observer | hxxps://github[.]com/burakovec/burakovec1/releases/download/Release/Universal-Setup[.]zip

Analysis

max time kernel
136s
max time network
249s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
20/02/2024, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/burakovec/burakovec1/releases/download/Release/Universal-Setup.zip

Score

10^/10

observer stealer

Malware Config

Extracted

Family

observer

http://5.42.66.25:3000

Signatures

Observer
Observer is an infostealer written in C++.
stealer observer
Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 7 IoCs

pid	Process
1716	Launcher.exe
2552	Launcher.exe
1892	Launcher.exe
2940	Launcher.exe
4924	Launcher.exe
3968	Launcher.exe
4024	cmd.exe

Loads dropped DLL 24 IoCs

pid	Process
1716	Launcher.exe
1716	Launcher.exe
1716	Launcher.exe
2552	Launcher.exe
2940	Launcher.exe
1892	Launcher.exe
2940	Launcher.exe
2940	Launcher.exe
1892	Launcher.exe
1892	Launcher.exe
4924	Launcher.exe
4924	Launcher.exe
4924	Launcher.exe
1892	Launcher.exe
1892	Launcher.exe
1892	Launcher.exe
1892	Launcher.exe
3968	Launcher.exe
3968	Launcher.exe
3968	Launcher.exe
3968	Launcher.exe
4024	cmd.exe
4024	cmd.exe
4024	cmd.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files\nw1716_647138291\package-lock.json	Launcher.exe
File created	C:\Program Files\nw1716_647138291\package.json	Launcher.exe
File created	C:\Program Files\nw1716_647138291\node_modules\.package-lock.json	Launcher.exe
File created	C:\Program Files\nw1716_647138291\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw1716_647138291\nw\index.html	Launcher.exe
File created	C:\Program Files\nw1716_647138291\nw\index.js	Launcher.exe
File created	C:\Program Files\nw1716_647138291\nw\background.png	Launcher.exe
File created	C:\Program Files\nw1716_647138291\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw1716_647138291\nw\icon.ico	Launcher.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
600	1728	WerFault.exe	111
4580	1728	WerFault.exe	111
3184	4048	WerFault.exe	131
1980	4048	WerFault.exe	131

Enumerates processes with tasklist 1 TTPs 4 IoCs

Process Discovery

T1057

pid	Process
3324	tasklist.exe
3880	tasklist.exe
4756	tasklist.exe
3288	tasklist.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Launcher.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529321776607229"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings	chrome.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
4580	PING.EXE
3040	PING.EXE

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
4428	chrome.exe
4428	chrome.exe
2552	Launcher.exe
2552	Launcher.exe
2552	Launcher.exe
2552	Launcher.exe
1716	Launcher.exe
1716	Launcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
204	chrome.exe
204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
68	Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 204 wrote to memory of 2888	204	chrome.exe	73
PID 204 wrote to memory of 2888	204	chrome.exe	73
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 3760	204	chrome.exe	79
PID 204 wrote to memory of 1304	204	chrome.exe	76
PID 204 wrote to memory of 1304	204	chrome.exe	76
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75
PID 204 wrote to memory of 1292	204	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/burakovec/burakovec1/releases/download/Release/Universal-Setup.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbc8459758,0x7ffbc8459768,0x7ffbc8459778
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1840 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1456 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:2
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3660 --field-trial-handle=2140,i,18007722310488719527,13913316791333214439,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Temp1_Universal-Setup.zip\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Universal-Setup.zip\Setup.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:68
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" /fj230ur90f90329039039093/Launcher.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ffbb2f8b960,0x7ffbb2f8b970,0x7ffbb2f8b980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw1716_647138291" --no-appcompat-clear --mojo-platform-channel-handle=2024 --field-trial-handle=1936,i,904900158694411131,3695056772423216137,262144 --variations-seed-version /prefetch:8
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4924
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw1716_647138291" --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1940 --field-trial-handle=1936,i,904900158694411131,3695056772423216137,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw1716_647138291" --nwjs --extension-process --no-appcompat-clear --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1936,i,904900158694411131,3695056772423216137,262144 --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3968
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\file_27h2bk.exe"
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\file_27h2bk.exe
        
        C:\Users\Admin\AppData\Local\Temp\file_27h2bk.exe
        5⤵
        
        PID:168
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k move Bathrooms Bathrooms.bat & Bathrooms.bat & exit
        6⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
        7⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:3880
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "wrsa.exe opssvc.exe"
        7⤵
        
        PID:400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:4756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c md 27646
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\27646\Awareness.pif
        
        27646\Awareness.pif 27646\Q
        7⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 1432
        8⤵
        Program crash
        
        PID:600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 1424
        8⤵
        Program crash
        
        PID:4580
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping -n 5 localhost
        7⤵
        Runs ping.exe
        
        PID:4580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Subsequent + Controversy 27646\Q
        7⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b Compound + Injection + Emotions + Worm + Participants + Richmond 27646\Awareness.pif
        7⤵
        
        PID:4144
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\file_u2ugah.exe"
      4⤵
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw1716_647138291" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1932 --field-trial-handle=1936,i,904900158694411131,3695056772423216137,262144 --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw1716_647138291" --no-appcompat-clear --mojo-platform-channel-handle=3928 --field-trial-handle=1936,i,904900158694411131,3695056772423216137,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw1716_647138291" --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=1936,i,904900158694411131,3695056772423216137,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:436
- - C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw1716_647138291" --no-appcompat-clear --mojo-platform-channel-handle=3484 --field-trial-handle=1936,i,904900158694411131,3695056772423216137,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1588

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc
1⤵
PID:708

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:652

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
1⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\file_u2ugah.exe
C:\Users\Admin\AppData\Local\Temp\file_u2ugah.exe
1⤵
PID:3120
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /k move Bathrooms Bathrooms.bat & Bathrooms.bat & exit
  2⤵
  PID:1236
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
    3⤵
    PID:1088
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3288
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "wrsa.exe opssvc.exe"
    3⤵
    PID:4428
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3324
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b Compound + Injection + Emotions + Worm + Participants + Richmond 27828\Awareness.pif
    3⤵
    PID:1352
- - C:\Windows\SysWOW64\PING.EXE
    ping -n 5 localhost
    3⤵
    - Runs ping.exe
    PID:3040
- - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\27828\Awareness.pif
    27828\Awareness.pif 27828\Q
    3⤵
    PID:4048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 1444
      4⤵
      Program crash
      PID:3184
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 1436
      4⤵
      Program crash
      PID:1980
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b Subsequent + Controversy 27828\Q
    3⤵
    PID:4668
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 27828
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:600
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.0.1167906428\411451127" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3423433d-8d01-4a67-8ffd-b063be0fc3ad} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 1800 1187d1c1158 gpu
    3⤵
    PID:168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.1.1464549882\1874812027" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c97e183-7244-487e-91a8-b7b8a51191ba} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2152 11871f72e58 socket
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.2.1813239908\1766444655" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2872 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d01bc4f2-e152-4f25-bd7a-173e0037fe78} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2888 11802398458 tab
    3⤵
    PID:352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.3.176555579\1039965826" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {874d2598-7a2d-42dc-a6b7-2fc82a27be3e} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3520 118008ea258 tab
    3⤵
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.4.726834120\1717936947" -childID 3 -isForBrowser -prefsHandle 3700 -prefMapHandle 3628 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fedddf8f-38ab-47e6-a931-64e57e364b80} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 3712 118029bef58 tab
    3⤵
    PID:3288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.5.1034395213\2101194389" -childID 4 -isForBrowser -prefsHandle 2612 -prefMapHandle 4784 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b9e6b9f-4322-4c77-bd04-40eecf721d88} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 2532 11804609b58 tab
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.7.1502865557\1888369255" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eb6926e-15fd-47cd-949c-fdb504d72984} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 5180 118046c7c58 tab
    3⤵
    PID:5820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.6.1891101117\1544028217" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac111af7-d919-4829-b419-e96374914199} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 5008 118046c5e58 tab
    3⤵
    PID:5812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2828.8.148534013\1134588144" -childID 7 -isForBrowser -prefsHandle 4628 -prefMapHandle 3736 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd73d951-63a0-4d4c-8070-6638b372662a} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" 4640 118040a1e58 tab
    3⤵
    PID:5296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\nw1716_647138291\nw\fav.png

Filesize
248KB

MD5
3faf439a6cd9d9a9fa9f8aeb85cd0f05

SHA1
2af297f14c4a0d9ade6663d6eecb8fa051ea85f8

SHA256
a04a437646dc6d3ca3f6563384c0ed1a14364ce502df8fe75d6200cb53d229e0

SHA512
2b9bacb4039f967871af6fe772245e1f83f584ef17e49345eb4f000d49a4ba8c9ee3d154e61713687861775ab5e5496959b58b606edad4e489d2444c487db971

Download Submit
C:\Program Files\nw1716_647138291\package.json

Filesize
554B

MD5
fef3c629b4988e5756d334f251e96748

SHA1
02ec04f252e2a00de7f991c212847b533a1c1165

SHA256
b94cbaf6c5e5c6f2222852305bca0013619f49ec1cee54e5cf4f84266d1eb13e

SHA512
8f488a4a40c1ee7103c30ba1c1b17fb43d7fdd01dc98f81008d16cc2ffb8fa419985d212d4a00e50e4d470d27c1438af3861c70b23ac4f191a7ffd2b96d2245a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4699984f-06b8-4401-870d-ecbea157416d.tmp

Filesize
6KB

MD5
f097bbf7871dc2f4183248f68d793bf4

SHA1
9497a5c0fcf72f2380f0e1f26dfccaccb46f6ef9

SHA256
b0d691826a97a71f089106b7e413c49909b19982148e3202d7bbe9981bccb5ce

SHA512
e884286da31c62e0a1b656050878034deea9a18b4cf5922fa1b3c6e2eb93aa6c1734851e775057de45962488fe022edb09070ab2b65c7a98d088f4af7e0821b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3e2add8f908bbe623c7f4cd5c3634b10

SHA1
82444eee85fd2060f9445ce8cf7b2b7209c7f474

SHA256
ef4617014605233c3c8bd99f45c587b80dbacd4490ec3a15d6a438459f863468

SHA512
8a9244348c856b8e7702e8c7a7b3c222d982eabb885674c4b94dbcfe5e0a3f09058e65b2178d94bf61aa6b4dd710f4779614c6169a5cee804a0015609c335292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1a5c0da03e23327ca88b1d52a657f32e

SHA1
f48b358b667f72ddefed17533297c5b75c618c7c

SHA256
a522751634b04666facbfa8593e207990f5811e3d0591dc1d5cd65d280830ef3

SHA512
4e8443ea4119d36dd7cbc5272eec62cfb22259ff4b3b96914822638d2e9bdb96378586da61dee53d889177b626ae682d4a33f58fce84e0d0abf6c2d2185045ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
8cf2255e86f7d343482810dd8c33e6de

SHA1
542e009e56d94b915f7db02e76b7f0ed5a990dea

SHA256
2ea66bf858330bd8e55fd961cc3f29bea2ceddd8ebdfea2854bd97223819e10a

SHA512
7edcf2e534733b21362d3e359559349a10fdd2a1bf55c91fac4463f43833be6b25187a8d0373748952405f72efbc7f993a8696f09f047fe77e0097a88934e84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d3f5b5cb1ee211995579344f6fce4042

SHA1
f91db643c54a42f0a59ed0ca9698616a5fe0d1ba

SHA256
5fba148896e6d406d77ae4d0e833110fba2ca97f4f3d9f22958704c481e4faec

SHA512
753b59228636dc63c7a6909a1edd506c13beb98df89ede4f921b2f3a9b4fe76de87758be18c391b5cb3fe821bb9d4afea34afc99cbce1fa22c32841a8814fc3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
73571087a7668d1b2c2f0b29f890279b

SHA1
bfd4f7d766558aeaf2f866a330062004de139af9

SHA256
5c02157f64ea916337d1b4089654e4ee85561a8335860d53db5e68c985c80156

SHA512
feb39a0c95642a1b9587f1b3c527c1239c3d858679bd2b4b3b7c1dab16d5539fc03c9af6a5dcac513d3caa58058e2c39e2eb2af08f3c89ffa55ac607da8816fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
0ffb0e5ac6bd11441e34c7ce6224dfd0

SHA1
82cc0cf7498c9d3a30449144d5c4531607bf34c7

SHA256
8eaf81f929c5c3c58af08f5cbcc40ad03b43499b02e62873d4077cdd7dfc7a7e

SHA512
e4527a6e8027d74a5333b51a99301a03302eb3d2359daf1b8203396a447749e1637eecd59a84d3cf8bd9acabf9fe3ce1a89d98d16d756e33e3f1aa28d5387b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
68d5f810f721371169dddb1dcf341850

SHA1
073f64c1e7c0ef4c995bdbd78d31b0cdf156bc08

SHA256
997402fc1665c52e6ceb1430ed6eac6406684de1f5a2356e5956049c21fb788e

SHA512
dda72577926a48f8160e0a2efe7b6271fd750d80eec5e8c3b00faeb0a936d1e48980ea578523cfe64b8f6dfeaacafe71e6bd13e1f705f44efb535721ab658681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59696e.TMP

Filesize
100KB

MD5
8aa13e6a49f289a672c115d6c658ca0b

SHA1
14ca2da0f01f5814c18406766ca8f13c8e51623f

SHA256
b2792c09c8529b83f5dd5c59a008af178a09c3ebd18c3df77ed45fd58928f3b7

SHA512
a0d0e191f05060a1da97ece54563e3d6b6e3ac43982872671f76a9060f495ee12547a6d15e93d85fdea0caf5ebddbc2537ff093130be457f843c4118bbbd433a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2b8a0c321dc9c26442d2039e19ffc7e2

SHA1
b58484dacabaebfceb81deb27f0c20428c55827e

SHA256
84de173e3d0cb170400a1d3d009324dc3a843e1c326b264b3c0f183f36fce40e

SHA512
550fb8ad4aa73eddec0eef34c11e7ecb082cd4d9621638fa5fdb2aac43a8b51a6e5c89d6e056cbcfe7e78484d83e6338499fedb289d065f6eba94d3baa259a40

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\2f9fc2b1-f688-42ec-ab75-166aa3376677.tmp

Filesize
4KB

MD5
a01ef62427f71e3916b71bd8a33a3469

SHA1
21804c33a17fae5920428bed9a9c3c3b7caff377

SHA256
3af14030db018e35dc09c37375c96def89274539888eefe4bbde03f6df5be65c

SHA512
732fbf848acb5cdd571972000064df6b82a2d4a1e4c704962951451b1fb5ed98e03aea6fdfcbbc3009694e40f6708e5d044b78459c57bf81fe5109c2be5b2e0c

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Extension Rules\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
883B

MD5
fbd322747c4902150116bacddbaf4f96

SHA1
f9b8e5bab99990120308456715f79be3d0de3696

SHA256
68854765d2f6677c0bf1cebeb63372e69d81aa33e422b76f2d75ed0c8a146174

SHA512
2a5014dcccba9825893b25377bd41c7944a52685d4750f400955fbcbac0c4dbf3d32318b03c071939c98b4bb99ac0f79d6ea3c83d64827d0f9f1f47f62c922be

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State~RFe5a9183.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
f164fed9ca4f0c3cd1830a64cd3a210a

SHA1
749bb4f5ef07717420738992ee2ddde910e85986

SHA256
c550b40ec116788eabdbb7e784f5196c2e6aca557f20dc319eac4018207e69ac

SHA512
1d3dcf2acba6ebbea6be4b46cebb448620719a0dd06280f8a3fdc2a6fb087c17405b73ad90d5097660472cc228004656dd6f5084b391be50f62168d4cc9440ef

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity~RFe5a9ced.TMP

Filesize
355B

MD5
655748485ee758b0fc87af88d92b8610

SHA1
9dc01b843e89a4387385472f2d25622814d43bf3

SHA256
28682deb0682402183d72ad19b79d2d1e6122b1104fe054ec3393c796fc6d671

SHA512
42186625efc898f34161aa19ca503549055d3477e34ca5b3589567f542b5fb3b4cb4c27d3824b2a72e2861c16ec6ab18753f0732583441710a0d3bf1898b9bb7

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
c0d531c2ca2058b3e7333bc770dea8fe

SHA1
6cd514469a849f40a3fa1e3cf9d1beeb5de505ff

SHA256
49806d8457fd1dce5f51f23efb517f501b973d53c57dc42af462802cf7aa4f85

SHA512
e04e8536fc6876713d491995598a3803445677d3084bea9d9d8a7e30f5b2457c7d55b911117c4dc6558ce949d07a56c10aeb80aa78d09b3a4cf7ac1cfc2d8fb5

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
de6c0203bc74883abd8c8285ee8a7ba6

SHA1
272be3b5dce6116562dc434290e888fe65acbbdd

SHA256
66072a4b95044c8b10523e79554684748c0f053440ae3b9c561ab20ca60d0b05

SHA512
3e549111b9d49be33a6b64f1994302a518008df5a23851f1d9baf0987376bf6d60a9f2636b50f8905f6e4976d7aa4c2ad784a6581fcdcc3cb203fe1345981879

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
03e115d7affb80bff989556be18b8603

SHA1
bd0f3b741bbda5b2d91e22a4664d34be5b660be5

SHA256
b6962a4089efc9b6f3f40c8a28a0ad159e3dbf2f6256f198df83331fc6518481

SHA512
e1986d446d5a47be2e2a08fefebc88e791478f87cad138e11e9ece64a5503f6a20c7f59d6852405783f1f1800460e1b445c2cfcd34ba5dfec47bd4616fad6618

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
8be5ded48fdb1879497d546115d004d3

SHA1
9ae3b0be3644bac5caea7ec5ec2dbac9123702d6

SHA256
70a9e585d98d3b474e3dcc68207c82ebe1d6c4938e592fa82e72dae50f04bca9

SHA512
e32cbb13336d8c461c91fe630491548dee73d842a6b9339468f63a0719a34c2546510ca62f752d0f0a63b962f0f777b0be04d10fc52564346f68d4ff8e6600dd

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
46232628b70cf747af1aa0cf0c73de51

SHA1
af387d920e5705f450b337e46a80b097851c9660

SHA256
09eb99085d91e093d464736212de2e934eac42de24496d23019cdc55df8dcdb0

SHA512
ded7aec1ecfdb11e05621513c6b7df9075a3e01f4f1b4f09c255fb66158cd832208c1ac85b901dfab7b780e7622393e7e0ca5683be2ec7b3aa1cb6d685ca083c

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
f81fca0739b539c507717b6487885408

SHA1
acb2973805ac996f6a9f2dfa637ef53bd623cae1

SHA256
373da53060f33343621807eab24f50f631cc57faf1de476a29bdaa9f24e9f182

SHA512
e8fab7c66180aa2b62ef2dff913f5c75994c213bafa7142b94797ffa3d97f746c5a56123737e1b589e860c0e96f0cc4fe24ff9b52cfda821b0a1225c8de39015

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
9a4a3ef4ffddb0bff59f37a393f86efe

SHA1
bebd1b210baa56922b3a9067c1e76e82b4fe8ca9

SHA256
d066978da809a865c2ebc767b7ea9831be60ca263735cc699c55e7f51d71696f

SHA512
00ed0a82dd3dd9e9ec2bcd911083c094729342e713685712477095a877c09e6c42a67828c2fa7d29dac50b366d237c627b702271b3f890f7301abec6ec361191

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
6d8c0085c3f9ea0a786237143c20b3ef

SHA1
025794ff991d23594f9ce8a81caf9cf22a973c42

SHA256
811670f8050c64f459f34d434c03cbd52dcbc1971f27214a350424ab0a337a43

SHA512
2e74759bc004021347d0066be352cc0c6c35e3d59e37d95037bfaba902a780484d7956e2e1da6d6fca3a02c1a6c740991dcbea20cead1358f37aa17c4c94e11e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
11f22c3842c148c4e1733d99f56f77b8

SHA1
f4fa533158a36f121f28dedda14dacef0ecee0b9

SHA256
b72968ba1e137906c1902a951b511b59c2512e481d6b32362b1aa9082873bb1c

SHA512
bc26dc91b70fbf86bdd25dafc47ba2ac17faf509481c4ee104358f7f6e137af3e87c0443915e5a07b249f249fd9d0730e4280d3f943be2f7b70924c179c15847

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences~RFe59c867.TMP

Filesize
4KB

MD5
b6798fb6ced55fe59fb832aed3403cf0

SHA1
07f85a35f3c62e9262a9b541ffcc1a0576c8a6c7

SHA256
d3d68a237558529b702e8d6f30d6d9047d11f3c56e2d4047d2210de52358aec4

SHA512
a7fabf06166ae49b7f42a011e469ee63eca61f45dd60052a78e942f4b7e77cba8011a6a29db70b55cfe9ffac80ea17f740baccd123ad68cba8ccd2f8ea909499

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\c09f0da7-7307-4afe-9535-47e40a266dee.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
868B

MD5
a1b700b40fa658f0d66e25f0109d2b36

SHA1
e9361d70302e2b759b8f725a220fde403a35ce55

SHA256
20686e8950f6d4fdf0b0b293497b878a4af40cadfce2237161d9e637bdfa86b3

SHA512
843e2ac9265fc6aaee76ad49a49e119f3bf05f130900d78408091df8c745e2f121d0fb06153dea6ebda5ce96081b1667cdd1d117c4d52d2290f874c312868cc7

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
e931c43ce21281511d657f8bbcd04b6d

SHA1
10cf3c7c591ac31d59b950d730b30fcac5c47806

SHA256
43e35a625594aebe268621698fa1f0d10516bddff6b661d128dae75ee18e163f

SHA512
f0d25b30ac4b4f141b03222e7706a8178ed988deade56c200cdf04d3bed020d3524a46885967ae690437cc69b1233998255fec0f0c6229b7618d8a9e0c0f86a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\Compound

Filesize
239KB

MD5
80bb3323f2714bfc233f2c81b7faa444

SHA1
6e6263c552d3916eb35b8d4fadd8bd49127aad5e

SHA256
835a22036f3f1c587aa472c2dc1148dc7398652de255a9279dd92b4d13500b65

SHA512
7763d6ab3cde390d4268ef30b1438ad73276342e0915aceba9c1a6adfa151420aa24746b024f722aa417ea62e72530355ff5cd10a98a6a7c13ce5d315deee9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\Subsequent

Filesize
265KB

MD5
bdc6cb9536dc6ec7be131315f2847dd3

SHA1
67682a840986bddb8d037b530fccf95b7014dcaf

SHA256
1984bc799ba5e3f6a63db87c36817d29f830ccd356493adab7adb3577af94f9a

SHA512
1473b195aa366870b1597339565813f428fc12422f907c6dd05d1c2297dfaa064ac138f7ecc2a8daf4f00b33f664593abac6b096c6fa9f494fc82894b5eedaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_27h2bk.exe

Filesize
457KB

MD5
c6b3bd118109f1a1ae79032b92a792de

SHA1
4629383871a1ae45a73a489db4fe5b32f03cb9f1

SHA256
ea3dbc7c1d39a0c51fc23afafc14b7742136752520c7a23104095779de0af834

SHA512
c736980b53d587a30da8431844d5449e57797958c68b6121bcb9e8f4dc8a9e997d75169cee2971fa4371b53df732e60173affef0c905b8d0a199fbc39a9752f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_27h2bk.exe

Filesize
436KB

MD5
ea50280ee13ce3c11bc5c87bae41e720

SHA1
e705f937787d9d508db599b5db6dd11204068cea

SHA256
36638a3612d49c03dae3873c74ab2b15e1cb90faab4ee468c632c5f3e9a7b94f

SHA512
68d892f82cf6c5c52fff19136b4e07b05b7b18397abe60cbb1f632e64f249547df17ed8c6ceb6d7b39047e6285c3cc52fd6637c0d620179d35393f5162921efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\D3DCompiler_47.dll

Filesize
693KB

MD5
00c2d8bf8bd221aca8cc19028a8f381a

SHA1
587adc8febb31392bbf3904bb0c363c950ca2d9b

SHA256
8c3bcae8fcb6adb7b58ee84da58ca66966a3d34eecb6a456bf34c639b2875b25

SHA512
7b38f6d30c814d6a99f2b9e7141e5a39159d01173cd5758a00ab5c64cf8fc48659b6170d9f230fdfae8ba4c49eb1c08d89726a3b28ed1475705cb98cc8fde2cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
2.5MB

MD5
2784b288057106a5e08f16377339d4ad

SHA1
62a5705f96a2665519a7940fb309745b791e98b6

SHA256
6f7833e864e20b2fa1ef454fc60590b7f246fe4a81f22c35dee247c7d8df03e6

SHA512
663e06957d3de5dcdad6559391d733c350efffdb85363ec00943bf0ff07fef61fde164b71c4f9bd5f2e8d0570f85a1734c03c53e9ad85f4b55ac7628b5664331

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
911KB

MD5
e89b079a47f31734e480a5c3144f0ecd

SHA1
9e63ebe78cea37fcba5b2ca886393e4be5171d7c

SHA256
f1549b77e29040727500a1e81a0578877710b4a0dab072d902c7fd0bbbdd9648

SHA512
a9f518a9fec0b0c15ed598a65601e81eb1695b60c8d98a93e956749a28ef4e3409f374dd09dc035855c4896cbff843584afbae49ca5cc6ce98b57da7d9ecac62

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
922KB

MD5
744da990e7ab33b6da2210d282559ac1

SHA1
022689dd029a401ac85f6e227e2d56c8ecb96e01

SHA256
69a13f7c66a10e47cda8f06c07c4ec2047137dc7d7f17c64c0921944a1e6ff7b

SHA512
ad60175273a38adee08c72bb530018d0451c60c1c783fa9613c55b6a3f8ee975de486afcdb91ffefee1e6975b1df229c6664d421572b912e4baef1ae7c3c95c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
23KB

MD5
1d6269636917ce92cbe830abb7d42b56

SHA1
652cfaa4f956583f2be6b359b37ebd7013081a1f

SHA256
a25c167ec5c1d1b5770624cb74990c2f177b47e85adb17ee1814a4abad81fe50

SHA512
91076ee7e76ce95470a08b2d6961babd6b62ca786ab4331b0d69b7a76bb4719ac633a766108d62c0ac21d3cf9d495a165c6fadc8c3865fadcf0aca7429c1f606

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
57KB

MD5
23ef57501516fce8ed412007e10cde68

SHA1
16966dbd06194daf8aea4d4f5dcc3814f9f2c64a

SHA256
767453807c33129d64922edea067454a41a64c8783bee26b0bbba771739ceb0c

SHA512
452e388ffb5481033aa960f4375c18adba0497f6374a085ab702c2137e88fb7fc72662a981a294e65731e34455ec42d53cc91d713d1f2c9b49ec18215915b3e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
300KB

MD5
7741e49f3fae3ab58ef41c04036300e7

SHA1
dbf581c47077202b53261b1c0a92fc617a35e890

SHA256
77a7d7d56852d6059b2d37a89f906ff65058220a6d3e071c747bbfe95c79be2a

SHA512
9b7c9e1a8d375f313f15e7af3290c3e0ff39d81e895014fa716f5e400bfe929150417780c47713e563a7a9ee7a08ec38f35d9e4cf284602956f7c60768c93974

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
570KB

MD5
5aedc71241fe7a7d80abb686b9e325da

SHA1
f8f88df5f43a01f28910a70af1b1eab75ca678a5

SHA256
fbf5c70e39da2fa2170fef82ec7731df6203adb564cac46c17dcf50b4203fe8d

SHA512
85fe12d2857a17f91d6701b88d1d590c02d620964c0f725533b7debcaea7fb8b1c5b74365469ec83be2202953fd8c12dd9ae2c8428fea56a934075e5f213b478

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
1.3MB

MD5
ae656f809aec9b584cd9334365bff777

SHA1
49e2822447f5fb1be91c5245dd9166d5dafbdc19

SHA256
7c55f6d3863a12f445e4bcdc7220c4247a4703a196ffa6334ad30f713c34a78e

SHA512
82c54468b65b2ae2b5c41d4b3935579c567fd69fab80a4e6bd4951ec4cdc766f70cb9af3d292c3b694f82d0e9e5bf2f4bfda7d54852958011bc1535c59463e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\icudtl.dat

Filesize
554KB

MD5
73893507fcbfe0623aefde6c15649a98

SHA1
394b022f80d2e978974341947992bfc3397a1094

SHA256
53c95a6c6fde5916e535f52a390a2d5cd4355c44ea8e43850c896db8d8a4798e

SHA512
90bf86c4a6d5f12ab099832e97a13355185a6f13f8198d322ef56e6d71d99f17d174ac730d5969ec5a334349773e2be56f38ae2f244ccd09ca02025f254aae0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libegl.dll

Filesize
398KB

MD5
7c2cf6c1d8d01ec99d07c141af9763e8

SHA1
6d4290ca79ef729d89f60e5b1582ab31c9e609cd

SHA256
ff432b9c34400da05e7e5ac4d722aa252801dd78117a2eb4500463e5dcca6c66

SHA512
5fd575e14217114be36f578f501b4a61777511f99727580c441127336ed4edd6fc8d9446aaed3cdb56f8065bab44a93832ddeb6082e318cc8cba1b2389f2f8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libglesv2.dll

Filesize
421KB

MD5
690d962bef45343f23d04b95bddf884d

SHA1
700edc6d4b44b996ca00dfac4864def199244c26

SHA256
36275fb102d621a538b3ab14bcecbe9a614e576150919cefa8524d0fda68258e

SHA512
349179d9223e2bc69d573bb3889210fb535a2b4af8c8e222ff3f2af07014a714f5adda0a570226ed87cafc9020a2eb8377f3b706739fd4ed33a5461c38413c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\ar-XB.pak.info

Filesize
1015KB

MD5
edaef65b3082ac1502e46a7efe9a7260

SHA1
80fd9d68b4a0af62ef7f53d58ee9fb3ef1ef32c4

SHA256
7f8d7ac684642fb44625b0e32c0d8d20df0f661db616b157be04dfec918416eb

SHA512
3564bd96293d4a07c15d2ddd50abb531aea0a62cd4e0a8e70b60c7ef015b6e11f8221f353b668b0670938299770cf3607303075fc5f34bb73f9abbd48f666726

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\en-US.pak

Filesize
448KB

MD5
09a27daab8ed231994af216a98a73b85

SHA1
c2211a4cdc878c7685f30454bf9742b68025d22a

SHA256
b8a8ee9f3dd6946649beb4f3ff96889bc010aec561678903316cfb26d7819479

SHA512
40016c3fe93989936cd63ed1e20da403f9b19f712efc31b65d485f06daa7df41ba86da76ca0ea04db2932cb4ef928ff2ab70aedc839a8ce472b83a92ac298e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\node.dll

Filesize
211KB

MD5
3553f92d8a87402dc5a2e0da15e4778a

SHA1
42f6856ddfccc4555ee7f4673dd48d4a6fda7486

SHA256
3246545e71efc8470e9ff6d483c36279a60d83cff0eda88acc01e966ed82c51e

SHA512
f79feff8943a1650c1a6f953a4191a5e995dcdce96004260a4f98d4dda76d7edba8ac142f02eeedc935ec8f7b16a4154150c4c979a1e50f951848ee30e115bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
10.5MB

MD5
fffbebffb65f46f03476be7963a43836

SHA1
eb5291bcc4bb856359e210aeb026ddb18d5de614

SHA256
5da6890353f102c16848d72a103491baf695c11021d019ab4a023679fca3deed

SHA512
266bdd29833c4d0ea7bdbe05cbbfb147460d0ffeb35aefca1e1be0172f5901c0c93b8be47b18d28fe63eeb10e7070336d4ce6720767d081d687d413418b10a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_100_percent.pak

Filesize
590KB

MD5
4dc88f62cd793a6078c55c18a5cbabe8

SHA1
f0c175a2e615f0fb6320b17bde1cd07066d462b0

SHA256
672dce3d4e8e97152fd25d24701accf2ae2b215bdf6c4d60f96c9c85c425b290

SHA512
70304215483ff023247b9ef17f9e75e58a75dcc3321781e041cfa1832e4dafc44008f7c62bfb36be846663964cc9b0cca6f81b21327f034212bc4b9dc3d5bbfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_200_percent.pak

Filesize
688KB

MD5
9629027b7b97a390342c76d5df418433

SHA1
63996aa21a03384c971142d194f23cad686f80e5

SHA256
9a3bfb1c3df45020fd3d48fe1e5eb442e72d5db3494b9c0c95151f036c290ac1

SHA512
16833e90ae68dfca25e59289413dff8d7414c125ac4ce2ef9ef3c7537cf453dd2dd60d53789894974f5b9c9322ea6bbe32c8ce1100cddaf23c818bf0f1b69112

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\resources.pak

Filesize
774KB

MD5
0c7da0bb6541ee787de7f5597f53f004

SHA1
bebc370c7a6e6a464683a1c218dd36f3e910d395

SHA256
891808337f5303d28504ac70306511c0ebc8f76f8f6e6b15e94f5563145aa96e

SHA512
eb411b9502b62401d69fcfbb6594b60b6cd27b15e2dbe65bb79dae0c9b4bdb9213cc0d3861939581c4c335b63f2e12946ee7e1062171110ae84160f02e75b1bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\v8_context_snapshot.bin

Filesize
659KB

MD5
d72198662e936eda27a08b05a315835b

SHA1
8bb4e1a4ad97db86bb06c69e66ccf8dafc674513

SHA256
457d2fa842c37fc3eaf70e2f8ab1f853eb83b7b97baa68823430655822e41e1b

SHA512
b4437da65b79f74d54eecf35deab645b621d4e5ce2985cc73ead803d74eafcbc09aabe86106d44ac1a97e520b7f46cb73ab2f39bfc22cefb26bc85120c9f0c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\vk_swiftshader.dll

Filesize
370KB

MD5
96c2c825f1aaec38fb362f02ab5452a4

SHA1
e48c4b1a9ede851845030542da1f9b8775cd715a

SHA256
1838d265d0ba7491d0273c9ade025593d4f4c98e1d60ebf7ca591415a6efbc09

SHA512
6213f4cda1020905ed594468e40e47f84368e5b1a5c5b9f746d982915ce3cbd19fabffb022d98ce7a574710b56c6c4da3724eb4efc18f6ff019637a4c18fb8ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ed533c3afe1793abb3647d46e191bff2

SHA1
2414b9d5983790f23bc2fb93667ef36d0921eb76

SHA256
ae36a0fd2384652bb739c711af247af0d042d4b348b65b65ff6b0b1269653bc8

SHA512
acd00e5c64b4ac3fd75a04645ef379082a656330e1efa45981a432e4d572495d78f72a8c6d3a3691f39cee0b331e5e4510f0ed14358cd12f07f1f21ff7c4ce42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\pending_pings\1d4224b4-2dc7-45a5-acb7-eb5093f4b07f

Filesize
746B

MD5
ba21f330ef5d2ec192c35f8d905eff87

SHA1
2e6cd1e0ff3f413ffef74c6390545d581e838158

SHA256
60af700dd7254836e1b269690271449854285ce6806be2abf3b0e8fe28b8f5f8

SHA512
1cd55f1e6129cde51612216eb8b5d9e8de51e2c6651dc663353b9faae608e6309282e87b3554d13e6acad7e7d44c119c6394f0ab1943173b33c5fdaf40e9a1da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\pending_pings\5a6e0ac5-4859-4070-bdfe-098a680fcb7a

Filesize
10KB

MD5
ad7db928de575008bd3cc00aecbc9039

SHA1
65c5b3eb0a077da7b9cb2c42f3bce244c74ee429

SHA256
7a3ea09a9a3bc8082deafc56dd81c08bbbe3e2f66c8f1fd1df784cf8d9798a71

SHA512
2b2329d9303eb686e468585bad425cfb9d0a65479d1b084dbe1d2c1670cedee5db4aa338ce4d8db336304b22cadd0af13b9777e0634f5602432f7f9d71600aea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs-1.js

Filesize
6KB

MD5
1ee61b6b356803ebc39c225519b45ffd

SHA1
3a03d4ffcd9289df693e7af1dcaeb425dedc6524

SHA256
ae7ed809348c73665f4e8fddc07fc916c9aebf93593f3f4dc95cbf2d8c10fcb4

SHA512
bcb51665ad89bf19fead8dcd0507f4f26b4a20e581a1764c0d521c568f4b0ab660220a99afad4c1bb7a5dae3f3828a88800ee07b249a893e2439078ecd42f6ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e78c03d86faf23ede5b949293efcd7be

SHA1
809b0a75001a13781c2ee07cc98479811cb2fb03

SHA256
f134400b4dfd93f31a67ba9d654876eb162d30cd66a559fde09b3bb25dbefe0e

SHA512
23555aefa43b7078acd627e6cb06b2673544e061822e136f8852a396246ff149a2e3fbabc5009f765af36904285937bb991a3711c8265c838bad7359f4eac382

Download Submit
C:\Users\Admin\Downloads\Universal-Setup.zip

Filesize
36.5MB

MD5
64cf616dfb363bcab3ad9ff1de0664af

SHA1
8f896f3d7e0989216d456c934d59562c0213b856

SHA256
07ddb3108c8da952f6968fd8afba3b1a0e2c672d16c9dda4bb0ede4bf8e94506

SHA512
2b214e8b2ae72859565446aa2517b3dc3a2d12e26d45e40e7147c1f823add2769df8001aee4c7108e70a75b4028db38c24bd7f9fd1ae2a459c0b4eccd2f760b8

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\d3dcompiler_47.dll

Filesize
387KB

MD5
8597f97aaeda08a7de7112626cc2cc62

SHA1
1ba88308c52174b7ddbef0b3771d843700b6acf4

SHA256
5629ba2c39ed6339e60ca7eee8a25465370269f43dc2c1bd535bfe38c362e523

SHA512
65600fe9a3cda1551176233fc42286a4fe260b74022e555eff77a1277655613abb2f51d3f2881b4940952b3352553243894464dddf7df76b4e48c0d7477f4f70

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
995KB

MD5
6a1aa48b341cc859dec8411e3225b599

SHA1
be9f8f41ea8e06f14bd4dfed950056e117cfd0d3

SHA256
8146f6ddc4f7342f9c6ad997f8201a079fb06ac3a6df597c076a29c9b8c50b14

SHA512
aa3a468820183726f70a4ba1abfbbb1e3425a65c8ce3c14cffe0c7c001579c12e760899b35540f7218d597ccbef98aed426cb55faf825677f93878032fff2390

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
1.1MB

MD5
99e4c7d22a00dfa7c9b3ed081e44fdd2

SHA1
7f6a0c91e77c3031595298873d7ca9d2b6ae9834

SHA256
63fb94449361494f88e5f8c7f36af0ff70fd8bc4a51db3a15e16119dcbbec256

SHA512
363338849dfde76ee94cfe818c07a095204f18b35af0ddd71628df8005f149af5fd5d9880da20697ba0537a8302f600da99f58919144da3f63ff7493e9db3055

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
770KB

MD5
aa909a544f930c801ac6cba71a35f4f1

SHA1
560a25f4876b6e516d551b0142264033812f868a

SHA256
c66d4553a5404ec3b5f8cf395db272f507ca5f9e2a46b67d0390b923d0df8d00

SHA512
308236d4a91273d6c58526a0e750910e694e72a122b48bba3c2b0c2c68a88e997016cb2609735497e036c571afbe5ac0abbae726b353b3339b91d9213c7ab15e

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
515KB

MD5
b5f3d7d8c216b5f37add0d5f2fee7f2c

SHA1
63db8f4276d73decd2ddddaae8e4772370654404

SHA256
fbd1054896a08414686f3ba056aca56dc932f2b9fe37f794da6c442113a7a76a

SHA512
da16232b09b113d13925332374911d99528956998c7f7db41d66c1a906acdd661c09150edde72f45ae5bcbf536410efb10669b1dfcb9596b034bdbcfd04a0716

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
184KB

MD5
af635616e5c57a504c3ddbf86ac0d1ee

SHA1
766b91beae2143f12693a934ca1b8032aa4907f8

SHA256
0b79d532fb60262cdcb3e11f2d307fac95af5721c55e15fdf8418f2e96a13962

SHA512
0d4fcd9d47cb2c8b387af49cc4c419b2c93dd40958febb6f2a995927d81bf4b40b6737509d22d6094400e46a0054c62ba6f005d3334067a7145f99af8d739e29

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\ffmpeg.dll

Filesize
426KB

MD5
b8d2af58706b0e945e726bec5b287bd1

SHA1
99c12214671594deea6f281ad93e65728366482e

SHA256
b5ed6e60d358e9b5f2e7cefde3d3f06ef039de3b33c9bfc72399304d3762f359

SHA512
c4887a3946fbd93df6331411dbd52b8effb7573c0775a0753af56aef8a829e042dc7ba63e1adee6ec692ae381f7aae12a02297e9eb40232abcf60c1ca3e39ffc

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libEGL.dll

Filesize
444KB

MD5
8aa1a64d7094509196fcb4a72d608213

SHA1
e7ab1c7ca53581578ae56dc0211773ac780a4f91

SHA256
15e7eafcfe14bd255c21360de3d019cfa5852bd059c36779c351c0592dc841f6

SHA512
a915759817f6a84dd061f45415e6fa9b00d7060095360257763342d59252525de4c04956e2e15e23fc3465074d1e719a0d988f6798aa38ba3471b8e38aa70200

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\libGLESv2.dll

Filesize
562KB

MD5
3dfb98304c70057bace821808c2a715b

SHA1
5f584e0f33b0ba321f977a9c368b701b2784faf9

SHA256
632399c31f80f8d582e6f9d5e75f03045c449d094a1ada4653320722e9c2da39

SHA512
27534815cca77507c313fca14e046ea4e28d9b3fbf8d72ccfd832d75d6a7a32257715cb7cca322406581e4fa7e707c00aa434b542c3a96af5ae69e07e6e01e0a

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\node.dll

Filesize
267KB

MD5
4d8805c142351929044609e5cae39647

SHA1
b96197a2e90699f11cad20d5e83e2e98c87b6b6f

SHA256
f94257a11f4b78182973f5045d38f2c0282f64a72da7976ccdfadb062c38b9fe

SHA512
ae26d804e1b91e9b57b3d6e8d79e18ffc3c130e33c1633a2139ba0dbf33dbc049088ee9941931be0dd178d6636da7654d1c3c65c8d24012869412b44a5a7b824

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
1.5MB

MD5
95a06620f78160783662d84bf28e098b

SHA1
9cfad69f0e014b0816dd5da3e70d538fbf671baf

SHA256
ec517d6034dee03f427db4d39de32d0c0ff045ab14674f7de4bbeba99e14598d

SHA512
abc9614dc859decc39b30319f5f8479936a30bf4b32aefffa95b261bd21f467312f509ac42fad23780e0a743eca353e6521f07703edfe8b64b4bbfe33fb011c4

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
979KB

MD5
bca0e25c5f81dea7a0b228e4a9c59e7b

SHA1
fa4373fdd2115c61a439f584ddcd11a71e51f185

SHA256
eb0c933a64aed2a2e4c5b9fbcd28b834ec65acd5436edbdb48368ec08047b6d0

SHA512
923e19371c7a87196182aee94459954320ec88ac09d9ee1ddd7eb15a2ff4e3720d23380a08b9342d8adff7aca92e9e6301a6750cfc78f448b8e281bfea5e4649

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
449KB

MD5
cd53016593a2c8df13b71d35b9c948bd

SHA1
ee225420ca1bb4239700c39c38ae31e74776f2d4

SHA256
be477e3757f00a4bdbd6cc41518bd32fd5e88dbd57dcbd53d9bd4592957da23f

SHA512
fe390ffa6f3fe4cf735d2f2446235c0791333faad9de49815c170086b974a54cff24fdab327d588d232f65dec1f11355019dda963abd1cfb934a893e02976395

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
681KB

MD5
f6ddc179111c3816428ed253cf9befb6

SHA1
fa9e5bfa162f3b2066306b20a6b9237949c066db

SHA256
cedbd33588a486d7b9fe2e2d62eedfa48cb95f3842226f849e6ecadc1ed120be

SHA512
8e7cad39fa1320bde247e0d094dbad7f3ab3c61bcd968ed611c34ac2ad9a888ce7213e41de0794e91831c8f3598fdc1530b12df02dcd4163d456943881f8bbb3

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
224KB

MD5
840e5ee6b0004733bb93a7152e287354

SHA1
ec6dcdeb8d66a692ac83c8423b784150c9a8017b

SHA256
c36de6ff885e84c70933dece7d048bf00b97ba5df5145aa307816a8686c426ba

SHA512
70b0d7231edf756e2e155498fc777dde0cfc0c6836c7d934b2632a81f635d109100cceeecf13bbb79201c656e02383329a9d6e174bbf7f916dcd22b848053fa8

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw.dll

Filesize
684KB

MD5
1577b3d2ab4d7893c84f68cd541c6c1d

SHA1
d4cd5ba1ccd42bd7afd9180a687a761bbbe848f5

SHA256
d4f042d284a464120507c9db92e36879f832f46b40dac9c916025e93e248f73e

SHA512
302f32329f714aad0ded9020d1804df57c8c8eeee9b794b0b5bbc534d1124d95170e5a998e2a998beb7a22ab5cafb651d8c6f20f7bba207a9ac58e244e3ef960

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
1.1MB

MD5
98acbb1ba1112cfa4da907558ea7cc0e

SHA1
9e041b920a7a9e9bc0aea6fc7709deb67eecf7ef

SHA256
0c57bc73ca823aef5dbb3785cdb343dec62854f80e811df16ac71ba88a039a5f

SHA512
a4845ccf34b534d5ff336a909b66f8cd4f48c151540197ebf63242a83c02a4f5a9f992a7975de44ca0f66e810e302a37f331d4bd26afff5088f2c44df517ac86

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
785KB

MD5
f0f780ceaec01ec8ecdb5ac63f6dd783

SHA1
4657e6d8c8e9e08a778177ad21fb8ae3182f1653

SHA256
3623de2c48336c2baeb82cc22a6a702dc2dd034e7839fe39ef91d1886b42d780

SHA512
ee1752ea1903f2611d7f80adf111cd58d6c9e7aa4b583d88a93c664d362b19a32865f9aaa3b7f19de639c44c976ea1eaf187973eb2399ef51fef2f94707be3c6

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
827KB

MD5
8ec9325f607d82e70e781bdd3a432dbd

SHA1
0a0ae77af54fa2b67cca04154d796fb2ff1cf8e6

SHA256
501a3db38586911e4d0040a4c021d16095a6d2a6617e571712790d867767c50f

SHA512
b7d602df2eaf106e56203f1a8ab0b0634bf1c5d63fd95d27d2eb93aa193746f2668afca18872e9ef30291c08e903f4b7306cf217805811f5f86e792ef0bf54ea

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
811KB

MD5
e4eca96561ae152fcb62305e867f4a14

SHA1
2ec41d35a06d2f12c4bf46397c32257291057dd2

SHA256
7d5fa35ffe5a481e4d06fa5ca6902776d22785582e01fe5f0ee2eb8cebb95f5d

SHA512
03acb589a2b9ce1d9b78ac9ed3114a246f2dda6116319ff566c8754915101ad06966e6fb624168f690ebc114486e1226b9ddaaa1b46dcde645673c6d93cebb36

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
634KB

MD5
e5382c4a813e7a7be44782ed2896cab4

SHA1
420d53441c609407fd185503b0874901c729dc9a

SHA256
4d92e4de20ee3c6a89e769b90a63e7f591a01837da920803d2315deb188f811c

SHA512
9bccd48825f190e6f1066aff826e2f1f6fb25d96740cfb9a7bc2c3580271dc553d2bd48e498e9b750dae55816edac83d11f99864a1d08c93a6f7e37dd6a81208

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
319KB

MD5
61b55e517e01f83e7ac1b5b436b9cdd5

SHA1
f13a82941735f60d80f58f992dfacd927cbc4e38

SHA256
17cc784a5bfaa1e0f2ac017636641991ffd1b577ec2482e9d7828d6cc53f2e56

SHA512
469ea675ae2d3be5c50d2f467f9369045ea64a7a54474807977ef6790eca871ac60133f7f768ff942ba2a7c81b108df62715e4b81fda7c068d1cc329885a5835

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
634KB

MD5
3d934dff10db0c8aa417a03728269e13

SHA1
80679a6ba83d96475317833290964a5a51bea25c

SHA256
9a6ac929af01d98af09fbaedff5359f5c2f12e9573a6abf4e0a95f871a48e81a

SHA512
9f262897647ccc362ec3e7ccfb6ab7110ec6adffb458e734cff46d856fbc1726171d0503b4884960a8d1b61ab72e43dd6985d5a47a618acc77a0dd4704f3f5a8

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\vk_swiftshader.dll

Filesize
403KB

MD5
0a5c200107c1ed9605077249020d3e8e

SHA1
84c8cc5778d0d62be79dcace9819ea7e3bbb29fb

SHA256
d9a14f4e05be57adb277ca2b835f074f611f22dbf13009a011d23c54e9b84fd5

SHA512
4007a6bf43d82ddd368399eb0a29f95e194f56ff50a4dd841f2efc5856191a3f2e7eac28c20821060035013dda5a43cffe6d36cd7e807756d3eb6431a96f2bda

Download Submit
memory/1728-660-0x0000000077341000-0x0000000077454000-memory.dmp

Filesize
1.1MB

Download
memory/1728-714-0x0000000004240000-0x00000000042B3000-memory.dmp

Filesize
460KB

Download
memory/1728-708-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/1728-709-0x0000000004240000-0x00000000042B3000-memory.dmp

Filesize
460KB

Download
memory/1728-710-0x0000000004240000-0x00000000042B3000-memory.dmp

Filesize
460KB

Download
memory/1728-712-0x0000000004240000-0x00000000042B3000-memory.dmp

Filesize
460KB

Download
memory/1728-713-0x0000000004240000-0x00000000042B3000-memory.dmp

Filesize
460KB

Download
memory/1728-711-0x0000000004240000-0x00000000042B3000-memory.dmp

Filesize
460KB

Download
memory/4048-807-0x0000000004FC0000-0x0000000005033000-memory.dmp

Filesize
460KB

Download