observer | 081ae5c21adb12d5661e6849efa6003d14f8be48256db982281d66adf956818d

Analysis

max time kernel
561s
max time network
591s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

99.7MB
MD5

3d54a88bea517fb58ecb46f3d7f94777
SHA1

b51360050b9785d01484d3d7b5c9796f98a8a0d1
SHA256

13dcfc1aa528addb278f703cd8fc7b0aaf8cbeb8242bdd0a070401099de854f2
SHA512

92c68b0b329b80ef892ffa838dd94e6c9d10e48e0e6f8840b9933b777bfa50cf5ed1c0ddea2c74a3c27d05310087a33ebfcaa6d8df71e8cdce46eab703d4299a
SSDEEP

3145728:qbzHAlMRvSvTXKX5U1LAcHbBlpmDHxc20Z/s:iTAmcLXKsxr2R4Z0

Score

10^/10

observer persistence stealer

Malware Config

Extracted

Family

observer

http://5.42.66.25:3000

Signatures

Observer
Observer is an infostealer written in C++.
stealer observer
Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	file_uccgek.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	file_pktq65.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	file_nfa9zg.exe

Executes dropped EXE 31 IoCs

pid	Process
4252	Launcher.exe
888	Launcher.exe
4584	Launcher.exe
1672	Launcher.exe
1660	Launcher.exe
808	Launcher.exe
3084	Launcher.exe
4928	Launcher.exe
3052	Launcher.exe
3740	file_uccgek.exe
2716	Awareness.pif
4740	Launcher.exe
4432	file_pktq65.exe
4664	Awareness.pif
1808	Launcher.exe
3440	Launcher.exe
4256	Launcher.exe
1716	Launcher.exe
3060	Launcher.exe
3496	Launcher.exe
4020	Launcher.exe
4144	Launcher.exe
1316	Launcher.exe
2124	Launcher.exe
2356	Launcher.exe
2492	Launcher.exe
2152	file_nfa9zg.exe
3208	notification_helper.exe
3804	Awareness.pif
3448	notification_helper.exe
1200	Awareness.pif

Loads dropped DLL 64 IoCs

pid	Process
4252	Launcher.exe
4252	Launcher.exe
4252	Launcher.exe
888	Launcher.exe
4584	Launcher.exe
1672	Launcher.exe
4584	Launcher.exe
4584	Launcher.exe
1672	Launcher.exe
1672	Launcher.exe
4584	Launcher.exe
4584	Launcher.exe
4584	Launcher.exe
1660	Launcher.exe
4584	Launcher.exe
1660	Launcher.exe
1660	Launcher.exe
808	Launcher.exe
808	Launcher.exe
808	Launcher.exe
808	Launcher.exe
3084	Launcher.exe
3084	Launcher.exe
3084	Launcher.exe
4928	Launcher.exe
3052	Launcher.exe
4928	Launcher.exe
3052	Launcher.exe
4928	Launcher.exe
3052	Launcher.exe
4740	Launcher.exe
4740	Launcher.exe
4740	Launcher.exe
4740	Launcher.exe
1808	Launcher.exe
1808	Launcher.exe
1808	Launcher.exe
3440	Launcher.exe
4256	Launcher.exe
4256	Launcher.exe
4256	Launcher.exe
1716	Launcher.exe
3060	Launcher.exe
3496	Launcher.exe
3496	Launcher.exe
3496	Launcher.exe
4020	Launcher.exe
4144	Launcher.exe
4144	Launcher.exe
1316	Launcher.exe
4144	Launcher.exe
1316	Launcher.exe
4144	Launcher.exe
4144	Launcher.exe
4144	Launcher.exe
1316	Launcher.exe
4144	Launcher.exe
2124	Launcher.exe
2124	Launcher.exe
2124	Launcher.exe
2356	Launcher.exe
2356	Launcher.exe
2356	Launcher.exe
2356	Launcher.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Launcher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Launcher.exe

Drops file in Program Files directory 36 IoCs

description	ioc	Process
File created	C:\Program Files\nw3496_265939700\package.json	Launcher.exe
File created	C:\Program Files\nw3496_265939700\nw\icon.ico	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\node_modules\.package-lock.json	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\node_modules\.package-lock.json	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\nw\background.png	Launcher.exe
File created	C:\Program Files\nw3496_265939700\node_modules\.package-lock.json	Launcher.exe
File created	C:\Program Files\nw1808_985307034\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw1808_985307034\nw\index.js	Launcher.exe
File created	C:\Program Files\nw1808_985307034\package.json	Launcher.exe
File created	C:\Program Files\nw1808_985307034\nw\icon.ico	Launcher.exe
File created	C:\Program Files\nw3496_265939700\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\nw\index.html	Launcher.exe
File created	C:\Program Files\nw1808_985307034\package-lock.json	Launcher.exe
File created	C:\Program Files\nw1808_985307034\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw3496_265939700\nw\index.js	Launcher.exe
File created	C:\Program Files\nw3496_265939700\package-lock.json	Launcher.exe
File created	C:\Program Files\nw3496_265939700\nw\index.html	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\package.json	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\nw\index.js	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\nw\index.js	Launcher.exe
File created	C:\Program Files\nw1808_985307034\nw\background.png	Launcher.exe
File created	C:\Program Files\nw1808_985307034\nw\index.html	Launcher.exe
File created	C:\Program Files\nw3496_265939700\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\package-lock.json	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\nw\background.png	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\nw\index.html	Launcher.exe
File created	C:\Program Files\nw3496_265939700\nw\background.png	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\package-lock.json	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\package.json	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw4256_1784904393\nw\icon.ico	Launcher.exe
File created	C:\Program Files\nw4252_1334491193\nw\icon.ico	Launcher.exe
File created	C:\Program Files\nw1808_985307034\node_modules\.package-lock.json	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1960	2716	WerFault.exe	117
2460	2716	WerFault.exe	117
1944	4664	WerFault.exe	139
4280	4664	WerFault.exe	139
3652	3804	WerFault.exe	176
4780	3804	WerFault.exe	176

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates processes with tasklist 1 TTPs 8 IoCs

Process Discovery

T1057

pid	Process
952	tasklist.exe
1748	tasklist.exe
2984	tasklist.exe
4180	tasklist.exe
2104	tasklist.exe
4280	tasklist.exe
1748	tasklist.exe
3520	tasklist.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Launcher.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528502068791712"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC	svchost.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{E6ED8120-562F-4A5B-9C63-79B1E4508DBD}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe

Runs ping.exe 1 TTPs 4 IoCs

Remote System Discovery

T1018

pid	Process
4100	PING.EXE
1376	PING.EXE
4508	PING.EXE
4624	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
888	Launcher.exe
888	Launcher.exe
888	Launcher.exe
888	Launcher.exe
4252	Launcher.exe
4252	Launcher.exe
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
4740	Launcher.exe
4740	Launcher.exe
4740	Launcher.exe
4740	Launcher.exe
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4020	Launcher.exe
4020	Launcher.exe
4020	Launcher.exe
4020	Launcher.exe
3496	Launcher.exe
3496	Launcher.exe
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
1412	msedge.exe
1412	msedge.exe
696	msedge.exe
696	msedge.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3448	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
696	msedge.exe
696	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe
Token: SeShutdownPrivilege	4252	Launcher.exe
Token: SeCreatePagefilePrivilege	4252	Launcher.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4252	Launcher.exe
4252	Launcher.exe
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4252	Launcher.exe
3496	Launcher.exe
3496	Launcher.exe
3496	Launcher.exe
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2716	Awareness.pif
2716	Awareness.pif
2716	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
4664	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
3804	Awareness.pif
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe
3448	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3748	Setup.exe
4404	Setup.exe
2436	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 4252	2280	Setup.exe	89
PID 2280 wrote to memory of 4252	2280	Setup.exe	89
PID 4252 wrote to memory of 888	4252	Launcher.exe	91
PID 4252 wrote to memory of 888	4252	Launcher.exe	91
PID 4252 wrote to memory of 4584	4252	Launcher.exe	95
PID 4252 wrote to memory of 4584	4252	Launcher.exe	95
PID 4252 wrote to memory of 1672	4252	Launcher.exe	94
PID 4252 wrote to memory of 1672	4252	Launcher.exe	94
PID 4252 wrote to memory of 1660	4252	Launcher.exe	96
PID 4252 wrote to memory of 1660	4252	Launcher.exe	96
PID 4252 wrote to memory of 808	4252	Launcher.exe	97
PID 4252 wrote to memory of 808	4252	Launcher.exe	97
PID 4252 wrote to memory of 3084	4252	Launcher.exe	99
PID 4252 wrote to memory of 3084	4252	Launcher.exe	99
PID 4252 wrote to memory of 4928	4252	Launcher.exe	104
PID 4252 wrote to memory of 4928	4252	Launcher.exe	104
PID 4252 wrote to memory of 3052	4252	Launcher.exe	103
PID 4252 wrote to memory of 3052	4252	Launcher.exe	103
PID 808 wrote to memory of 4548	808	Launcher.exe	105
PID 808 wrote to memory of 4548	808	Launcher.exe	105
PID 4548 wrote to memory of 3740	4548	cmd.exe	107
PID 4548 wrote to memory of 3740	4548	cmd.exe	107
PID 4548 wrote to memory of 3740	4548	cmd.exe	107
PID 3740 wrote to memory of 1624	3740	file_uccgek.exe	108
PID 3740 wrote to memory of 1624	3740	file_uccgek.exe	108
PID 3740 wrote to memory of 1624	3740	file_uccgek.exe	108
PID 1624 wrote to memory of 4180	1624	cmd.exe	111
PID 1624 wrote to memory of 4180	1624	cmd.exe	111
PID 1624 wrote to memory of 4180	1624	cmd.exe	111
PID 1624 wrote to memory of 3248	1624	cmd.exe	110
PID 1624 wrote to memory of 3248	1624	cmd.exe	110
PID 1624 wrote to memory of 3248	1624	cmd.exe	110
PID 1624 wrote to memory of 2104	1624	cmd.exe	112
PID 1624 wrote to memory of 2104	1624	cmd.exe	112
PID 1624 wrote to memory of 2104	1624	cmd.exe	112
PID 1624 wrote to memory of 4860	1624	cmd.exe	113
PID 1624 wrote to memory of 4860	1624	cmd.exe	113
PID 1624 wrote to memory of 4860	1624	cmd.exe	113
PID 1624 wrote to memory of 3928	1624	cmd.exe	114
PID 1624 wrote to memory of 3928	1624	cmd.exe	114
PID 1624 wrote to memory of 3928	1624	cmd.exe	114
PID 1624 wrote to memory of 860	1624	cmd.exe	115
PID 1624 wrote to memory of 860	1624	cmd.exe	115
PID 1624 wrote to memory of 860	1624	cmd.exe	115
PID 1624 wrote to memory of 4456	1624	cmd.exe	116
PID 1624 wrote to memory of 4456	1624	cmd.exe	116
PID 1624 wrote to memory of 4456	1624	cmd.exe	116
PID 1624 wrote to memory of 2716	1624	cmd.exe	117
PID 1624 wrote to memory of 2716	1624	cmd.exe	117
PID 1624 wrote to memory of 2716	1624	cmd.exe	117
PID 1624 wrote to memory of 4624	1624	cmd.exe	118
PID 1624 wrote to memory of 4624	1624	cmd.exe	118
PID 1624 wrote to memory of 4624	1624	cmd.exe	118
PID 4252 wrote to memory of 4740	4252	Launcher.exe	122
PID 4252 wrote to memory of 4740	4252	Launcher.exe	122
PID 808 wrote to memory of 3172	808	Launcher.exe	127
PID 808 wrote to memory of 3172	808	Launcher.exe	127
PID 3172 wrote to memory of 4432	3172	cmd.exe	128
PID 3172 wrote to memory of 4432	3172	cmd.exe	128
PID 3172 wrote to memory of 4432	3172	cmd.exe	128
PID 4432 wrote to memory of 4088	4432	file_pktq65.exe	129
PID 4432 wrote to memory of 4088	4432	file_pktq65.exe	129
PID 4432 wrote to memory of 4088	4432	file_pktq65.exe	129
PID 4088 wrote to memory of 4280	4088	cmd.exe	132

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" /fj230ur90f90329039039093/Launcher.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4252
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ff9b71db960,0x7ff9b71db970,0x7ff9b71db980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:888
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1952 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1672
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1904 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --no-appcompat-clear --mojo-platform-channel-handle=2172 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:8
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1660
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --nwjs --extension-process --no-appcompat-clear --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\file_uccgek.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\file_uccgek.exe
        
        C:\Users\Admin\AppData\Local\Temp\file_uccgek.exe
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3740
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k move Bathrooms Bathrooms.bat & Bathrooms.bat & exit
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
        7⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:4180
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:2104
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "wrsa.exe opssvc.exe"
        7⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c md 21754
        7⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Compound + Injection + Emotions + Worm + Participants + Richmond 21754\Awareness.pif
        7⤵
        
        PID:860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Subsequent + Controversy 21754\Q
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\21754\Awareness.pif
        
        21754\Awareness.pif 21754\Q
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 1496
        8⤵
        Program crash
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 1540
        8⤵
        Program crash
        
        PID:2460
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping -n 5 localhost
        7⤵
        Runs ping.exe
        
        PID:4624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\file_pktq65.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\file_pktq65.exe
        
        C:\Users\Admin\AppData\Local\Temp\file_pktq65.exe
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4432
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k move Bathrooms Bathrooms.bat & Bathrooms.bat & exit
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4088
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
        7⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:4280
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "wrsa.exe opssvc.exe"
        7⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c md 22139
        7⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Compound + Injection + Emotions + Worm + Participants + Richmond 22139\Awareness.pif
        7⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Subsequent + Controversy 22139\Q
        7⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping -n 5 localhost
        7⤵
        Runs ping.exe
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\22139\Awareness.pif
        
        22139\Awareness.pif 22139\Q
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1548
        8⤵
        Program crash
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1556
        8⤵
        Program crash
        
        PID:4280
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --no-appcompat-clear --mojo-platform-channel-handle=3424 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --no-appcompat-clear --mojo-platform-channel-handle=4124 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --no-appcompat-clear --mojo-platform-channel-handle=4572 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4252_1334491193" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1132 --field-trial-handle=1908,i,11601221572948346152,5213053704772128247,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:4740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:8

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 2716 -ip 2716
1⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2716 -ip 2716
1⤵
PID:3544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4664 -ip 4664
1⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4664 -ip 4664
1⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3748
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" /fj230ur90f90329039039093/Launcher.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:1808
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x2a0,0x2a4,0x2a8,0x29c,0x2ac,0x7ff9b71db960,0x7ff9b71db970,0x7ff9b71db980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3440

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4404
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" /fj230ur90f90329039039093/Launcher.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:4256
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ff9b71db960,0x7ff9b71db970,0x7ff9b71db980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
      C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff6aac1da20,0x7ff6aac1da30,0x7ff6aac1da40
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3060

C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3496
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x294,0x298,0x29c,0x290,0x2a0,0x7ff9b71db960,0x7ff9b71db970,0x7ff9b71db980
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw3496_265939700" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1704 --field-trial-handle=1944,i,13959838491113252399,4817083620681374078,262144 --variations-seed-version /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4144
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw3496_265939700" --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2084 --field-trial-handle=1944,i,13959838491113252399,4817083620681374078,262144 --variations-seed-version /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1316
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw3496_265939700" --no-appcompat-clear --mojo-platform-channel-handle=2328 --field-trial-handle=1944,i,13959838491113252399,4817083620681374078,262144 --variations-seed-version /prefetch:8
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2124
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw3496_265939700" --nwjs --extension-process --no-appcompat-clear --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1944,i,13959838491113252399,4817083620681374078,262144 --variations-seed-version /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\file_nfa9zg.exe"
    3⤵
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\file_nfa9zg.exe
      C:\Users\Admin\AppData\Local\Temp\file_nfa9zg.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:2152
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k move Bathrooms Bathrooms.bat & Bathrooms.bat & exit
        5⤵
        
        PID:1408
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:3520
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
        6⤵
        
        PID:4180
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:952
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "wrsa.exe opssvc.exe"
        6⤵
        
        PID:2204
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c md 22603
        6⤵
        
        PID:2424
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Compound + Injection + Emotions + Worm + Participants + Richmond 22603\Awareness.pif
        6⤵
        
        PID:4776
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Subsequent + Controversy 22603\Q
        6⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\22603\Awareness.pif
        
        22603\Awareness.pif 22603\Q
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 1392
        7⤵
        Program crash
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 1516
        7⤵
        Program crash
        
        PID:4780
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 5 localhost
        6⤵
        Runs ping.exe
        
        PID:1376
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw3496_265939700" --no-appcompat-clear --mojo-platform-channel-handle=3904 --field-trial-handle=1944,i,13959838491113252399,4817083620681374078,262144 --variations-seed-version /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\notification_helper.exe
"C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\notification_helper.exe"
1⤵
- Executes dropped EXE
PID:3208

C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\notification_helper.exe
"C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\notification_helper.exe"
1⤵
- Executes dropped EXE
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\credits.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9b7b046f8,0x7ff9b7b04708,0x7ff9b7b04718
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,102438128347313593,5244912435229644647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,102438128347313593,5244912435229644647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,102438128347313593,5244912435229644647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,102438128347313593,5244912435229644647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,102438128347313593,5244912435229644647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3804 -ip 3804
1⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3804 -ip 3804
1⤵
PID:2072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:3520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Bathrooms.bat" "
1⤵
PID:3248
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1748
- C:\Windows\system32\findstr.exe
  findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
  2⤵
  PID:1052
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2984
- C:\Windows\system32\findstr.exe
  findstr /I "wrsa.exe opssvc.exe"
  2⤵
  PID:5092
- C:\Windows\system32\cmd.exe
  cmd /c md 23371
  2⤵
  PID:2112
- C:\Windows\system32\cmd.exe
  cmd /c copy /b Compound + Injection + Emotions + Worm + Participants + Richmond 23371\Awareness.pif
  2⤵
  PID:812
- C:\Windows\system32\cmd.exe
  cmd /c copy /b Subsequent + Controversy 23371\Q
  2⤵
  PID:3144
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\23371\Awareness.pif
  23371\Awareness.pif 23371\Q
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\system32\PING.EXE
  ping -n 5 localhost
  2⤵
  - Runs ping.exe
  PID:4508

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
PID:3780

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:456

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3744

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2620

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2688

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4176

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2728

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\nw3496_265939700\nw\index.html

Filesize
7KB

MD5
889dfdc243dda51965115644067f57d0

SHA1
3fa1cb9223632024413cc9e638ecc70d23b59556

SHA256
4d49e7c73c6e9f44b56198b3fdc1c3888e58a2c5fb08b481694b5b404d752344

SHA512
f770d149594ef4d07b9df24d3edb843506682263626be4bb58e83b33785c14eed3c2b117882ac4895a15e3d676067559c63597248976867942ce36dcaab34325

Download Submit
C:\Program Files\nw3496_265939700\nw\index.js

Filesize
140B

MD5
727d87bd2896749e6fab43ffa2cd2140

SHA1
33b75e869388f6b51a7ba21b6f58d7dcee7dda91

SHA256
822e4cc1afd41b1cd12d591f4a3e00b91d961e2eb042d6bd62ed1aafc5bd8675

SHA512
91a6d987aae06037dabadbfa1fa9db55b576daa7b721cbdc91218720a4d4c7729538bb79e58b9a30aa14401f0fd59337111075f56fbdaa6f248f8a5e40a95a18

Download Submit
C:\Program Files\nw4252_1334491193\nw\fav.png

Filesize
248KB

MD5
3faf439a6cd9d9a9fa9f8aeb85cd0f05

SHA1
2af297f14c4a0d9ade6663d6eecb8fa051ea85f8

SHA256
a04a437646dc6d3ca3f6563384c0ed1a14364ce502df8fe75d6200cb53d229e0

SHA512
2b9bacb4039f967871af6fe772245e1f83f584ef17e49345eb4f000d49a4ba8c9ee3d154e61713687861775ab5e5496959b58b606edad4e489d2444c487db971

Download Submit
C:\Program Files\nw4252_1334491193\package.json

Filesize
554B

MD5
fef3c629b4988e5756d334f251e96748

SHA1
02ec04f252e2a00de7f991c212847b533a1c1165

SHA256
b94cbaf6c5e5c6f2222852305bca0013619f49ec1cee54e5cf4f84266d1eb13e

SHA512
8f488a4a40c1ee7103c30ba1c1b17fb43d7fdd01dc98f81008d16cc2ffb8fa419985d212d4a00e50e4d470d27c1438af3861c70b23ac4f191a7ffd2b96d2245a

Download Submit
C:\Program Files\nw4256_1784904393\nw\icon.icns

Filesize
39KB

MD5
cc490e58e7634ebe75b4e0cc841e2212

SHA1
1c7a100e6c094c074fa05d47f29eea41b41dc8be

SHA256
903fc25f18e6cca9f6d6da53d8866cfc1f9f5690e3cda0f65378d74e8b669afd

SHA512
70e61f8007a0409ac9ea6fe736ced3564eb11e228b5848af494705ed12f9f80a4aea3c0c24d771deca31487d90ca6662dbec6780060800663a4ab60d928c16c2

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad\reports\ce495fae-541d-49da-80d8-0cc394a4560a.dmp

Filesize
320KB

MD5
40db9e98b6a4d10488d4c477415ba8c9

SHA1
8c72b63c7e41e3710e3f46cf1bbf5a6d77ab97b8

SHA256
79b681ae32a65ac6f18e90005c906222fb746ddc40449a00429545bf64f3de7a

SHA512
a25c9df312df2872d2cdcbe328b4ebd12459c3d88592f923fe438d69559341dd4566d786001ca7751c65eff0d5e709b51e38f28b5ef51cda65c6dc28fe08bdbf

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fb8b2e0fbac2421f6e22616d9de36214

SHA1
234aaca8c2c0aaceef02fd4583b3438469e01734

SHA256
a336c7ee28a836c4f979ed47820d0c7e966a7f11f59d14fdc2787d126fc97570

SHA512
6071053660385dd9881803a5e8b6dd2ce105e8e101af5c087e005c0db6900bccf8ad6356e491d36917147180adde1be86321a92e23e0a4177d3f709897e9b8bb

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
04af22b000659919c7d22e8a8e0b26dc

SHA1
041e94bbd772088149e361a0cceb6130d44936aa

SHA256
e389c8a58cfeb06190df44c011493dadff5b4df86d9772c9e8194a3f91cb8b0c

SHA512
2ece410afd40b926a7b0b8bdb66a8b7de8233b36ca85c124e9557abd5131b5fd9a5746206225c33c2864dd40307b4a6dc96e6e2d677f192334b10649c7073878

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Google Profile.ico

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\9d46b8f0-5686-4c0b-894a-f9346b244a66.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
913B

MD5
ee6e9f83ad8e930e55c978f97530e7c7

SHA1
fbee0d3cc5fd9be648d61ec6683cc171ee00a1c2

SHA256
09fc9a03e807aa7cb3bf5534ffae4209451e46e90a13098610132f415e0bf9fb

SHA512
b548d00914d310674fb350c0e280d5edd38d149d0a21761209015162b09c3555779ed207bfef542dff4b4315a9493371849875121a0275ef6f2a7ef0b047d29c

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
e9d5aadf307d6fb26818db2183b54afd

SHA1
4f03c2096c5c0a5bf2f2e6d7d2f578e4b5294a11

SHA256
07f0f50d5f4bfb43a739d4fcf6c53b5f920aed2d5bfb21698a439292ae0f21dc

SHA512
994305752a8ba740d7d135f8f2588203ab4bd2a101e970ca8f40c3e51420bb1088784fc0be086c471a4743fc5e04ae1aa3faf63c4615bdd74926f3c4d8fe326e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
913B

MD5
ad86412fe94a6b8ead934a5ce7a927fe

SHA1
b45b24324a1d0533ccf0d53832e4c64ecc413f29

SHA256
9c9795ab5a4a05d2d09fa4c32cb0154dfeb7c01fa1c23caca232302efef7f91a

SHA512
d7503129d3aa3445a096524d16a81bd7a790c23e19c9fc647c19dd7a673cfa4c4f541a79932c619b29113c73096c10fd9c340773cad06afb90806499904a6d6e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
913B

MD5
ea68ab000ed78c75bfa98f77916471d9

SHA1
c0617a01262ef34d52a75d372359e0beffbe4ae0

SHA256
6eac96d766675b5b01593d0968eefd3587e40fd3f5ff989fe10543c364bf84fb

SHA512
ee4276621f1e7aaa96fd4c08154c4dc9f9924a2d529edce396b306adfc1f34fa5c30de318574fb9c883e9583973ba9cccb259c2e0e6367eaaa10a256f56ff831

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State~RFe5974d8.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
353B

MD5
d6a50a5deb83f44b8eb95dd1db0b3bc7

SHA1
2d0a7f4cd213db7f550c909b4f15d0a338f023a8

SHA256
5481dab1a606d675000a5addf5773c2c669523065bad142fcf07fb93e8227125

SHA512
ea6c841561bf33fe3d9353198aa8bea72cc9c99ad4c607f36eb01be145d185636b4bb4c5a9dac3bc30947f2f0c7787c478167ef0ecfc263b130191369e2ce0c5

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
6ad9825ae5c7fdd3d773ad11d43d3fe0

SHA1
041a325de6672715d50dce7a011e0b436f3bf4dd

SHA256
997a934438606e19d5400ecd45cbf1352b81e1b4e2b349c7980713686378906a

SHA512
4db5eaeb442df9c2b02c0e4f93e197d6a2a9495cd73f8fb63431136907e496607a11c95028fa3b43dac0f800a317efebd6cc67694ae662e5602068bbce384f79

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
24b65f46a37c95866d045ea319b1c95b

SHA1
673ad214f2ce6acf468b184fe535d54a97297bc8

SHA256
d5cb223444f601b7c92cdea28af93a5ad0416f82bcf296d9035b8ed05aa884c0

SHA512
37d05d1c0e72555707a9199637d356afea12438cfefe13729ca21c58f040da919d78293229e28627b05476521c1ea8efc706efe24d8a9e8c6761e6c5acd08d7f

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity~RFe597517.TMP

Filesize
355B

MD5
29cc8af717f979beda6e849e862cbfb5

SHA1
3a2446bfb098ec38e8c2f978f1412aa6c3353ed8

SHA256
f4d83447d269a36b47c901f43a8b3e047e4e2d72f3c60dbb80966579c78f9916

SHA512
1b94049c335f34a94854a7e599b107df2a4538fd45b7c485bf8187e28921213e55fd4cfc7fbe9c146266c6df8293df1fb7dc5c879b79d7da7d5079bee56bfb91

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
d074b7e764a8955e831b9198f9af92d6

SHA1
b64fd64bc84936a599775be40744ae1ec72d102f

SHA256
fc91582e61c1f68bd3f5fd2ae57e7b91bc21dd4f77edd97051f733ee4cd6624c

SHA512
95073f6e7efd9ff7193120a26b8dc9110fbfa1f894739deff34acdee3e290d5200638ece87aecf951a2135673a67147aab64a701864534dacacb67ad85121407

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
df0c3839c7ab132185bcd89ed9c8dd31

SHA1
fb92c1c8f9f947b4987f23441bbbd36778410be9

SHA256
c893c54c9bebf19f857fab10234cfe6f3eac86a840b26ac8c415b891f96f28c9

SHA512
2173d8e9dbc49ce73799590725ca552571d498bd4ce2d1f90059a3732c80de32d81188cae5d1c6d38d9a08cde0cb89295bef92e9f42c3535b9e68621fc18cdb4

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
df33f9fd30f98225ccd6e8699e9e1a27

SHA1
9243e18854353e11948c9540a5f95ada7a0f27e5

SHA256
97f9c629b279030cf2257c755f9a28192400f283c53470b869b4595d35a4c43a

SHA512
7c4eeed88ddc35dac535b2b4389a33444ae8bca5fe37b49aa5c96528a4e1b29e6abe80d47c64b15d391aa843af20fd01a11d111b7acc92daae9f8308e25d966e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
a6964945e36edb89bf24a2af8a0c7d08

SHA1
39806815bcb66f793d4197534c7043310f2c7620

SHA256
d2fe2282528bd4dcdf6b3f535f4d211ce55358d0f22cf63b0580faefeb5b1b78

SHA512
65493864a27665be893fa546440f07f5a0d732aa529a3550665fdc413cdf39fd7c2e7e9f7d651ae7edfb374ac863b42db2563f57fb841bec1f1ada0f77045781

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
181006e0827d2455fa28446aae0c25d8

SHA1
627147120f673644a40ccf7e600c88d799a4493d

SHA256
0fe28183ac1b472f57891218e92377b4ff12ec9634690e0b91c392af3a225147

SHA512
cd515071c9d8e041c0bf2a49be1082e2e7fa23f71e35592e6cc0b90c0d93a39c5f8c6da7a531b2210057f927f3fb8f30856fdf98c549592020430ce22e497166

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
26815cc7d0c889a7186c9cce8a841ae8

SHA1
da99c55130abbf4a5ec19308dd3a9f07722f984b

SHA256
851fb769cb45531a819d08edccf0bc83616957def0dabc079b12c233bf200f0b

SHA512
4c3f69aa307afe13441af050b58309596ea80e36d5e32191c0fc05092901b3ecc8de7315951211f9ddc22a780e228e2c9823f9046b5f71c1819d167c5628f91d

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
8a99a1d265988abe1741a5579ca6e8c1

SHA1
81a7946cdcc08c21e909063bc897888bd1a96426

SHA256
8d8cfc8b6fed120d26de1613dfb016ea19a2ffbc5fc5a8df541ab1ae603cde9e

SHA512
eef0e7b84354f9fbbaa730c774f7e53285794a91e01dbfcad22a81eacb815f22cebbb61e228e174900cc56eebed55f80313537bf6f071bd61e42fab63f679974

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
9a38c73c6b2f85f8f3ab4bd1af074cba

SHA1
472f887edbfd7fc2700e0dc45c51b8dcb4ecaf8a

SHA256
a48cf87427973955bf11ba76ffce345958c412b4e3032f91e56d066a99760b51

SHA512
dd0947c3bf2741e9fd904883c172bcf21d7a657b56665243269143fb3bbecb8accd217fd2566ba40099c28b2e2ebfbae5abf0af4c52c0a05f5a9406c4321b23b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
54b1ff30b12ac6271ee54f47e11ad35b

SHA1
d9702a4c90277cec0b6d19686ed49f1d9c8281ba

SHA256
7d62ce85c33c3733751e127cbeed584503e1c17159267bf8af5ae863b1871e49

SHA512
f6248b15f56c056b2043c3c691cd3129d3eb3c9f2abdfff64da1997b3ba6fcbd6eea5bfd0ac45c99fa41d3b11f0bfa032ac20bcd21dc1045e5c73ae88b642acd

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
36036f0ebe4578141081545068a74de0

SHA1
7f68f289d3f6fca6996337db1a2ee1dd0eb971d3

SHA256
106462602d68e1df625b54bbc2ae0e788a49ea6fc51404598082c70323da6683

SHA512
b970b17e8a1576755dd6a936f08a016bfa3bc7d17fcf7f1de7e9e8f9f2675a1ea7bfc2ed61186e199f8cc07ae6436cfa915ba7aa70eb25aa27c0977c395cd7cd

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
5653d6aaaef705be531eb96aaa52eed3

SHA1
9e78967f324a4b812d1852c944b8932acfbfe235

SHA256
0945b41da51ed1181b3314855c0f2ed1a23986259e72cff67500799fccaa3ce4

SHA512
8bb124b5cd59e4c66543b40422aa6502b8b13d3c052d6e265c6160ec644139a81f9bda86514ddd11683595caedd20ffa3a3bc23a5fa3b16c0804850bf35b2777

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
fabf0d3d5f5e37698a970fab77342253

SHA1
472a70f9af55efaa01b167fc33c31e0babfaca60

SHA256
65ff95702c138ca641fbc42924061e3f20adc8cbd768d7e45426d045f59114de

SHA512
256f4d721b29f2eba922143570c72df373633bf0e6dab3672aeaa9c6a5507df18d193553a45d238b7a8dc9891ccec98712e7b7f3e36231d14c3a66ec16b30910

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
95e9e61a3ee312afd801f1d1024f3977

SHA1
970b41f027ea427b693e9a07c4157158246563c4

SHA256
3cc728d277b4feed3c9be0ab2af089aa83c18acfb49332e83895a668e339295e

SHA512
81afd5a58935d7b21af3836fc77304451ae855478f6cf96779da6a940bd7efeb9521bb834f881eb5c6a7a5742e0a7f646faa61922373d744339bbde732a618a3

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
7d0fc4d48f3ce9f84c1e5933051a137e

SHA1
f954cde0fd04561daf762b71c27553aa4f61cd5a

SHA256
1e028ab5950159bc9e513f5ef3dabaa9ac7942fc7ec888e06f125f82c918e168

SHA512
04239a0b3c9c947186e4c507b43bd25fdac45fb1486246d9e4c5522e5082e54ad5221776ab8f59bb69e7eb76786bf2852fb90503341ba3135a3b7d2e5bb07499

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
260e3ba1a3c6ee91e36411f5b7db16a3

SHA1
67d53bfccb7fe7bf78bd7b726effb3511a24f961

SHA256
480beebaa44ecbcc5bae442ddb21fee932c55c38e4ea459e9c428634efa7a3d7

SHA512
f9d630629f8f9a4b78f6cf70a47a565a4513a27e1b77264dabc93910d278545f8c17a8aa939d87a9e3e572aa79aec921f15f85e40786eaf4c3ed3f47a199e411

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
270c6c289649144411ba78ff2ed2db93

SHA1
3c951a208eb74e4177d9617d1e56dcbd305e7ee2

SHA256
64a2ada40fb6f8dc5b98f5c230231749d7bd1ce61e521e3f941a2ab60f608fec

SHA512
0d5ce5845d08c8625b585d44d54f9b8dd5192ecd438a665ef2b8ddd6121274a19e2c22e84873361c9424c46421988cf3edc3597c0dd70ad2e01b470435b19465

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
e9f4fde459e19812be46c453009286b0

SHA1
58145ceb5c5027294f384cee474c8c76488906fd

SHA256
face9a0d8c8941ae8d024816f65a881ec0fd8e53a62adc2554109797d8a4f4f4

SHA512
333efa638a5f5800aae44ae0f6584943dce57a76aca661cf6baf62bf9230ab90700349d6f2f565c791b5f9fad9b44de1fb729535d04da4a29b8f1c53c05efe1c

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
cb5d13e7891352f3f3689c550bd1d34b

SHA1
7e9ecac3291ebd79e42e614022ddc5e0a5a5dd7e

SHA256
65829096e78022240d6f2591f7712fbfdfb24bac073fb5352f74f8370f548f79

SHA512
550f062165919914185c76a55fdc936eece9b444671be5b1f453286f0f61f2b1497612dd33f4175040a9ca011dac7234fe0a8b7a52a6cec39b1df4245c3a273a

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
20a8886a03513085579bac75e324926a

SHA1
3f3fc5da96b2a77abaf489207ad6d0524a79bf18

SHA256
5b3e056e0dfaf6db857cd78837052773f77d1bdc154cd5f7afa9a33fe48e7791

SHA512
0b039fc642c4c483838e2bf7a811490bb1583e42d712b2849242f887749320307a5538aa943d81237431c10cba040d88c8ad452e5d486e132ca282ed975df61b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
feac68244e4e02d7f0aa6cb3ba02817a

SHA1
46ea5a633eb9c4e75997392b58e8940a6c30ff7d

SHA256
bcc10888a5cabdf1a437d4f9a8e5d305c8c41abe5400662df40e34f7dfed2c4e

SHA512
54281ca24982e4d4c9998b3b0b5738833125c8a45c47a9f0decf80ac7057208697c0bfd4f4319ef061a665c87019ca104c0fc8913e780572f25be7fde2c1b3b1

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
9902e2c9d313697f547fb2d218b541a6

SHA1
321cb84e66949d325a040c70db2d38e23539e601

SHA256
6fd53cbccce621882b64da4601f08e13bd5b6545a596d88c0872b7b884a5caff

SHA512
463a57d8edc66b9dc8abdd23545baf462fcc5baf4fb0827f8873e7c856202f86da332c0a97efda4de09e6fe52f00107bb59d8e6a93752e360e05e1b88104a712

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
3de16d6772395714761fda46d48c2980

SHA1
c8765f85486b7ab384e984d0baea7f2ced9032d3

SHA256
5a89e97b81b003f0103dd8641a473018c504ff46a71b5679d50f90a48d7cc12e

SHA512
fb11acfae5d340d2c1611084124006a01cf38414ea9a47d01e6f3bb8943347f36fc2162ddc21f55b0cbcae685a2d0fa5c370b1923247cc5bfd3f2e8bfedbb3be

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
f42602a30236b0435823ca03213c4f2d

SHA1
4b705e2da6fc1ca9e7ee51739d95d6ff1340da40

SHA256
6beebb304dcacc08caed02f19c3fd275aa58315b44926767b7771a1254293364

SHA512
b94ec273ed5ce7e9f6c9a74d1c4118bdfb2d58c88b5f2141d26e7ee50b78386217accebfb2b91046ae814311966af36bf5109e22570eb38cb33a4ebf57bd011b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
e56b882792f41384075a698054cd05f1

SHA1
87d7bc4a73361afcfa446bdd3de3c748d89b1562

SHA256
fe18a4ec754fe9b0c9f9ae77847a0f30eb17e0e36c8954ed27d39f37e0b7e2b7

SHA512
a1d641ace8d2ac883f4ad069a1ae2d39d3547c3d4fb0adc8e86f8c61cf89cb4a52cd6019d743322aa556e1ac7434ee6ddb52789763646f6d0c6c410d8738c594

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
9dc0a1016647b7dd275dbe9ad64e73f3

SHA1
ca9323e00bdbef5fbad93b7118e694987aab66d4

SHA256
642b2a5984a2a409233cba52aa1e38389ee9d2ad38f9ae9aecd9342ee38be887

SHA512
06cc133f712add7ebee62183a42d8caf1563ceadf229960f33460244d697be4620d3469e1a5861eaa24df958e5e2c54c6269952a1ee9c06516661c86a82f0296

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
a841f0ac26b89832fb4cd2c390f3c3e8

SHA1
4cb1244e495b2f12cb83dc0c5d9aede977673336

SHA256
a09247b9ffe3f116e13d4edc14db33888e9f2e92026bec1d049fdd94fb4264d2

SHA512
79e71e4bbb0309f1d51bd736f0c0f006f261b485d08486eb7269903e85c2b240ce8abcca824600b4acab39154ad9ce0c8ef886308cb649ee7788a07d5626e02b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
8bb3f3acba8101bf2ad9f634b9e2ca09

SHA1
00385c229034fb20e5bc87007b4fbf81730dc2c3

SHA256
56c21a9cda5677eb1275999e8757e7f0cbe103d58d03efa6a02af0923f11dc1d

SHA512
895fbe18fe98bfe6783156251d8d1ce1cae3f372e8c946cf164494347b4d6088c5b53fb5707484532c9191b6834273c65d4230e29fec7c1a83dda89eeaadada5

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
97ef4b6790eb36df9885bc8eada1f6ac

SHA1
e5b0685fd472803924da6f5fdcf825ed1369ee59

SHA256
3fc077530c4761353615b986c619db83ee8a842ff04a62e7dae31e3b70fb26fc

SHA512
ab2d5cb4fd4fb57e24adb97c6b944f94ca572952f9fff766418a89dc7555a5b55ec29d7af6b9282cf0376f723c5ca7458c32798d9b943601ec451a5ad7aa0587

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
fc67610896777e239938fa01d33d11a8

SHA1
3ca2c7a1b976347a5a622ec7ed5a92b94be74b5c

SHA256
3d6970454678104ddfbaf3b7d9fc47f7e725dcd43755a268a8a68557ce3367e6

SHA512
90a3a591908a87aa0666b341008183bc7befa20e9fcd997807ecb0a9a3189e800e273cece4eda844e9621cc3d6e3ad6305fc0bdb0fdce8ededa45918238e3850

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences~RFe589e6e.TMP

Filesize
4KB

MD5
c010480f02aef11c05da569e91a0d10f

SHA1
3bfa1a024328a5b8622f7d9feb219072d5dad424

SHA256
09435144a9c21298cc9fa5603324d19343391c02161a2fc419c0b763f2a899c1

SHA512
dbf3993c56bf44fce80c941b893a906f72541502bdfe502240342445c5368fd25d15064f558db4af44bbf3391f03bef5c314db062e2b720b80d9f2cea9f3cd7e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Secure Preferences

Filesize
4KB

MD5
b763f0a9eb98c41a9a7738a02d60088f

SHA1
03f806a238fd3a8338db30504c896774a3b6d8a6

SHA256
96a756d994fc51b1ef6df2c79b601472c927e392bdd24d3d8a4a6b01f1ba6384

SHA512
e9e1107426bb3b7705b6b6018bbd8e0ce92acc34512a0280ae386cbdd505bc2c6adab5e11ab5efcf5e7081b17d3b583cac4f3da7441c77340d7ae13e11dc5db3

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
0b1e2b814e5be6fecdf349fcbcf98853

SHA1
d40bf7f579cda292beb8ac5a5ae21e48eb155a76

SHA256
721f8f162ba498d54cd993493a032f66eeb040b8b00b68a47e5be64613dca859

SHA512
1e50d28a3854cede7d66c5c16d2f44cf61ca3a64a4abd0b2f77ae13187915b2ecc39727d15bf0c6ec2401bd76e02f068a78cde72a8e4a7b262546c87d97d086d

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
1c6545a80d25f53c8e82f88a8afdf691

SHA1
69dc03df89fe07fcc5e290c75af8558d18f88123

SHA256
f0d067572e76ad924d22655fa7e91069017feb34050d6ec4b758fac4d28877d7

SHA512
a6c08044d8ddd7b5936595c4d0ec0891dfc90f7f12d5b1140a1247ed993da561e132e50be9d238e21ee5cf0f6dc89ab9e3a1a9517171cc77408caa3dcd63706b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
2860188e4e068f095ace31b1f0ab7dfa

SHA1
a625b96ff6762a7543bb05ab8a7770bdecf05627

SHA256
fcde0da836174380c39860e1f970487ecb6e926ef4e470f59a84fb9242838712

SHA512
d600055f0aee250e133a1cba6292d9c01c5bf965cab1f37736cd0cbcc1b9bc082720de5d5e502490955a3ec98fcc8f77b2ea3f57dc8cb10debbd485df4b33bd5

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
022e9a40935d64bfc7bb21fe67f2e4e0

SHA1
25da89b37677d994a50e780068cbbbf4a3417927

SHA256
20328c6f416cdb2d891a8a43df46abcc8aa553ca27afd607cf3bc269b13d5999

SHA512
47477168e61c25fe63e99d2ae928831fc3141bb1ced8fcd9299c4b11655bafce9ed4cfcf3dbefd154e9c52efe86fd145c41bf19d8fc1288b060febb7d0b8fcc7

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
21a383399ccbab874e28d4f6d70043ec

SHA1
e45c30080ff39127d8b4eef50d6f69e5dfc8f2c7

SHA256
6b8a06971a83e9e3e52414dc65ce39cbafe421a96d9c16f77e97b2ebf7971e90

SHA512
a592d05490627bac47f26e183d8e54817e1ec25347f89e42a50b2f7ef48caa6843eeddb200180f46eb7ab47d20619fd19130a8c348cddbf1fb6b8b23768527e6

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State~RFe5872ba.TMP

Filesize
867B

MD5
0f73fdb10a2c04a791b6a447ba05c967

SHA1
e6ada6eadce978c7ccf55d9939409ed533f4e77d

SHA256
827fa0769cd8bb24f04fdd35562c3ffe5f71bac96f8380616d31606ea3ffe21b

SHA512
87d8f1bb80205551599c58131d320eed9c1e5e4798f93a561c1b6de980d96e36d6924eaf29aabd439e9e4123e2b8397674bb01a4ad87def5f08f47035af92aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee01d0db82615cf56c40a6d41318346d

SHA1
af3624758f62ab2ad0b9a5e891057fd5c566a147

SHA256
4b77d62342f8cefa93824b0b76f801b3719249e83059cad5acf8e95b295275e5

SHA512
abbd11ef6332386732f4f2c032290d98e38b59bcd4fc652b33ee705a092d1bc045dccbf11cea6370e4382af439c20a3e53a1f76b52b4d855ef72e12df8c5508c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc3a64a2e17464d2f374df6b36fe49d5

SHA1
76a3f29d9dec84e961cafa15b941697c67251003

SHA256
fbe0287b7a2f18de30f3f73875dee5e994e7f51664c59e768c646cbb54678363

SHA512
defa3202eb51e7c92520d5319ff1c8cb0fd9354edbd59609337514c38f074a4a97b80079926aacdf57986da13c882b097f219e219b8a87d81143930a2ed424a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83ab958b8062a2478ddf8b2d7c296897

SHA1
efc8875be007dbe8620db18d8acdc7ad41c4b62e

SHA256
4b1387376aaaf8268a880efcebcffcc2f72695f9d537946cccf0fe202b379a47

SHA512
9eaf54da7a682519017b65437f8e6f3c26d341f51c52b527dca58e2f286d5e2e29a0996fe3d618313077f4fe65097951fe6bca9f356f25a87173fb82b49712bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c22cf709-ba87-4ec2-9578-63f7e2cf69d2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
d4707f9e7fd285c0ab6433c015ad9899

SHA1
8924a0066f9b68578e8c2d593d771b6e5adca070

SHA256
e962d45cc2455eff500ec28b19d83531cff9496ffcbd36768fda818d9f444a3d

SHA512
ea983f0f1b78e4b4800c5880868efe2c3bca019b14f5cbe7ca746e15825039cb753414bf108ace82692df3ff370a018ecf6c28191f2778e6dc27e11c308655e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
333c8c6ed07675d2a4cc99ce49c5fd6b

SHA1
4b3544b4e74b46340ad51600fe5e25c37609b7a9

SHA256
736625b48a407b277e8f86b6f28f3605761e7b250d0fa765499f3f63814de6cd

SHA512
1e05776001e45f87f96cdcec37279106f0c92c2a6efd014ff034b43d51789fb21550902ec65142263b1ae5c404b0010c98ebbef365a0c40be4a673f4d2ce39e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7eb9796c1b0b21242c21dfbf32215992

SHA1
74ed288d7663958a96e15b874a2e5bfccf54c7c5

SHA256
eec68c8861a6fa37fb6611b3bb5ff1cb636180a35242bec82e4fb84b2f220be7

SHA512
861c56c84efd98b981517cf70ef110d2e730ceaa440920b415542197ff3e47d008d34cddad1eeb6d9adafbbe4dc96ecd6aa0fc4c1f0d4bda8cbfa041ca5afc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e10a3ac7cbf63eb699375b40b00a4cdb

SHA1
6247e832961980c867a90de1011488bf452e88fe

SHA256
357fef643d01875151b98ab15ca0c4dfbd81c1da6b5f35a99a56e1d2e2549f7d

SHA512
b46043d4217f26ebd7674bca386e8479a23e31905f16ae56d5dcaa7227c0e056ffecfa1fd0f10d564ef0ce4e971bb90fd658fd775aa0933a8de471d60fa98429

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\Compound

Filesize
277KB

MD5
2ec41cd75e4e41ee8c1b1e0b9d31c7e4

SHA1
1ae820229667223c05471140f04486174f818306

SHA256
703e01cdb77a38db64afbcc43b8567a808dd0e5702eab102e16364437ceb2420

SHA512
46ea1d8606dedad2acd591c7591956925065952465423f1f77431e5b55de2955fe5db8ab8a46d92ef5ca0458e09a0dfa99461d6c849c0818f28d3863b358649d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\Subsequent

Filesize
426KB

MD5
c42dc09d03678e36fcd19b13b8f8e502

SHA1
be31c2f6e43f87a56eeea107ca20822f5d2b6c52

SHA256
4e84c8cea810d1466db293cb934b60e10067d34c851a2eff44894c60681810f0

SHA512
fd5028a518bbdfaddf75e6d2ce10956bd573535ab3f4f17aad11062711b10259c1983a2627ce283c49ee768148e993f4f0453304f8b0b2461e9c0c5b6ac29ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Bathrooms

Filesize
11KB

MD5
b1ef379960b1cc12b80454174ef222b3

SHA1
e85d00b4822433613e0d1523abc1edc4220421fe

SHA256
cc9605d93f0b3536ea951b84f3fbe3d0196f361de2276038165ceb2200c92c7b

SHA512
7a62f6413986032298a8baaed564becbadd24ed70949d64ef3411fbec488b82820c04d7c250165ea57371784168710403f94940acae8a97ff10ace57c27ec2a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Controversy

Filesize
432KB

MD5
646bb04049cee0a56192d2837d687ccd

SHA1
01579c8a98bdb098719e3398d3f234920b402d71

SHA256
808a6e79cff289bff2698b185e747ccd5d6c373b1c9fdf8128a9443ac90217ae

SHA512
f7dfeda6a5abffde61898fc12596f41a3de5d12a0c9498d0b7a1d0c374ce4527691968aa6d67c91b3d706d57e96c45b96f400ad26d1120886f374fcbb7893ece

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Emotions

Filesize
222KB

MD5
041ce253674ba21b9d38fc9fde7f054a

SHA1
7a59249c38c6a5bfe7766d2b5ac226a9cfd408d1

SHA256
a2d9ac3903c9299a993206ec17f7ec8e06bee2293239e8a8b517eef561de2d3d

SHA512
48ed73cb5f6872980018050a07741e08cf3abb3b7a1365eac635906b832c9963330d7523e21ac6a0f5c40485daea78df206d04a4c51c5ff9aec424f56edcd2e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Injection

Filesize
117KB

MD5
246eaad20996e50d7ef60b9200bd9651

SHA1
65d11b058e25e584ce67489c1ccfd85d09f15d0c

SHA256
851183e54980e91bdc772a752f738547841b22629afc14d05da9c954f320127a

SHA512
a0c24a4792afbc20f9b166e7a8764016409acd474091a0978d4b2dfd061ca142103549d19459f23d1dbdb0e624395c1258b8a609c6c283992ff625891e83eefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Participants

Filesize
167KB

MD5
f8f388e977f31c5fe1748541b54920ae

SHA1
e7136e52621f93ffb84325b57e98985ebc6512c1

SHA256
a8fd7c611b67f141db0423e5069f0e6fa5e8b4d441f920ceb0378692a2528754

SHA512
98d423d056f2bf9e63651d0106a6bf96af135c8f190e34222ba72786b5f2bab5ad8ffe82df47e34ba446fca03d3db3f7bc3b033774b79edffe6262f813b84e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Richmond

Filesize
21KB

MD5
1ca5141d992262432ba4fff828d7d092

SHA1
5e9aec92c0e85c0b7f576bf18adba9e3c3e93897

SHA256
9f7a626c7d33e97f707c415aeeb3f8f3697edd0988fee6b3be07e9a02b74ba75

SHA512
198e63037f7906681467daed4cffc6b07885ade1d80b5855746fe02c2d86689e1c6dbae6432784d67fe092e041e4943de846e0aa791bdc5c5a5e08da06af0242

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\Worm

Filesize
120KB

MD5
8b9a2094874a50a5d6611512322a41df

SHA1
649b2fc4751a857ac795637890c3ffd1a1f6c069

SHA256
5dbffacd5038833530ba781b5b1a020e504257ae796793b3b47c516549a9be0f

SHA512
f5a4e4460e1881e8a6e6db0e21d59efc4e635e2ba6c8620856d27e7b940f1f7784846e3fa7a8e5468506a7db6397ec411325bd60ea8c9f833bbcccc1a523491d

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_nfa9zg.exe

Filesize
294KB

MD5
db7a1b5b2cf81f133162bb6c273e4d26

SHA1
1878f1efbcfac305ea957155799df240c58fb023

SHA256
47cff9cda61c33d2adcc3828f7679c1ba174c8fb3b44e03af6f0ab27c12bf089

SHA512
e33c3b4e853ba937250c6615f71827cfe17dfb8a533371b2acdd66646ea11256e1c2571b6ccd65532337d993e04d9294827a04515409c2902ac72c6452bd7a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_uccgek.exe

Filesize
57KB

MD5
23ec6b60dd6170b68955a12a4742b2d4

SHA1
cc0654ecfb6826b45d7d535299fd2be14dfb0681

SHA256
4a39936a69d07a5310656baadc13154588cc04ae674ddf077faa854ca59ef420

SHA512
5152db739b9b436ce50920191dbda0d2341c0a08312a82728615e934721463b39c82189528abf1bc6ae8c9782f8d6fdd52140fd1beb892e35b8a6e208f1e7406

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_uccgek.exe

Filesize
1.0MB

MD5
13125bd66d02c013b3eda2c69aff4ef3

SHA1
3b70cc23e7877fea920e0260ef6fd9b56076930c

SHA256
8299e1c15b75e38fbd3aca4b5e64ee8994d48458023764c9f899604f8a11cdab

SHA512
e6931d70ef77f638fe15e463e9a77f246913501faf1dc10ea09d57558d19c65191c7025dda80d45e947e45eb01ef4807fe7ab0ad7f84f26b55eb717e2b4c1280

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\D3DCompiler_47.dll

Filesize
351KB

MD5
955e2cd003cb12d65668d45b92ec7937

SHA1
e15fde5f26d77564dd40c362eb7e155df9f1ffb3

SHA256
2eb66cdac208656368aea4852fa430ca71e49f8ac54e970b4ea2dafa5ba01cf6

SHA512
3967cbfdfa32ca411a1a5ceaff2ccbcbbfc354fa24a3cc82dbb8b1254fa65188d39d2f649fd380c22bc8fa8bffd966c2e5748c20772f7bbc23321828cc31654c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
2.5MB

MD5
2784b288057106a5e08f16377339d4ad

SHA1
62a5705f96a2665519a7940fb309745b791e98b6

SHA256
6f7833e864e20b2fa1ef454fc60590b7f246fe4a81f22c35dee247c7d8df03e6

SHA512
663e06957d3de5dcdad6559391d733c350efffdb85363ec00943bf0ff07fef61fde164b71c4f9bd5f2e8d0570f85a1734c03c53e9ad85f4b55ac7628b5664331

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
1.6MB

MD5
dcbc2ece213e91e46982df5724eb2eab

SHA1
04f4d27bc8c7cfe0434405364bb67871aa8a5360

SHA256
d517701b1251825a127b1bddd526311fff8525d61b462f7e002ed4eeaa7ec204

SHA512
ee596ecf3d643cc674d3071e2f51a098d0adb171ceeaa92216116ab720922c835d64011ff8653d032b65e6933d534aed4c3fe8d2072567ffa78195d26c95b621

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
2.0MB

MD5
7f68dbcf87aec7a61e72e5cbb2b96e81

SHA1
9a21f307bffd257123a6d00e91c172a4214c2d26

SHA256
5f91cdf0b584fd9650099b5aef70e9f7f2e74cd72cc1bc6de758192139874d14

SHA512
d03acc5f426e12283296f27a0cc638b189b1d8420225588166c38f2acfad5fb8c4c451c0bc153d99089847c86c3ce21ecf9344e0635dc896605f65c2b9fec03b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
1KB

MD5
96534c9d58d3d939f83b5a51efd6463c

SHA1
8762620fdad4cd04cf00772f951d05032b806627

SHA256
46b6c3adbabf76cf59252e1ef9e728da11b1f09b3b4fb38355ca399c82b32b28

SHA512
36584a332f56c589b8b1d576b0d5c2a7b5b2db46673246f9035c86e10bfbbf7d7bbbf88a5525c52914bb60cf0439add8f24f1e1995c928854ad2864a454a04d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
256KB

MD5
ef021a92ba271ff62a3bbfdb03f1c6f0

SHA1
caa12a993725559ef3dafb4137fdeedf62634f3d

SHA256
142c1c0e2b1f8dc29503cc1103edcf08e1a5aceaa4582883e311a604cb930780

SHA512
5eb3f94d2717d4fd24f149863d0e3f0f62512c90260cfff61f9495249771a0e40d159727376a8a67ce01d8493b546750edbf66ecdc682afc6f51965818c3a933

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
636KB

MD5
af0ff05bfe511acc23652afc13c97804

SHA1
588804dca94b9a9d607fd6ee4dae14bfd2fba767

SHA256
939da6a375d5f4754ad2fc0b1cee4e09e241aee8b8fab105d19cd1fa4a4950d5

SHA512
ad713fe3f02869f6b2db8a323e5c2a248a3c97c99454cf67cbf198a6c609f702cb563576c52dddbde291d11fe3b96870b9e5ceec76ca3013130860a582f38bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
14KB

MD5
4f70f24d1eb027f181004172603d4b8c

SHA1
9d8418ef8a5604ca2c701a7034ab6a421ebff473

SHA256
62250e4eb6a2363e856f90a5d16dce7a3d81e9e865b10650e429f14725cb050d

SHA512
7f1b951e105aa0ca794db303ca92597c6903899f525e736d305456cc460cb140742895a64504606a822fa6a54214e2d0513d20884ba0d044fed072df548b1956

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
279KB

MD5
c7c7559969687c4ea1bd34545d5882d7

SHA1
c14b60377be7cb48daa8880e9801b5e5985ec18e

SHA256
e002796b02b14f07a1575f08e5b44d731bba2f237f25482ee1e7eaccb1d1cb28

SHA512
10ee8bd4b2f453951ac81dfc1a6b976999d5c9d6bde0dab2d3407b515495461a66c0b9cfaf78d62dc35b924858af3211200fdda02910dca6ec034a5e196fedcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
308KB

MD5
d94e9f1b15062e646d7ffc76804a30d8

SHA1
de8634ba35d8d34d7e7bdfc08a497899c2ea37c6

SHA256
daef3f9ac7cc4028f6e30a1e9b87474460781589733b33b30d2be641d6331e61

SHA512
e8a046dfcafd1bce410adecd4042132bc9e8fc673db795166bacf92bd9fe2605bf807a213f32262420841c3c5d7fa9a7812c45cfc7440f86e743e4b4f2152363

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
220KB

MD5
86fc6df7ac131ebb4d6d6f7520bd9b2e

SHA1
f1dba022a8ee6b3d88b1b3b98d42c6d08828963c

SHA256
e3c8efb8bb993dc1162c512f17d2f83588f932068ada1eddcaa34d0ee7cd87f3

SHA512
20abc6320df52d38440ec658f11ef20a99af37d476d1094a7ef84425dfa9ad8b4dea83c3cc83e3df614d954b3d8386f74c2865ef66e756db7af3a421402cb166

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
300KB

MD5
80edc4730627b43a8fbf1089609cc167

SHA1
de905967604125a043d60e657ddb9785b9916201

SHA256
6052cee88fcc4d33061e789c5fcc4b2e860902f2c2ddaf41d15114ab080c0d6f

SHA512
54d6fee5acd4643969c198e4607b61901a74b140abc4319c7b9fce3eaf22f203eeb9b569241f62ba7ddbe34d0fc4db7524de09787bd33bb19c943ad374aec36a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\d3dcompiler_47.dll

Filesize
20KB

MD5
fc7430f45aae8eeb995600db207f18c2

SHA1
da852aa2047445c6d442da461ed1bdb4e4f415fd

SHA256
c93ccccb937ced3b08e35c22dfd61db352de821a0a91c7d9198f55837f304268

SHA512
d4dc4267416efe13acdc6df6d8510701b3e11f4b8f5741fe7d43b91e52df8805c60abf6514ba7f6ce9be1de1c08b21c4f6b8eaa484b0177243ebed1817661fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
298KB

MD5
77d506f793b8186c4c9e7cf6d86fb40c

SHA1
f952b0fef92f41b7d2b280dddaae11e9754b050f

SHA256
7539f0739736a7cefb8a8ba087888c19b2050879a4d4681e44e763c5cea854d3

SHA512
76d11b7680a202b5e774c2bc5680996ad7e9d26fae40ebb048d02558d790120af0e74f575e3ca8652ad1646c59bb0ab1779170a37f39642ebc06cb993630806c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
422KB

MD5
2026a64d7284c827ff0f3b7da993f2b1

SHA1
fd5171616235362529849c206bbc3858b59f1167

SHA256
daecbd2a33320d805f43fbe5dfd7bf69e702bf63921cddf1f29b526ba7c6f0d0

SHA512
cc7a0a35db96a592d0f993ce110426f699beffbdbd90c0cbe28fe2cd1e0430f45032c6e957cec9c9e322f4f0d51c8c6798b1f062464bfb4b33510ca62c2d1fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
66KB

MD5
22be3ccec8b4d896c210f19ecf3ceab0

SHA1
28eb96f10e84280e1c3c1efe3fa6a5eedb514423

SHA256
1fc2804b83507a61e1d80da05a1574031d8d716996fcde7e98bc1b9663bdfd7f

SHA512
38491f24964ac9665e33c07122f33a9df67aee44a35d257f9082fe0d5d41bbb1fd4c2b967ab426e4ab4c332aacf24da0eb8a20c9dba70c8828484d42b538983b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
92KB

MD5
f44e0266be33cc9e4d13b7500f5677c2

SHA1
cf22a1d27daafe323a78134bd43596f3dd3f7d5c

SHA256
f8126f4f4d011612e419da0544c3c4074ca6dc8d85a359cf855ece5ff3a29165

SHA512
b2eb02c6782601e65fcb018f56589d972b78b91a0ea264877a1fd1b423127603352596f6e49e1434dfecb2de1760b2f3b6c21928f05cf7f39ef13f4dd02563e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
480KB

MD5
1705929741a0586b877aa14f79f08d16

SHA1
8d15e0f71c9336e109d6e5a94e3b34ce692c84fc

SHA256
3a7ec550490b8fbd0c5eef5ea0f4f8aec35a867404995b316cef8e0d7ad323b2

SHA512
bbb344dad89bc1c8602884f71f23918dc9e2d40c10f5cb41a70fd825da1dc768c1e110ba6a7f3202d9eea2b56a6807c42159893a7ab5d1ac2e75bf79a0434742

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
295KB

MD5
5f85f6aa8b6248b91aeb120aec56e916

SHA1
24ab716c4e0d2fbc375b40904a2f906919e380e8

SHA256
086851c813c6e0e567c65e667e000aa39ca1bf46974716d3e514f7e5875d818d

SHA512
ca67273af671c78f914b52db0150d02e13ee15ef5faae329e23f5a08795f027a3a9aa104550c20baae44ac59adad2e9d1bcb5eb37300ba72454d0a88a319f3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
341KB

MD5
8b9837ea1208c72c10a28ad184774bc0

SHA1
756af5e12ef7a6fe205d07dd67b9e4d1cba27f45

SHA256
62ff44b8d393b31dec28a21ef6d5fd513201906e383a1e5133a8ac45cbe82140

SHA512
807816210b99ab5dbdd2bbde3a61cffbbc2cfc6cbda6a2506f6f727365b12cad1cec200297038e184c7ad15c0c5722db92c01d7665d6d73d026ce2c74d5c923c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
356KB

MD5
a6297e47ee783169ca7932fce13115f0

SHA1
b40a0f2c431c4581de8f25eddd916be8e89101ad

SHA256
4eac2ce34a5e262d971bc85f686b3367397d9ec0986c34e0695a94d2ada6713c

SHA512
e53a37a5465504c00b42ddbb23d8f55cb531b1b59b37075f0aee5273257e220051d34fb109f131c7dfc7ea5bb701e25f3029087479b15b0118d1c20f9ef002ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
242KB

MD5
b116416dbd0b7e540346a71c74813cdc

SHA1
44a29b8c956f3de4bbd3aa82f203fb1a6d37ff98

SHA256
b48993191cc4ac6383c239b06dc99be366c99db65bf144ff82148a973fcccb83

SHA512
0c34bf1dfeb1ec213d9bc39ad04f6730012125d7640dcfd55c955191bb295d67e37a6503152247ef8a15f7c39bb374a6e391166a12c1c8bb44f929d30d33c56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\icudtl.dat

Filesize
602KB

MD5
32ac7deaf4d8cfc3018a490a3b1e68a5

SHA1
44a73b3dbc7364c1740c325e0137086f4767f935

SHA256
885bce20a6ba94030ab6fc517af08b10b7e681cbab8ea825a10c667bf54795ab

SHA512
49fad19277be5744d98b900d9d402862b6e493a9f6a75294a77faf0e2e1207677fe54180128e94d1dcb61ea66ec223f5cdce70dde53646c83315c99d41fd3441

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libEGL.dll

Filesize
91KB

MD5
d16fa1a950a1850b6a3de4fa73e0252d

SHA1
1037afa9c6667e478ba7d115e399ab44faeceacb

SHA256
a655b66715ccba540127f6e2e6d9e8ddb8add9435b6519d71a2ba90df15049a2

SHA512
7550ff09b3f98c4bbafc5549b02a260ef262dc9b4d6af60dca2fc03b3990f900161d7e2690a0d0b5eefdfc235c534fd0057bbc97d97d24aaaf59391809ee21b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libGLESv2.dll

Filesize
72KB

MD5
99aed47e1d1b9d2164b71c713db188e4

SHA1
9b80e6e617facde42bf17e98d67f2e46d3f87ff5

SHA256
76eeb9222158df4063a219f50b6b0ffc0c37f15811e5180e7861193db446d651

SHA512
a99078e4f0e9754a0424c572278e275a7146e2ff9732b768bb91e9c6a36af1ebbc54f05bb3f9468766d3c52188bff24995db978943eeb2db67584d3591cd037c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libegl.dll

Filesize
78KB

MD5
d4749807f28b09e448022b9b2a88ef6f

SHA1
7f9416b7e61a5b957712f17dd4548c4bf0c04945

SHA256
18b6238b7fda55bf7bd14d712f1097b9b36b711bc3ea9904e5659419f1206a5a

SHA512
3621a60a5f5b089903e72c8dc96e1950d0782706ab404690bc7e4dc621efabcca9cb8f28f92199f00eff09ae26f67dc095c9cd989993625561504615634dbbbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libglesv2.dll

Filesize
513KB

MD5
9d5a955db71082375c83183b18d91a56

SHA1
55bcbcfa25b56b441e3df82b2ba8c0ad0778dc13

SHA256
737f9fdb000b49794edad3f0c48b680d4ed615a9c4b803da8cf996f59ba66913

SHA512
16f76de2af18c9a2ea27bb277e87fb0809fc392d5d086ea5b8dc458ec1da84bd3002882a19b1390e41cbe958bedca2e875e673f9ed929cae0232c092f48ba278

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\ar-XB.pak.info

Filesize
1015KB

MD5
edaef65b3082ac1502e46a7efe9a7260

SHA1
80fd9d68b4a0af62ef7f53d58ee9fb3ef1ef32c4

SHA256
7f8d7ac684642fb44625b0e32c0d8d20df0f661db616b157be04dfec918416eb

SHA512
3564bd96293d4a07c15d2ddd50abb531aea0a62cd4e0a8e70b60c7ef015b6e11f8221f353b668b0670938299770cf3607303075fc5f34bb73f9abbd48f666726

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\en-US.pak

Filesize
448KB

MD5
09a27daab8ed231994af216a98a73b85

SHA1
c2211a4cdc878c7685f30454bf9742b68025d22a

SHA256
b8a8ee9f3dd6946649beb4f3ff96889bc010aec561678903316cfb26d7819479

SHA512
40016c3fe93989936cd63ed1e20da403f9b19f712efc31b65d485f06daa7df41ba86da76ca0ea04db2932cb4ef928ff2ab70aedc839a8ce472b83a92ac298e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\node.dll

Filesize
254KB

MD5
f272c7fcb9335784aaa82563018ec6a6

SHA1
5c2e0bc14dd7c476c5c3605428847ee5e38809fe

SHA256
b825d676a2fa9d6af799345a9c1bc6371ce6f9d56b4e03587d0647627565c42b

SHA512
6f5f7517469fbc3e6588a4ae88fe692fd41cdc3bccb80d95e4326d5c41bab5f2fc0f6bb8327dba0b7f4d86377aeba6d656d2e9eaf76f4e8cb4569cd3331b2170

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\node.dll

Filesize
370KB

MD5
be644107bfd5f513c66f3a85164dd662

SHA1
1890dcf5aa2918f6d255560d6dcf21deb8144c2e

SHA256
64b0a30eacc0a048d3d96d42176bd38c3454287c83783632f325ec080acf734c

SHA512
193f1e76a05af624c1ba6c9c5756a9a3bead6fc5d4d49bd96505c88dafa0902b36f576822dd43d7ecb2a82575a43f275ae11754c069685b4ca2050a3b1a0d13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
1.0MB

MD5
6904d425f49326f95b9e4e3e80e4232a

SHA1
be70342128b6f63856bc437c61a36b20fcff9d3d

SHA256
c1869e2aa8936caf3d82804cce9cf05481e6b728929d2843909be8b3430184eb

SHA512
8d1fa2cab72387fcdca985cfd93dc75c3b4dc6b99b418df56ab2b21a16cd2393616d207f2e4b7342d45643482c8833b7d65c9a086f09472679a667b7210ecdc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
253KB

MD5
82fb725886542fc3abd7c5e7835d7e30

SHA1
284821159eacf2b333abc7d7df6ce331cc927811

SHA256
bd86d9e9cd79c3a66a759f147ff7db2afc83fc8e078795339b93df91b27cd082

SHA512
7bf768f7766c40e929cf47686dc4877b6cd7d7302228b9538140530a8a87af74af4fd4709e8d19a2fec75c08f7fdb5b96fd3c79c293f1b41483bc4e4a72d030d

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
116KB

MD5
6db53ff49977de69974eaff19bfd0c7d

SHA1
3c4f973ba18ff9fd6c1a5823962d5229809a1eed

SHA256
3da3ea0997b87ff1d7bfa5fd6b326b5c73d7d89493721bc04d24fcfa5086c4b2

SHA512
8872cefc33da00c6eaddd9020d10c1c186609e7099023325a511ca8c0f68e0f599c8fb63e68ba4fdf3fb934cff0e6e9aaa3d296bda3fc9251ceef12a65a2aef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
343KB

MD5
8ac15b57433874060a597b40006a50d4

SHA1
848a63558ba148adcc392a5e112ff53575c52ec9

SHA256
43b7fdeaa58a488546273d5c1eba7bb6b5088bf71e64a64cbbd69af12cad454d

SHA512
c6104ae45eb374ba4bb3bdb3ec5ba843604ad38131aece1acaebd04980d2020a4f3606afab2faa3bb32aa4fc3bffdb5d8520ec31813130b1fa4101a9dff2c620

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
413KB

MD5
47c34a7bd889c42baa3fd57134d19cad

SHA1
80a205c63dcf25b0a775b4a1ef145ec86337e748

SHA256
6f3cf4e52732724478003ef6bc0c1c1276c4ec8659cd73e1418ed5e87181fd0e

SHA512
d854d1fd9c9d28e8a376b478da53b2cfc8d31e31795b03d0e218bf5fedbbf63726407cf2e4a3543335ff9babbae59ab006fd013d0efaab66ec4f39498eb80154

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
574KB

MD5
ebb7aa9e1176fd9dc0fd9185f612c6be

SHA1
91570a2c934caa09d2f23d046bc204cf2647df6b

SHA256
8af1ebfbbfed2fb0078063ac4543e179a24c18bd588adcd6a04b9b245c59d5fb

SHA512
59995e20b9af41cde83317b1fe395f84830039dabd7f72592e84b1ac073fc4fbd65e68be4e8ff6492a480d89233215cc59ddfb101bb0abedfadd675060a5c9af

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
231KB

MD5
1fffbff85d10c82121b3a3bb7fa7e050

SHA1
5eab22720e7df2c1a80e6f21334868254c3d2ef4

SHA256
54c29b6a569c03790b9d4089d7f6f847b208a3dab11d64c2f5f20122363de583

SHA512
7e701323cfd695c6db002175ccb0af572f2dc76c7f256f0bfadea268a4250b30b37d3ea13f4225aa3660bd8e1e4cde9b6154642f468c34cd5077351d1c3b144b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
369KB

MD5
753d6b6a336dc832519d603437a3db75

SHA1
81c8047906d18c047c92338281b599cb156bcf16

SHA256
1f66213a8f39993184aa5c81fc5c3937759794967a6703f7ef36703ad09fc528

SHA512
e109c1c3774629a9e63ef54e4d6235f92e01a72c6d4e9164af6684109427b0f2f25a1f3ee7f0dc014f32c184c04d91048fdd5aa48d179d8d0aa205eecafb43ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
256KB

MD5
abd51a9c9b997f934d7dc9f83147722f

SHA1
88aea8fae682966d8a17da1775c0fe3caff607fa

SHA256
aa173124e636675b5dc205a029584ae62dbce32941e4f9cba29a617bda2c929d

SHA512
1e0dd037b63e2e34620d71b2b04995b543e8ec241e899ab2231d0dc1cc04c07e36e368262d8c3ea7e5b8ba76839ea241517eb6010655442aa4c47a9187aa7d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_100_percent.pak

Filesize
718KB

MD5
2f1c41cd4f8d630e965c83608aeb8dd1

SHA1
877ee7e4190967d69c6ebf9c6a52327ec10dffae

SHA256
a476dbd7731b7db5a771445cb9cd8a838dc706d8986f9e1da3d81fac59cbeb1d

SHA512
1780bbeece915ff4d959b13dce849ad608301eab7b299bc8fad9251c2ca392b6833ceece30256ed607b4b5e12dbb7b5e0d247b711901c628b180497eed872239

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_200_percent.pak

Filesize
749KB

MD5
4f880e487db15e2ed6677c1c85fed3b6

SHA1
598c9fd4dbf8c9949bf8a8745d07d6ff0716e775

SHA256
02d031f720c3a857b496790b90f8a5df9ba1d831ee2ea343032947b93918558f

SHA512
466f22f8c6e8982bf4479b5a5604be222e4a6bbd63f42e9cdb8718b8e6f845041c69965488875f873e87df950e4b1a3f96f6c76bee5caf1831052fcfc4e19cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
1.1MB

MD5
98acbb1ba1112cfa4da907558ea7cc0e

SHA1
9e041b920a7a9e9bc0aea6fc7709deb67eecf7ef

SHA256
0c57bc73ca823aef5dbb3785cdb343dec62854f80e811df16ac71ba88a039a5f

SHA512
a4845ccf34b534d5ff336a909b66f8cd4f48c151540197ebf63242a83c02a4f5a9f992a7975de44ca0f66e810e302a37f331d4bd26afff5088f2c44df517ac86

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
64KB

MD5
ce120843a3042b4d21f6e1801b3952a7

SHA1
fdadc80933a38ef900b2392f37dc7eb557918b87

SHA256
7c4f847cd4f6e8b33b1927a1c5c2f3133e7822d1f2be0b2f13252b18e479bcab

SHA512
5dec24cb85813f6bdd723f117c4aef374dd6090776fc312883e2470b8bec1d505f825f938d9d4214d9740c87bb28ec693d5208860669eb4114487c85e835f8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
640KB

MD5
5fae4bd46710aefc0042fd35de4df786

SHA1
057c3d64a352121f50f7c43b1a467f74f61fd4cb

SHA256
db56659c066e19f3ceb4f088e726de6fe37e3ab75abdec75bee7d0eaa57548a7

SHA512
e8a1e82aa3be70af47b8018022bb54889c44bf50c862ece7029f6acc5905e22c6ebc30f904f4416299c1bccc19eefa57246d61c3530464c4a799fffa32659681

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
114KB

MD5
a7ac97119bbce17a4885032f763b6bf8

SHA1
4b7a8f9a26dc36e30d57bbae0a7a767bddef9210

SHA256
d96ef81c999270fd23441ea7eb9bf12e890ddb97eba355e7a6b05763e6d77169

SHA512
9da66a927e07272b8ce9abdd6f07d26ede2ff7856ca43d3057754ff356729c0b064f0d81bf4de1673cd100ffe101c46c9187311aadeb7739cdfaf7792e0d9bbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
9KB

MD5
3eb868cb060f1ec605a6053819b228e8

SHA1
bebe06422dd4a6f803c0dc8162d3faa3532ab1fd

SHA256
f423184f887daa9d65f1a78cc524a71ac56edf0098d6114ddcb7f2e5eac19e78

SHA512
f9bfbde8c2a23d61923c828dfa0ab86378328057fb37a4fce3439e69477c7d4a3d9fe3bcd764e6d1f3bdc550cd5712968d88be89d6432f0dc9ca71e8b6e4e0ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
514KB

MD5
99698087f6a87d92d9d21233d5766bb4

SHA1
7d45711f96811f7bf9ec65b51dd4700f8d98770a

SHA256
f759f78f77d6d07aaa84b0d7e2cc25f6c41b784fbe81a664221f07880704f988

SHA512
a4270030867c54378d6e62b05e6b963b673331d30edab14cfa0bf86471db1242b9b0f813aaf5c46d9da1eb9f1a9e231fcd0f354b81ca7a01a22275c58045fecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
133KB

MD5
22dc94d4e9599671927d61afba89530b

SHA1
f04542263e9ce8eb31d56e272fccdebf27e226a5

SHA256
94dbc723887c3d64dbe3f43573c38e61a85adadb84487f4cd38c6e53c88c3fa3

SHA512
a0458098d25394c2a873c65bfad5e4fecbc5271903bc28a302d1dbdee8911c906d927dac418d8d9909c3cc3c2998a740e9a34c4f88a910a408f34219765f6514

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
443KB

MD5
4eb4f22598e6ef824982d6911c64d5ac

SHA1
8411321b20de3a8342ac3766f55249a98a74f393

SHA256
35222b68186013af5aca4daf1ead248a658af14d1f9ab98fa8104df31b3ab72e

SHA512
810cefd6c05f4cf38eec29a36f5ee0751a597e4f7c9e4a243257703929713c0a93d7e3b8e6cffed30d2ff5a92d6637b7c903065d449917d12c3d136421c75567

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
80KB

MD5
6b76dd9792a1476ab0ea97158c577330

SHA1
fccbc7f1df9104df937fa0fa6a1f3c3f9f3f4ba6

SHA256
66e67692883a7a13141e8aac52dd3670c03c53d728c521b9e5178c4cba0504e8

SHA512
30f5382036cb8168493d8e8c26cff2bf5d5319ef25b641ef1f2767cd7e130015057d247f6762eea301d0b028880ff5928c15edaa61703997532765ee7c68c536

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\resources.pak

Filesize
949KB

MD5
8e6d462974fcf3ea40bde83801be6aa2

SHA1
ae16b802b5b2cca5b601702e92fc862d48cb45d0

SHA256
3fecb38c76d21a64e9616c5caa7a31a85be7d544b9e1c4339f09ea81c8e1ef79

SHA512
266f134622c5722228077a5408e021e16921658cdd4ae1a49e7dd262075525eb2584ade5d321adea6973d02465ce7ec39a257ee2ddc897c139793c56d9e461d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\v8_context_snapshot.bin

Filesize
137KB

MD5
581a646144c8ee7d686a869782ea6ea5

SHA1
063351119336927e6c508786456eae620b07e93c

SHA256
3f42f480c905296efa31e6cf88c1b88bc791a594f84f61c7b1d0d75bbc93d5ba

SHA512
63b4ed2213000a166542c437e1e17072d110d1983bc1da33eeafb525b7cb895c3bdf0e63491acc017fdc3d1814188b8360d08e869e08e46c5faa8dbd523c1f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\vk_swiftshader.dll

Filesize
5KB

MD5
048254e358392e57c46e51c86f7faf98

SHA1
66246bd0634089c5a086176e057b072c7dde2815

SHA256
e48f9181e13e61f76e98941720293149054d37b780e41d72443228300077be71

SHA512
9af8d1a48b81593e7ce69e4ed111cac95ea131dc75658f022251be3764219c47f2619a9d8ddffcd50af9faa830047eeb68ad14f14a5062d5eb3530004b1cac21

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\vk_swiftshader.dll

Filesize
15KB

MD5
2d68425db2d97825ccf71ae297a2a504

SHA1
b5c5532aa33fbd9f849c71911a586f19d6437dcf

SHA256
222e7248074a3aa227f0c403ef90114ac554f3bb519e834f39f78bf0e2d4f92a

SHA512
dc83cb071a137593a546a3c87f0fcc22bcb33402cc6d4d4e3832a0c94aee70d64bb4072c00750c31707fcbf236f9d676c4b301392d8e9ec3cd5012b9c6345159

Download Submit
memory/2716-651-0x0000000001640000-0x00000000016B3000-memory.dmp

Filesize
460KB

Download
memory/2716-649-0x0000000001640000-0x00000000016B3000-memory.dmp

Filesize
460KB

Download
memory/2716-647-0x0000000001640000-0x00000000016B3000-memory.dmp

Filesize
460KB

Download
memory/2716-648-0x0000000001640000-0x00000000016B3000-memory.dmp

Filesize
460KB

Download
memory/2716-645-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2716-571-0x0000000077341000-0x0000000077461000-memory.dmp

Filesize
1.1MB

Download
memory/2716-650-0x0000000001640000-0x00000000016B3000-memory.dmp

Filesize
460KB

Download
memory/2716-646-0x0000000001640000-0x00000000016B3000-memory.dmp

Filesize
460KB

Download
memory/3448-1421-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1420-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1430-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1431-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1429-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1428-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1426-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1427-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3448-1422-0x000001FCA0D10000-0x000001FCA0D11000-memory.dmp

Filesize
4KB

Download
memory/3520-1441-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1445-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1444-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1446-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1447-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1448-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1443-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1440-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3520-1439-0x0000017C5DDD0000-0x0000017C5DDD1000-memory.dmp

Filesize
4KB

Download
memory/3804-1438-0x0000000004FA0000-0x0000000005013000-memory.dmp

Filesize
460KB

Download
memory/4664-837-0x00000000048C0000-0x0000000004933000-memory.dmp

Filesize
460KB

Download
memory/4740-661-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-662-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-670-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-669-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-663-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-673-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-672-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-668-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-671-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download
memory/4740-667-0x000001FFEE0C0000-0x000001FFEE0C1000-memory.dmp

Filesize
4KB

Download