c8a44

SHA1
8e655159f0195980c2de4a5f309c37634afd40e0

SHA256
9a5b302d4751ef87672cc3039faac1666677708f15351b8100b398c026697e2b

SHA512
4b655a54890e5b659c8a8cd3ead1b72d3046bd8c0c36b031cd90a5cf26c97c1995d2fcd8eb8712e14e176c7403c131510a77b572ca31a46cbcecc33f3349ff52

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
2.8MB

MD5
da52943b5cea71e6de973a7f5053d0c1

SHA1
dc86710b5004e284b9e3771369d33460079c903e

SHA256
2cd006b3a67c2b80d8afb86bbc69590880543b32969a22fba596f1f26a4a935d

SHA512
7c42ee39c2bf47ebb36c4b501736cc0701c686c108492d6deecc3fb155b159415e31345e936731c4e47d3953cd4ae4340ed3e20cdc2b1b9933e0e7152610ba82

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
1.8MB

MD5
d254e0f6b9549dfcc4a7a720f741aad2

SHA1
42cd4905197d72f90bb6089c1f3e3ddac721eb34

SHA256
25f19c9547f8c7953552da76187d5ac077d63f6e3575d91242546a141db1d872

SHA512
eb8f62aaf8392cf5b19b298bad2a6e7005c89e0f102e7583427618d0a78f8d8c51d47d59b17ea0a81609cc5fb6ccb40c92b4a8260e0d80a156514ef2a8043225

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
512KB

MD5
3cc9138ba9f700e3e9c6329760cc7381

SHA1
8fad031381921cb2b6a81f8e78ac873e5a46d192

SHA256
66ab50f5ee6365e7c2bb23b16565bae849e76676b4b289b22298efd34f3e8a5d

SHA512
77dd3ea5a5c06dc4a8b5ceecaa6f6300e12e45666b90abff3196dd834b4a5bce4ae6b8d964112d57af290b7c50ae53361c4b232c2a98a36a8524d78c8bc58e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
398KB

MD5
30aef71c141e3df7a847626c62daa679

SHA1
eaf7250b61e55e8d6b4db7e2a12af17b5ed5b857

SHA256
df1cb0b038286529189fedd5e957bc892a5a1e46da101c0b718463c221444c58

SHA512
ec7bec50837ab354015c0cee8d58b7a3ca96198c7a07265661c7ac1a03e45f7f32686123721401a5bbcc7b777762034fb2762c7207b6d7a7f6dcdf90344df8d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
328KB

MD5
69afbe5ec580fdc7ad5e77a495597d28

SHA1
171c10dcdb61a459af98b4868fc3e28975818fd8

SHA256
fe3bec7004315d6329b67bd21438e26d710ed314874a455b66a7b054bd602d8b

SHA512
707fb2d8634428416a4cfbf8901a3917017c21aa854c92c40d0366b61dcfe5cf6df2a3ed1d8de86c5b3221d709f9b56f34e2e4698a2b8ef8287444615ba49f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
1002KB

MD5
2b7ce3578a217f27f1ab5936b01bd1e9

SHA1
441f8806e611197ee93dd00404e748829e054994

SHA256
903d458fda01d04689f7d529b2bea18ab674d22fea003674c594b9059863b690

SHA512
53071343fb1a3d9a8fb7644671bad8a00fa26bb07e689b440946fe0a444e7340e4cc53bf35ed5f353d8f4ad74f6568485506dd21aa0a518f7e8c0e5bf3223d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_100_percent.pak

Filesize
718KB

MD5
2f1c41cd4f8d630e965c83608aeb8dd1

SHA1
877ee7e4190967d69c6ebf9c6a52327ec10dffae

SHA256
a476dbd7731b7db5a771445cb9cd8a838dc706d8986f9e1da3d81fac59cbeb1d

SHA512
1780bbeece915ff4d959b13dce849ad608301eab7b299bc8fad9251c2ca392b6833ceece30256ed607b4b5e12dbb7b5e0d247b711901c628b180497eed872239

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_200_percent.pak

Filesize
659KB

MD5
b9b7dbce5ead91d04dfb4d0fda076a15

SHA1
78941f3c41dfca3165e34ad2d1122d93ccf16ecd

SHA256
feaf9131ca0c3076c008e6b9bc11e20c7b2ffdbc8a70be9ebba1262b3a9a9516

SHA512
0c7bb5778c741a961bb278d7b322ea92168c9345f74a68fe632675d574fcf27d05ee31e73e9d006901197533006636f9c0d3b39d9e35bc55b673000860974ef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
1.1MB

MD5
98acbb1ba1112cfa4da907558ea7cc0e

SHA1
9e041b920a7a9e9bc0aea6fc7709deb67eecf7ef

SHA256
0c57bc73ca823aef5dbb3785cdb343dec62854f80e811df16ac71ba88a039a5f

SHA512
a4845ccf34b534d5ff336a909b66f8cd4f48c151540197ebf63242a83c02a4f5a9f992a7975de44ca0f66e810e302a37f331d4bd26afff5088f2c44df517ac86

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
1024KB

MD5
721859135f119df4a8601814e9a7a93b

SHA1
35b7200f81ee726d6278192671f910c5a6953b20

SHA256
56d05bbea64870ffcf453b70a9699b12fa883a2670186a7d609585d201b0aed8

SHA512
593f20e885c08ffb8ee2d0baeadeaffeb70c9ce9b57d5314a7b9b7f96fcb4ea0814e03fd4c2d962e54498e3c500f4cf27b6a4dc5067682bb004c1940a4f94a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
512KB

MD5
a059ed70203308efa1990aa234e29785

SHA1
e61085d795e216c99fa85639307312542683dff0

SHA256
c7d0d9133f147dc64c46a2e050f9587d561da1229e5a1b96e8017b2090a6178d

SHA512
944299cfdc9da39256128e835b97ef8fe4f137004780ffad0f76a40fc63480de9751c8bae207dda8b99e25ee91b0b49c0b8870ad1867bc2ccbd3c25eb28a5567

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
631KB

MD5
47fe0ebf36a34c8b5865372bf0f7595e

SHA1
f2e999d2a66af30bb80588797f4b6ea04ba2d814

SHA256
c9c1e10db193411e7df8f4dd0902e4a58994222a9c4760e5109562d4f5aecf1e

SHA512
899af75a0d1c7174831818c3924293071d298a0302eb3762f91d3b3c14638243623a91b686fad7bafae1c18c3be783e290b77282cd2991938ff9dda299e065da

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
467KB

MD5
af99265b1ce995e2ed6ba19d366d10c8

SHA1
ef15843bf4ffed090338141fd54292a0f798f6e0

SHA256
afaea9a7ffc729ed5c1559c6e3d8cd06e1f897dbc8a97de63ca70aa4c10708eb

SHA512
f2023b246df3e5b977819cbc7a9b149d84f7324ec5f8d829e8a41c1d7c76cff8fb14c7f3fce15aadabbcfb0c91ada543dff36ef327d0c5c456cc7991d4e13aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
570KB

MD5
06bd20086fc8e8cdb1aa92a94a44540d

SHA1
efe571b75b46910f0e83b828bbff1e1031583d96

SHA256
643c394430472f92e9486f0440b01943ae085b7594f31947763537565511cf70

SHA512
646c49038e9d1396e67d03c6dcfa4e43fea6269927c08cb5e715b78395aa9158412c58e218ba041efef6e96f0ddc2716ff18ccb33c460e446822f43d0da1f274

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\resources.pak

Filesize
1.2MB

MD5
3e909c4283511192969534e369e077e7

SHA1
5a4d3f266f89aadaecdd0829c10c52af96d461ee

SHA256
4e9e6709e8b3955a1c8b18ea27318def7f3032915dbd1e4fa73274f361275ff5

SHA512
03f6589f9366e9740e6cb90942fe819199a1f925ae084af5ddeb17b9cb90c3138ead6ab1d45d87066f050fc758e15e334fd8513f0c125ed8973dd404f3db9e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\v8_context_snapshot.bin

Filesize
669KB

MD5
c0e7602b0c7d5de0be5e83c20591f941

SHA1
838d2038682db7008f6a2776026cd6085db9ff3d

SHA256
345726227a3d92f5e2f87fbdea70385690b38f8d181c902254845021093c5697

SHA512
7d2ff90ebb6b051fdb050495cf5f3d353f4f14e1d5777d7d181ddb70cdd3ea4f633364fa5a0e2e2ff8c9a5a2de636160e0612a7f45fc65882114caab53ea0cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\vk_swiftshader.dll

Filesize
1.4MB

MD5
0b40ee7829097172af02886ad11e67bb

SHA1
e6fb6b13209e668b7d62ef9e26a25073f7f0c8fe

SHA256
e18a0f4f3101e66d93f56df4f46a49671a5f33b42ead604abe26d8695da941f8

SHA512
074edd1e121f80844c494b5cde417f9f493279ad37fe4d7e3b6771a39e7446d5705b99d6bfd3960b6d66ba5db979d455be6526fdbe053abafa6a78e8b5e3fd87

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\vk_swiftshader.dll

Filesize
14KB

MD5
1df5616267a67255010021e9937a8da6

SHA1
91033ef70c134b70f2352f0a3f683795d6ba1deb

SHA256
463f851e6de3b48d2e5baa48931a789242c568d366e0e7a2c6ec6738665382a2

SHA512
e0fb1bfc2b8d100a20218b96b7618934a9f80e72403b9b4a4c19dd6ba8f2a2cbc8ccc38f7a37fb91445a47af7f42e2a22c9c8caa43b5ad75d8f5aeada666f193

Download Submit
memory/3280-672-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-680-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-677-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-678-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-679-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-681-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-682-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-676-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-671-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/3280-670-0x000001B603D00000-0x000001B603D01000-memory.dmp

Filesize
4KB

Download
memory/4072-618-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/4072-620-0x0000000001450000-0x00000000014C3000-memory.dmp

Filesize
460KB

Download
memory/4072-619-0x0000000001450000-0x00000000014C3000-memory.dmp

Filesize
460KB

Download
memory/4072-624-0x0000000001450000-0x00000000014C3000-memory.dmp

Filesize
460KB

Download
memory/4072-621-0x0000000001450000-0x00000000014C3000-memory.dmp

Filesize
460KB

Download
memory/4072-622-0x0000000001450000-0x00000000014C3000-memory.dmp

Filesize
460KB

Download
memory/4072-623-0x0000000001450000-0x00000000014C3000-memory.dmp

Filesize
460KB

Download
memory/4072-541-0x0000000077D41000-0x0000000077E61000-memory.dmp

Filesize
1.1MB

Download