fcba6631b46e0e12601c371b19d1d4a3c8209c8b70831e548f23ef89a648dc9b

Analysis

max time kernel
1024s
max time network
1030s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Balatro.v1.0.0L-Unleashed.rar
Size

56.8MB
MD5

cdde2c728de5d9684a7b927caebf626f
SHA1

0383dbeb5e6dc8c4feed08344e58b29cbf425d42
SHA256

fcba6631b46e0e12601c371b19d1d4a3c8209c8b70831e548f23ef89a648dc9b
SHA512

9cfdb093490c2e89f2ce258125929fb616675ea302532e9d397b9055253411c8c4331d5364afef0568de00a9fe94ba9fb59fcc8baf7649810b60d684d11b7596
SSDEEP

1572864:eWL6WAlY8QAygH2hHdUrRfIM00UCOwQeX87:lOWd8QAy5hGRfIMvLjhX4

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
2968	Balatro.exe
2764	Balatro.exe
1932	Balatro.exe
1784	Balatro.exe
3976	Intel-Driver-and-Support-Assistant-Installer.exe
1996	Intel-Driver-and-Support-Assistant-Installer.exe
3848	Intel-Driver-and-Support-Assistant-Installer.exe

Loads dropped DLL 64 IoCs

pid	Process
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
2968	Balatro.exe
2968	Balatro.exe
2968	Balatro.exe
2968	Balatro.exe
2968	Balatro.exe
2968	Balatro.exe
2968	Balatro.exe
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
2764	Balatro.exe
2764	Balatro.exe
2764	Balatro.exe
2764	Balatro.exe
2764	Balatro.exe
2764	Balatro.exe
2764	Balatro.exe
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
2676	taskeng.exe
1932	Balatro.exe
1932	Balatro.exe
1932	Balatro.exe
1932	Balatro.exe
1932	Balatro.exe
1932	Balatro.exe
1932	Balatro.exe
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1784	Balatro.exe
1784	Balatro.exe
1784	Balatro.exe
1784	Balatro.exe
1784	Balatro.exe
1784	Balatro.exe
1784	Balatro.exe
3976	Intel-Driver-and-Support-Assistant-Installer.exe
1996	Intel-Driver-and-Support-Assistant-Installer.exe
1996	Intel-Driver-and-Support-Assistant-Installer.exe
1996	Intel-Driver-and-Support-Assistant-Installer.exe
1996	Intel-Driver-and-Support-Assistant-Installer.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8ec91c89-74ee-47b9-95d4-3a036bf050a5} = "\"C:\\ProgramData\\Package Cache\\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\\Intel-Driver-and-Support-Assistant-Installer.exe\" /burn.runonce"	Intel-Driver-and-Support-Assistant-Installer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WindowsUpdate.log	Intel-Driver-and-Support-Assistant-Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\Dependents\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}	Intel-Driver-and-Support-Assistant-Installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\Dependents	Intel-Driver-and-Support-Assistant-Installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}	Intel-Driver-and-Support-Assistant-Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}	Intel-Driver-and-Support-Assistant-Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\Version = "23.4.39.9"	Intel-Driver-and-Support-Assistant-Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\Dependents\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}	Intel-Driver-and-Support-Assistant-Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\ = "{8ec91c89-74ee-47b9-95d4-3a036bf050a5}"	Intel-Driver-and-Support-Assistant-Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\DisplayName = "Intel® Driver & Support Assistant"	Intel-Driver-and-Support-Assistant-Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}\Dependents	Intel-Driver-and-Support-Assistant-Installer.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Intel-Driver-and-Support-Assistant-Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Intel-Driver-and-Support-Assistant-Installer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2440	NOTEPAD.EXE

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2552	7zFM.exe
3864	mmc.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeRestorePrivilege	2552	7zFM.exe
Token: 35	2552	7zFM.exe
Token: SeSecurityPrivilege	2552	7zFM.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: 33	3864	mmc.exe
Token: SeIncBasePriorityPrivilege	3864	mmc.exe
Token: 33	3864	mmc.exe
Token: SeIncBasePriorityPrivilege	3864	mmc.exe
Token: SeDebugPrivilege	1996	Intel-Driver-and-Support-Assistant-Installer.exe
Token: SeBackupPrivilege	3232	vssvc.exe
Token: SeRestorePrivilege	3232	vssvc.exe
Token: SeAuditPrivilege	3232	vssvc.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
2552	7zFM.exe
2552	7zFM.exe
2884	msdt.exe
2884	msdt.exe
2440	NOTEPAD.EXE
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2968	Balatro.exe
2764	Balatro.exe
1932	Balatro.exe
1784	Balatro.exe
3864	mmc.exe
3864	mmc.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2552	1736	cmd.exe	29
PID 1736 wrote to memory of 2552	1736	cmd.exe	29
PID 1736 wrote to memory of 2552	1736	cmd.exe	29
PID 1992 wrote to memory of 2884	1992	pcwrun.exe	37
PID 1992 wrote to memory of 2884	1992	pcwrun.exe	37
PID 1992 wrote to memory of 2884	1992	pcwrun.exe	37
PID 1192 wrote to memory of 608	1192	sdiagnhost.exe	40
PID 1192 wrote to memory of 608	1192	sdiagnhost.exe	40
PID 1192 wrote to memory of 608	1192	sdiagnhost.exe	40
PID 608 wrote to memory of 2504	608	csc.exe	41
PID 608 wrote to memory of 2504	608	csc.exe	41
PID 608 wrote to memory of 2504	608	csc.exe	41
PID 1192 wrote to memory of 1704	1192	sdiagnhost.exe	42
PID 1192 wrote to memory of 1704	1192	sdiagnhost.exe	42
PID 1192 wrote to memory of 1704	1192	sdiagnhost.exe	42
PID 1704 wrote to memory of 2324	1704	csc.exe	43
PID 1704 wrote to memory of 2324	1704	csc.exe	43
PID 1704 wrote to memory of 2324	1704	csc.exe	43
PID 1192 wrote to memory of 2620	1192	sdiagnhost.exe	44
PID 1192 wrote to memory of 2620	1192	sdiagnhost.exe	44
PID 1192 wrote to memory of 2620	1192	sdiagnhost.exe	44
PID 2620 wrote to memory of 2172	2620	csc.exe	45
PID 2620 wrote to memory of 2172	2620	csc.exe	45
PID 2620 wrote to memory of 2172	2620	csc.exe	45
PID 2884 wrote to memory of 2688	2884	msdt.exe	46
PID 2884 wrote to memory of 2688	2884	msdt.exe	46
PID 2884 wrote to memory of 2688	2884	msdt.exe	46
PID 2676 wrote to memory of 1932	2676	taskeng.exe	48
PID 2676 wrote to memory of 1932	2676	taskeng.exe	48
PID 2676 wrote to memory of 1932	2676	taskeng.exe	48
PID 2676 wrote to memory of 1932	2676	taskeng.exe	48
PID 2676 wrote to memory of 1932	2676	taskeng.exe	48
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 3020 wrote to memory of 2332	3020	firefox.exe	52
PID 2332 wrote to memory of 2084	2332	firefox.exe	53
PID 2332 wrote to memory of 2084	2332	firefox.exe	53
PID 2332 wrote to memory of 2084	2332	firefox.exe	53
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54
PID 2332 wrote to memory of 2780	2332	firefox.exe	54

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Balatro.v1.0.0L-Unleashed.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Balatro.v1.0.0L-Unleashed.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2552

C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe
"C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe
"C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\System32\msdt.exe
  C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW2DC4.xml /skip TRUE
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Windows\system32\pcwutl.dll,CreateAndRunTask -path "C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe"
    3⤵
    PID:2688

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3r3hd0s_.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:608
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3016.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3015.tmp"
    3⤵
    PID:2504
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\-g7qn9pv.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3064.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3063.tmp"
    3⤵
    PID:2324
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qiax9hgj.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES313F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC313E.tmp"
    3⤵
    PID:2172

C:\Windows\system32\taskeng.exe
taskeng.exe {57D7052B-397E-4928-901C-749121D0FAE5} S-1-5-21-1298544033-3225604241-2703760938-1000:IZKCKOTP\Admin:Interactive:[1]
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe
  C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1932

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\README !!!.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:2440

C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe
"C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.0.1170794647\2039040575" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {323e6a07-7002-4828-a4db-32dc90ffcbcd} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 1308 116d6758 gpu
    3⤵
    PID:2084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.1.829916631\670185634" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89e30798-7e87-4a1e-a34c-4523a9949793} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 1500 d6f858 socket
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.2.1679390913\391630548" -childID 1 -isForBrowser -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d63036dc-a4c2-46b5-8db4-2481aac43b24} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 1824 1aaa4058 tab
    3⤵
    PID:944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.3.222837278\1377565543" -childID 2 -isForBrowser -prefsHandle 2536 -prefMapHandle 572 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {944061e8-592f-444b-8ccc-98d3128e2e5d} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2396 d71058 tab
    3⤵
    PID:1296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.4.1546685620\1671937437" -childID 3 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26b0743e-ecaf-494a-aa81-bb25738643a3} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2892 1c376758 tab
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.5.479135137\1740922246" -childID 4 -isForBrowser -prefsHandle 3676 -prefMapHandle 3680 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb59543e-4c02-43e6-8bc4-11a98dd21624} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3736 1b78c858 tab
    3⤵
    PID:828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.6.2008478339\630511837" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e56a86-dac7-4fe9-9f5b-00c5db54eef0} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3752 1ecfae58 tab
    3⤵
    PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.7.2012990118\939468260" -childID 6 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {375b4d84-31ba-4107-bada-c30c3be40cd6} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3936 1ecfba58 tab
    3⤵
    PID:2388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.8.881444459\1260543935" -childID 7 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06c6841c-55f8-4f2d-8bfb-3c1445096ba4} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2120 22eef958 tab
    3⤵
    PID:2752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.9.1695961886\579458112" -childID 8 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fdd77e9-d4fc-4c1a-9f52-db3527a9c9f8} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3776 2110c358 tab
    3⤵
    PID:2096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.10.821432523\1093208699" -childID 9 -isForBrowser -prefsHandle 3940 -prefMapHandle 4212 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5d126dc-dd03-4dbd-aadc-a7ff2cd14b9b} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 4040 215d9b58 tab
    3⤵
    PID:2816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.11.1909941333\161251234" -childID 10 -isForBrowser -prefsHandle 1624 -prefMapHandle 2676 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e96d134a-b8bc-462a-b3fd-80cad6ec26ff} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2744 23fd2358 tab
    3⤵
    PID:1188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.12.805859569\397834675" -childID 11 -isForBrowser -prefsHandle 840 -prefMapHandle 3592 -prefsLen 26700 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ecd6a7-c01a-4dde-ba20-00dcd3dc92b7} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2536 1cf46a58 tab
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.13.1774467658\1185284463" -childID 12 -isForBrowser -prefsHandle 4144 -prefMapHandle 4280 -prefsLen 26700 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8facc069-b419-424b-b550-e4615f21964a} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2520 1fd6f158 tab
    3⤵
    PID:996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.14.668659395\182482088" -childID 13 -isForBrowser -prefsHandle 2528 -prefMapHandle 4752 -prefsLen 26700 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6b1f619-2ac9-4f28-b0f5-6e3e24ffa706} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 4812 248f6358 tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.15.1391961581\522949829" -childID 14 -isForBrowser -prefsHandle 4904 -prefMapHandle 2528 -prefsLen 26700 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af0be20d-0c14-40c5-ac71-a29d2de36813} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 5012 222d6f58 tab
    3⤵
    PID:3180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.16.1914363467\389695194" -childID 15 -isForBrowser -prefsHandle 3560 -prefMapHandle 2796 -prefsLen 26700 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbe30b2a-75f1-4741-84fc-2600ebda5130} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2812 d2ff58 tab
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.17.1330984855\1035819626" -childID 16 -isForBrowser -prefsHandle 868 -prefMapHandle 4948 -prefsLen 27400 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e0421f5-4f49-4d56-877b-88ef786df7be} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3456 1ffc4f58 tab
    3⤵
    PID:1680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.18.475401423\911904763" -parentBuildID 20221007134813 -prefsHandle 9160 -prefMapHandle 3820 -prefsLen 27400 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c1f48fd-985b-47c8-8760-c2b658c455fd} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 1892 22865358 rdd
    3⤵
    PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.19.1195952817\745774291" -childID 17 -isForBrowser -prefsHandle 8832 -prefMapHandle 8840 -prefsLen 27400 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4e9e36c-a1a4-4e4b-bde5-de053be0e51b} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 8884 11577f58 tab
    3⤵
    PID:3496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.20.840292171\1683498175" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8820 -prefMapHandle 9064 -prefsLen 27400 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc92b98b-0b41-4a73-9936-010f0fd9bd50} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 8624 12055d58 utility
    3⤵
    PID:4072
- - C:\Users\Admin\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
    "C:\Users\Admin\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3976
  - - C:\Windows\Temp\{D00B112F-2051-4E4F-81C4-ACAB45357E20}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
      "C:\Windows\Temp\{D00B112F-2051-4E4F-81C4-ACAB45357E20}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.clean.room="C:\Users\Admin\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      PID:1996
    - - C:\Windows\Temp\{2049E7D6-5E73-46B2-A7DA-3DC9BB8DB54E}\.be\Intel-Driver-and-Support-Assistant-Installer.exe
        
        "C:\Windows\Temp\{2049E7D6-5E73-46B2-A7DA-3DC9BB8DB54E}\.be\Intel-Driver-and-Support-Assistant-Installer.exe" -q -burn.elevated BurnPipe.{070C2C08-0A15-425E-AA2D-69B24C3436A0} {BD0D6B0F-8DB7-4C2F-9302-800C3A23D82C} 1996
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        Modifies registry class
        
        PID:3848

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3692

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3536

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3864

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2012

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b946b097b8724bba1515cdddbd5702f

SHA1
2becc64656725b1d17570b7f82752464dacca415

SHA256
62eeaa2a693e91e231d6961f9ee3348a11653c1468287d175419943ef00c42ec

SHA512
2c4183c66187c852e4a1e7cee8d83dc054b0901e7fdc93a093ac0ba0a84fbf09fa851e857077ef655051e7e788c2a521ead60249d8d471bb9f263a1e03c143cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
386d021e551373fac36f16456b877467

SHA1
89ecdc960e556711c4c9ce2fe7085726be878bd0

SHA256
f65bca54a8344e5626ba4970d0c6574bfa3372cc00172f9d295a52d38d266539

SHA512
539524e3a420088accccbed74e8cb5525a13352426d1a9f7dc11eba31f04617b23353ed570774dc470594ad7932c03fff1ba1cfe4fb43b88289c57b2896c31b1

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024031118.000\PCW.0.debugreport.xml

Filesize
3KB

MD5
40a4a6f096f1514889486236cfd5a52d

SHA1
2b3a806ab0a087b04a727f0d160953fda185b619

SHA256
17f9f95c62131b6de3cd6f535d24b56a0e9871e3f9f3751868f3ff42712b8fbd

SHA512
50876d9d1990e0dba472b69d91e58fcc7d28878ec5b4c8adc0dcc8b1b10db687501306711695755e40ef6c76854546b11cc825b36423cf49cd6180672ae4db1f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\12560

Filesize
21KB

MD5
540580f55c15a0abc7b42552bdfe9001

SHA1
8aad0ff445f4e43c32ae5a2b85908b03a83575f9

SHA256
f01591cca11dd8b4633648526d343e81043296a07538805f4e34b5b8687d2ed0

SHA512
15ea6668f6e5cff7622037878b37eb5f92cef8576a99a09d941b869e269a7c6124f7f70279f6ab7d6ee0c972723f23ab445dff00fe5e198e448cb6b87afd0ab5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\13662

Filesize
10KB

MD5
5e3a997e2206c37f5220c446d8470b4f

SHA1
001973b18cf86c92e38c6b6b389ed074db819ebd

SHA256
f93ca3f55ea13fc64eff3a7517dbbdf40d409c7d75ad0f5d1e42f4fc1e0992d5

SHA512
99e5af0e213b913f7dc06fda9e5e0c4aa1dd361b7b29a6e1e1ae7053360effab219d3f7c0844a8327a0dd3404ae2c42577baafe8b4597d2079ce4c23e1f194de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\6029

Filesize
15KB

MD5
bda1fd0c9e040e0a50d92bc501ca65d9

SHA1
90d1f0676b1b02b5596071fdd0a191b5de22d6cf

SHA256
ad24bbbc0388b0d1595c5ce27347c9a8703b4dee113a17828272f9a1cdc5b485

SHA512
c2080d42896e04ff5f0968ab3886308c0162802bbc52a38d7b3000125854389f68e78be94200faafcbd7f16413fa812e29920170d48edb9c63abded51addf7a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\6772

Filesize
16KB

MD5
c70c58d8d182d6569c881dad48288659

SHA1
4dcbc1287ebced7b142b925645776661f355e96a

SHA256
405040cbc937cb7e969bdc4939b8511bf3365304d99b79eee0abe05991b678d3

SHA512
3318c76afe1d48f53b5ad2f6d2283b03dfba5b2887c7f2117f5bb3ef88fed85451ee822a4dca2e3d1fa6db0709c0fd1c86dbff0ac2c965bd7bcc81c66359fe85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\9129

Filesize
65KB

MD5
0b9247add32fc7a2fc1c3a664bd74e04

SHA1
627f5d5ad3384dfbc567f93e6dc1ceb25248bef8

SHA256
686133dd89f93b3c98ef3b64575377efa70d47827464566e7d7a213ded2c9618

SHA512
2cdd66b7cbfce55a3ba9b502c04e8357bfc10a6666cd043fc7a4efa515701aed3019065b4ebcbcb4328e76d9d2f073064ed14d8dc576d042a2627681786f7b1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\3106DD83B7D46C1A35CE2B393D06473F76B6FF3D

Filesize
28KB

MD5
1adee19c92604c277f3450fca2ced563

SHA1
3f20fe4dba97e27ddef5c9b1816d99e512dc428f

SHA256
0ff56bac5c49a2357cf066ebb1e072988ed0572d3a03f00c74318c5e5bc210d1

SHA512
382c9c3a23c6b28c40f8231324507d32668ec18cc0bdb32db595b36fddc5fab84b2b5615c97b235fca24658de075e0628baee398769bb164388e5af71b667c42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\83ECE6B23DB03DCCDA2384FAB3C58334CD5B6B6B

Filesize
41KB

MD5
14834e6bd0c9179009313813ae486c4b

SHA1
92e12fd0b65c69e251e77cef4974ec64ea1ba953

SHA256
a39a3afa15a04960d128b263f8f11f7d7e154b2d84525ba542e75db8fa264e1f

SHA512
aac16bc99bbae4ddafef29f3fe94b28dbeb5e7a5f4577552d87bfc99fe7db6e93f7bb346e43301ec7ed0bb3d4a1bd3e56530cce23cf696d03143be7beea44d91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\D640494E6277BB576AF1EE2E7CF43369CBEB390F

Filesize
33KB

MD5
c82f8797079d9cb6b4a32fa69dc16bcd

SHA1
ec4e66f190dab68a472a7013c56ac57fa83c97dc

SHA256
42a6cd9af41a4b2d6b4548343532c986f2030286fd3cab8acfa1072db4ed1de3

SHA512
ef8bc0a3e3c22cf466ed242efa4a8cd0f1a0b6cd65ace72fb3af69c013085750fcc84af59beaa399ba00011dce5a3b828e1b6ca205a6437d43006da36854c25b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\DF8E0FC06FEF5667C49B1043586FADE2EF60D35F

Filesize
133KB

MD5
7647e0c90b9f900f4d890ac432614b3f

SHA1
a70474761619ca6edf924f7a346031c73273860a

SHA256
62450ee609002ae759a298b3b80edfb746bf3f759368472155ff6e48ea6cbce2

SHA512
38d26d5b74d01c3c08408cc8ab6cde0442c210c22317a31943c1db8cfb8f15e176d4abfabad0dcc81bd4ecea8d3e8f614624b65591aadb21a5e948e4ba4ac42c

Download Submit
C:\Users\Admin\AppData\Local\Temp\-g7qn9pv.dll

Filesize
4KB

MD5
a735265c350a5ec1ea28b29ec3a6cfca

SHA1
fcd68ba46d20d7770091737e72588b7c4b378746

SHA256
bec46718408aa0b7e7e077d869220fd6931ed4305f52360adbb0a95c2b387077

SHA512
c469d6b1052029e455345a73d644f005eb0b20c19417ad44b63a3af97501e4ccf2e54856f98743670c8915504e39e66a4e98e2b56712a9f7e3a54dbcb3c289ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\-g7qn9pv.pdb

Filesize
11KB

MD5
f23ce338d7bbf1559deb18044f7c58f1

SHA1
553f53409acf79d611c64ae5fb87f19857700b9a

SHA256
33a3bac6e9e4351046861d1aee7b6304281f8b50f2269b8b635af3be56694e27

SHA512
58ae474a30e9a389e1152212d80d1f4026e1b486e9782da793ee09402d17810222b9c0d673c5f8a72d062283bfedf34a77b5f64b669dbb7881112b0e8aaf285f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3r3hd0s_.dll

Filesize
4KB

MD5
f8db65a8bb7ec03a7ff336e927dc576a

SHA1
8e08b082ad62631506fedf2ffc9c60594d395439

SHA256
264eaabfa67a30017f096d4d4e3320024c48523a1cc24d4a316691c4fe4a0dbc

SHA512
8e3021f9f095ffaa44da088a84224c310cea929505cf229f5cc450262b4f17e98737ed66b8fd1a681ad2837e0a0bfc31fdbabfda7615c4baab11fe923ac9daa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\3r3hd0s_.pdb

Filesize
11KB

MD5
95f4322c7b04f7411a4683b3c19c3424

SHA1
4bec154455358d361f349091781a424d7fce8ed6

SHA256
8f4174c2175ca4f5f94b07ff072abd897b82a939bb675bf79e5f83a4e079d63e

SHA512
2da5cd66ba36e74ce0266702126b4acb4877be022aed0d1091572ee5c6c17a188b1b1fe548b3ff09f7645148c52c6139e597bafb2d8d9d3ffcb7395f634be4a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC06.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\PCW2DC4.xml

Filesize
760B

MD5
c16f2fd1887b6dc3c3629eefe00fb47f

SHA1
f7cea6a5c2e603b21ff2ac3a49126d5801d4d8b2

SHA256
dd40d577d668a086ca3959c01667802238b85aa3dfe2876b80db31af2952dba5

SHA512
620f2057ee10d2d1fed600e628de73fa7e0f817e5221961df68926b05c3192c7df101524432fc360d744b4ee7cb1b7831d39774be0122a167370e02aecb1ab8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES3016.tmp

Filesize
1KB

MD5
365e9e9288e5b9c96f697264563e73d8

SHA1
cd31a9a80f270d7e5a722c49d009ffc13f43198d

SHA256
ec0bca2b26027f9bfb36d1d3b73d0a8b73159afc8f41fa7df72bf245517be186

SHA512
ec35cf566e296ab642bcfc9c5f88c11cda88ec86f6d34eccad730b464da02008e7d42cc374cfc706c33c2b0b2a14f54f9131cbe298b2850c4ca241cb64079150

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES3064.tmp

Filesize
1KB

MD5
326d567b2db3b8ddd693f9a1dbb1dad3

SHA1
c37dd1f7990ea0d8c83630039d974eb929291097

SHA256
3fd1202716cfdeb8f2093d7374b5e69c006193c0936ac5ebf501d65da375a5b1

SHA512
2fb39dbdf0ba880ab4b4275e91e92ea0597e127e0cb4f11225d460a1649420bea8facd796729607e61efdf1d33cbec97a5e4542ad2fc0813829bfd258f35d2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B8C.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEC09.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
4.9MB

MD5
f086829edb44509a660a5d7216342cb0

SHA1
3cde65904785877b638ca82466031d771b4d1ca2

SHA256
95b29bfb1bbf3fdae6d3dfda04236879425ff61ce22c5e2afeb348b251017964

SHA512
70e54c13fd05bc2b0c34ab15aa982ab8e89c19ef2cda6f25b4d887a99fcb6ce0c95e57eb4f4ac8776a0bb1ade3fcb2f54ec7ec5fe44f200417e7b4bf6f3b9e29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
48527929707ad20252b5ef222f413c83

SHA1
3edade9ff30d03b9c9f9c796c9b1c02843dc19d9

SHA256
1eb9f657e3380ef89e2ead553900496afe3d4ecdadecebb36a247bda79df1e61

SHA512
c54fd23f9fbb3cc2ef4a638123662c25729216bd6a207dcbbe453a3dc0330b47abfa13bc4f7c39a75ba57712e042c0dbd244e875c4ec1ce557b65c7e6bf36f85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RFf7bb693.TMP

Filesize
8KB

MD5
6f95329af7948dd5a5f9e1f347bbb765

SHA1
fb925b42cf609dc6c071e9913eaa21d8d4053466

SHA256
70fe22e110f1c60ecf7cbc86cafa788e3543514cc4b013c6ddcc56242db3f5a1

SHA512
900c2f6d71ab4f061d861aa503418c2a6e89d055edc22924fd9fc7d5efa1450189f1a9049d3e10b349043ecf5980864be5f96393443f4e2676c0c9730d968c0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\SiteSecurityServiceState.txt

Filesize
1KB

MD5
30da61602857031616f3bdd32bf64a4c

SHA1
bc23c3f393824131bb079d09cd5420d6c9cd0718

SHA256
722f2d7a32cd3d904f1826ba22525d76fa1ccece3ba548ada071633ca87ed9df

SHA512
8525686c8ba7dd592e4f1fbf452d92c0d625ca44278d219121372d561d53521981e295cc8cbe84167ef07fe201233dd4b8d77d930aa1a3eaf5b5c29f157b7a79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
0018f279a542c36c2383cc3a40123b74

SHA1
3ed12fb835604defbc77dd5e5742d7cbca09565f

SHA256
d5d84d2e6a7f4817efe5ccaf036da3e05c09ed29b91d47f2b29d5cacec982006

SHA512
60162702825911a05c631afbe72a8e81ed81e10fb26240aa517f0e43c638987742308460142b9d3f85cd0945bc3d8a381f0151fe5d2bf74f9eaff59a1e1b46ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\bookmarkbackups\bookmarks-2024-03-11_11_JGLvmXDEq1qP6i79-t3V1w==.jsonlz4

Filesize
944B

MD5
7c927a55e7c41e2df325c633126a926d

SHA1
d8f6735382901d3859d33bd5a46d20412a6b764e

SHA256
c5ff6fb521712de73bfa401e03d5c95b2914e43c01c35fa20cae473deeb76da3

SHA512
5ade76050b6ac4993038c46ca5ac80b0ebaee29d5d1e4e0811b990429442413d50810a37f6e4c526779265aefc30561ea0b979ec0c3056fff9b2d86e9459a0fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
20d4bea9c51fb7f19a719e4f6190a1aa

SHA1
4e98cb2ee43b70ab80d2b069179c90c68b6356bf

SHA256
00d7ed97adfdb963cb3d722baee2eb12dcd6096f0bef18f99143eb87ffc47a31

SHA512
282a6652e2d63db902053f7eae58809a82106ecc2bad88bf6326cbcda2f5297d203f7ba0b20cf2898314597201167826496cd15a5236ccb1b709f1bccb4f57b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\10a3ed02-17ed-4b32-abe6-bf4ea45b4938

Filesize
1KB

MD5
f07cab2df4895165bcca76ea0900acac

SHA1
f319dc3bac9baa9a256effd0e04b2eb563019890

SHA256
71cf908b3315e29089fc220fb980aeeeb4cf2d85a50ef402568858847b4c7f0b

SHA512
6eca6afa70ca3138d206ec31fe661ba4e2c06f7b20a8aa4e81f29d83c0a79c6628aafec0a6f232df27d9c87072ec80a27690681e05848843f7a392c2f28ac56d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\2e851433-f990-4bcf-bf2e-8d9b166619d9

Filesize
745B

MD5
6811da7be20b547257a185431dd61b51

SHA1
911c096b4facd36b194e18656fb0c231a3fc39d6

SHA256
63ebc4e4110aa4cb2cc1b7cdbb60843ee0f3703a9614a56c8065c9575960bb5f

SHA512
6ddd39f18a571c360b9d0865eb9699f5c37a22fa6fb1e2cf5a4ede9ea5ca26c633c433ed77f9964079fecbe92f91dfd55834b557ba1a9a1c074c322bafe6fe20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\4cecc4e5-a83d-49c4-8b02-8397a6e967d0

Filesize
12KB

MD5
cd2287acf42e491769670adc5ea82f21

SHA1
ae4d2240f63b5c82b8aa7a38e5f63141026c0092

SHA256
5520afedd352abce604df41de023f7083eec4e80ecb58a9fa0080ae4c3584bba

SHA512
0529d2d9c76cddc15e787363d97b044f14e00c37bffd68a1be1f5080ec3f79986dee8518bff972b0ed0c465af29b7f45379d863d1275a1538609ac4e3f4aabc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\b5348d79-b0eb-4dca-870f-0a464867592e

Filesize
854B

MD5
63eb50cbf5b57f7cb4e207646db26293

SHA1
0bca92e43b7b641bc9ab32c9b4c87563c210c6fd

SHA256
ed96b881770e2edfd75183f0101a5b3e9a7750a31badcd6e084dae4dcce640f3

SHA512
bf046d59b43a5272148791f5b76491eeb91633e6f14b25e864257e1299ac6c6f7d93da58d5f84f73ebe839a75cbe5c59004d01f7d107ea1f2e4e46030e9ebea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\extensions.json

Filesize
36KB

MD5
7fece6248154f7595b7ad05890dcd710

SHA1
93814051c08e256771065a109927a07155c9d1ee

SHA256
d99b6eb5f5140eb2ac2b0b59f31880a2c9c41e8ce2b8b97291d35f668b88a5dc

SHA512
1c4dabc3f00a1e64eaeefcf667fc718917cd921fadcc4f8f0a7fa0a89698a146d4b6f38fc80e33dc4234113082794a5ea7b1e9ab391d7ab37ad8f4d6907e42ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
4.8MB

MD5
6bb973e9e23ea36ad9805cf164e3ff18

SHA1
19cf738f6edf1b4e04643f963b2ba7a396164e14

SHA256
e93806103f3388eb58672387cb6696c647d10cada4b5415a1342bb32b697fcd4

SHA512
bb7f272e2331f8be55c5ac66a1cff8d0d31b2d3df9309568bcafa309c540370b1ac2027dd155d1abcff46df7208bdb722331a7c48484d0d00f767ecaf06d5db6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
6KB

MD5
029dda0509da9b253734320daab906f1

SHA1
82d1ec59e3398190085d4ba4d80566c1241509ad

SHA256
407e3a11c63ea3847a0a34f7b45951f894fbda18147ad6bb2cee7451b1307887

SHA512
9c399253f6c0c9bce875bab7571c1599f63a0488698a2485a62cf7cbcce731c7b5bc4931d6a3ca952ff25481e3ee02d59e6f9b713f46cf5dddd75aa5a00ed84d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
6KB

MD5
77fcfead765a960e071652edbf677cc2

SHA1
4acae09f018b918f566373db4c517a03adc588d8

SHA256
0ff27354369d86b7bf0adff14db0d81964d800527c8435d0d556381d7f57108f

SHA512
a5f47d66960898316cceea5bbf1c0933ba3bb630863783c24f1ba437a1b1539491bbe4bb22ec38ba28341b552c7ef4266bbce02493c738e6c4d59b2ba2184f7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
7KB

MD5
bd04c75f3d5b3e57aafdd9ae4bba6dd1

SHA1
9d25fd84de7d6cae7ecf22322fd132c44b1494d5

SHA256
58b2a4c8dda382b17d65a07a3cf958fa631ef3b5f3767495be21f1f772b78774

SHA512
6d61b72a6991e0118637c3a6b0a89907244006f97d563730a1d2b335048528911946ba5cb61afe0b96e0a3ff06ae007c6d4ee14f6cc7646406988aa09c29f0e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js

Filesize
6KB

MD5
b1a207f4135a7229320fdfb5a18e764d

SHA1
c480368477a452a98978fe53416e0ab351366101

SHA256
d498cee0404f331b25d016b4a11e117e01fcef7db868c1a7ab1fbcea9180920b

SHA512
7acc3b771de9831470cdad52522633f5376949525add404fea9125f007f2ae9ce1edaff362b927c20dbc5b8451b1b414b6a7d513c48b05dbdfc88f2ec6db5a5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js

Filesize
6KB

MD5
ce32bd46d46df2767665bd8a551e0d6f

SHA1
0a0b81878874529d14909013bbf539a869c42cad

SHA256
ed430e7a52c6c52ed66436dc0e699cbba139a0808af89775a78d46c0a58054ad

SHA512
fefe7fbc1048678b2a43d0574b8e9c0f5999a4bfb4665e91a3623edfcd915ad825029b537f4a79fe5f9663e7eeb955382a0043f8c2cd8a3f606736139ff1bbc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c22a91bad3fee6703babf58f5866144e

SHA1
7dcfe297ebb772d8c8e84fa191ee4b378fd337f6

SHA256
7fe1dfb5a4752c7264e92dbfee0a1b4e41026fb3241ecb68933baa7694d3281e

SHA512
e945939329f485b24ead8a8af23dd85992494925a1595aa85aa8791ecf61cbe1a201f5d2a806a7be6f759384a04bb5aae7ec2768733997cd67a01d035ca0e06a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1b884ac8063300e60f1166bc00cba34c

SHA1
ec986d258238de705c710104984b11b60302435c

SHA256
30aa05b792c4fba0f8b50c01c98778a658359f19e39b64e48e9123033b69f54b

SHA512
a780dccb9776428189082975e4773684079f779187b3fd25a7a538fe3b318d1af37f02b0c65ce667fe3874a40ed036711e7e28485555402c851a3c246eee9214

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0835e4dc21e8745ee40bee5ad080fb19

SHA1
ce3f442ec9b5dd2de1b33bb8d68dd2c563f2c5fb

SHA256
b09eed8e67a64f4320fa558427aba0173fb6f07e85715d377b51c51c65310ca0

SHA512
9b1bb5a66ba4a52c5bc09e20869d7dddc5529acfa4dc30a04a9c238ce496802d128d94b2d7154585fdb30fea8264dcb21e2ae903e1110bfb8b1c24c508305bb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
ab1653c1c0d3ea057f165e80ba434d99

SHA1
0a00d56acbb17982dbe7a8f41839ba5dc843cf33

SHA256
35d2bca7fbbc21f7f551de8c0630933c5390f4c59d2ab42250f8e797888305fd

SHA512
34d24b7e73f73b92b8e318bc14461c2efdb67cc2d1876e206097f6fb5882ab63f0904624520190b646d988e16db9cc27a5694c1b8382439e309682179609109a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
a7ff4d110b5fe95a28af989a8c38dfa3

SHA1
a6cf9159e4b70df4b65bf45304402de3c0c53b08

SHA256
4a7b9bf6ca0d144a568f13055ff2ac32f393470f31116150a1ec247f78ac8e10

SHA512
5143b74b5b9232e34b4224e693aa229c95886543707c8c949a893c5b6703e554b791426d7ed16f31bd263a4c41757e6cb1b7ef7d22738e468a9bb096d9653ade

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6af53a41e9a568fc30e415b8219f29f1

SHA1
0cfed43d4e15118ec468df68f1e269cc0aaaa6a2

SHA256
e5cef17d78df1032cceeee44535a1f57073a4c0b7e97e2b7bb7ae6b1bd4d20e5

SHA512
94bfa21ab61f124b4a0051e8b63839caedbb5e8a69b56b10a9f1405b0f3dfffaf7a8e2af1614b408289bcaacc52cb5f27a79f9128672651ff7e005bca5c2be56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
482c3a7dcc6de708ab89cfaa3b9c379e

SHA1
9212dd786f12da9ede04c77b3443761bdb8bec20

SHA256
539d494eb71e8492940e59cd0ad65e4873024d2a395d54511498098b74e5eafb

SHA512
dc16cfbcde1692b20838c92a06f16f99967a23ded5edaf4fa724dc87384b864c2cfa4373579b0d9d8af1c09c8c622b702c15cc897bb3987c50f033288f242d18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3a134e971f72194b0d65c9b44aef187e

SHA1
17a7560f86e646038f3831752ad8e17397a8c1ca

SHA256
474f15c6c0fdd61df4e8a33ff1e8c4e9190839e90f115d0996620716a548c4bb

SHA512
39c315418a8d73eb1ccb48474bb23f1aa440062ff3086efd12c3034f3d9322c91d3d77b2e91973f8ba4de96630d4078f5fa46da28247d7f7d6943ed7542e9a99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
fc7ff4f96d35c603e2c3e06446670873

SHA1
9055e7a18e2c38ace901b9f2607c9b4cb1d0ae7c

SHA256
8a20472bff071143f83b5fb087a02f795ecc0720ebb81efcdee767b909bcaa60

SHA512
fb101066691ccd8f8972ae89fee850aea6786fe48f97bbc5e3a9a7f7e93a595e9655588b82538d5bfd5bc9a9bb28529d7c5e094d181ecd0ab79df22aa7ec79ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
4097d836e4de5393ef04a024d55d3811

SHA1
7c057e09a6a560a05801eac11da413cf72da1613

SHA256
0f8fd662501356003b05a610edae0f81b0b28d5995a9b9aec469c31dc33d01a1

SHA512
d5901aa72320c3abc79dd7a31043a5a005dfd130b683b195a43ff0757a127847953859a8cb07ad3646c288a0aa206cd82d0491d8b72a6ee768309f62156deacf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
fe07acd86c94e57a768a075dd7d6bc76

SHA1
79e9026ab9c599633f7efa508c7f5444e544fe2c

SHA256
c91baf72b9ca2ae3bb6d8bda4b49071a2d8bcf81161cbd9a1019d4a955ae561f

SHA512
3dc3c9991c62192f72261c35c3a5af1a2cdfc07796833d9bb6fb3097235af6a50e7c4c77a43d84138c21979bcba7a68b3eff3d484e3f8002f7d4456975155864

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
db4b7e264e472ebda534c1a59f0dcf58

SHA1
eaa18054740c7de8cbaab94055a8126151ba9617

SHA256
366fa3afa4451b8b4151571c9ade653acefe377aef1d1e6ccfcab6baea6581d6

SHA512
ad55fedddd0b6ef9a5fa1e7d11e6900a77eb435841fbd6def208ac52cd8e8216402f159f299f06272468e60651227c14aba72e17103be6653a80935e78a440d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
187fbd4ab331c21c05418f3001bec37a

SHA1
794c201068603c89a42e8befc1b124f5722d848e

SHA256
1adca72d972259802f059a562a0033456ee63d65e8c4e5827ea34e66fa1963d7

SHA512
30700fd3265a1d1855427b737bc6fe8f3e57ec8ccd3e0988c88bfb33d01802f5207c27635669a4a5bd8c9885c1d588b68f4aa3aab4fa1ffe54d117caab291e70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
adfe1c4cf1cbd51745a8d9ca883f1c15

SHA1
9a7c0c3c671454f336c1d93b50c1babd95d42d40

SHA256
ccbf6dcf1676f6190a331b12a286457f04e0f54b39127c6bea158b0cfff499f2

SHA512
2c0a63cb93c6e95d2bfb05e0a54c39a2a2856f202d7f8e2967210cc8f0adccf24c2465c313830a4e9d20cbec9ffd69ab16f869d51ea10443224935c360e719c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\default\https+++www.intel.com\cache\morgue\134\{9af45a1e-ecae-49f8-aa06-45b3ec0dda86}.final

Filesize
47KB

MD5
5addd6289111ae67c44bb634157efc22

SHA1
476db2f30ce07d2b0d96ec20e8c86078201a740e

SHA256
dcd1c7b9afde93b1aa1fa03f166d28eeae5ed237ee6362a3954354239bcbe501

SHA512
a2c00cbe902542c6f166313bd1582ec0c2643aa5d3839241ab43a2c772a14906260d17001cebe4e8af6a62b6054b3a71b61ac2fdf45f6c3cdce89c75a13f7ccf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\default\https+++www.intel.com\cache\morgue\1\{05c5dd4b-a090-40a4-bfb6-2e154e9ce101}.final

Filesize
74KB

MD5
a8e49cf4d73066233f869e4d469f9e09

SHA1
ec2b8e704eaffb6c35267184650747653bcab01d

SHA256
b4895cc2e743ff3589950e39b934c8dec91891cbf533a6118fb5a5e88a74bf45

SHA512
7d3ba660e2c899b3f8527afd472601634508aea7816c507bed55a9d0d0232f6b1f2c43466e932a06f7a776aaf72c8a4dc593278d8508c522649620093ec6be2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
56af0d44baf1e7daf1ea63a439b18a28

SHA1
82d7bac082b2702f9e0804630c17ea02b6aabdff

SHA256
e90c9160bd72de777c11261fc4470d7430539961627a7a3affcf87269f56064f

SHA512
c33c6fd7148efc3daa5e079455f7cd6f9c9d2cb0fe2b620ce330cb2594ddd9bacd8b29e5c082ed5661e5ffc74529f147f604505b82b74fc938e6a8b631401081

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\targeting.snapshot.json

Filesize
3KB

MD5
cc56afbbc4f54b4eae30ce746ac8c4fa

SHA1
7777543b7bc7effd3f295346df415bad7bd899f7

SHA256
8ee5adf810084982db9531e0d01e8c64db391f9920b07b7f9126b40111d3e987

SHA512
22e89fe57a173c04a7bbcbdd780589b7f7dc990fedff937e928ba82a5f58a05aa15527ff9896ead7c4de517f351d7aaad8dec943f78c421f49bd47ee06686d8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\xulstore.json

Filesize
141B

MD5
8c8e29dfc7492b92903124e1da454a88

SHA1
09e1ea8b5a53255747809121543598e55e38f9ba

SHA256
08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb

SHA512
bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
782KB

MD5
c54637f0235fcc253e5731fa4f049cd3

SHA1
7d327bada0b4c759a348e62e7a51416cc9776169

SHA256
c53594285a279d9a1a770f3d48e0f9b5b6d9d5fa81a10eaf3530acd35a3a73fe

SHA512
58943491663dc1c93ec15a0fb5ec49162b9704338165cc6a1a9db6edaeedb2c74071cde032ffc62e655a9618e08a3e7df2826e2e7e2b90a799d027b838b989c2

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
1.5MB

MD5
4168d5b8b8663ce680ac01f74ca81afc

SHA1
89bd752b0cc2d4211677ea35be0762b26da8525a

SHA256
b5788b8be710c409a584d0713dd8c9551b055890d5268fda9ba182e7b6738def

SHA512
b94cd566e56bd4e102ce37a49b11523a265e7cfc6cc017a8867debc9b3247029f36d7e766fe66bd0a40800ea636b25d8950f219f1a445b68b510d5f93d17ce96

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
1.1MB

MD5
788d968b189f9f859f139062dc9b3de8

SHA1
a98b7f10e5b6dedb72172764cc87da1a279b2fb5

SHA256
985229f409d1ba18d4f253f62aab15899ee43a04caaa2199a89613acdd8fb8e6

SHA512
fc6ab5b67c4fa3b6a5f9d06d3eb0d5002afbb14511b14bed018e726e1e1d92d7d5a1fa16ef089d821f14a67d309343fa4b8d40bc1b9acc7e9799289cfac9b46f

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\OpenAL32.dll

Filesize
877KB

MD5
750a9cd07b5a6d50cac0502bb680c4a5

SHA1
419ca8aae5ae369a091fe61f3b090d2d0ac67ff8

SHA256
434e8eba07e81717162e08b8340b0e297aa169ea539196db6cc90903c0164109

SHA512
7b502a6b14273df3fe4b510164d5a7a61bb692d3fa064786cc6754aaeb7e319b071555451022705ac102bf73f5f3a613e6c6ce6baf110633edc09610ccbf318b

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\SDL2.dll

Filesize
1.6MB

MD5
50187e47bfde8327814096ec6e8d3913

SHA1
cd2803a1ab46826fda2d9a22c5ce899cd07ae39c

SHA256
83f63cda993537e85165f396dca9668ce49baaef17d3532b24ef87fbffcc8a97

SHA512
e82554d69c6d3766ae062f37a8dd242c5568a6bbf5d90586144c9929fe18ebedd50711dcf2d38933079671d2b4f90557901a0c2edd8ac4d5b914faecf4d5b45b

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\love.dll

Filesize
1.6MB

MD5
940fac0c6f1e0f1bbe78615a77557222

SHA1
8f89ed7d64f2e0a63f7a0812bfa487efe3f4aea3

SHA256
c0c3d310eecb30ffc8f809d613aefdf6c07f6496f5afbd8113fb95a6eb4ca70a

SHA512
7e7240e0efd88d2381b47bd2f09600d426284d6f42a4ad4ad5ae44e71bf2b6dbbfee3b3197516f5c5b375f14247b953b1b099c51c472d5e9b3c1f7ab92871b9b

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\lua51.dll

Filesize
554KB

MD5
e0e12c148ec7439f7f2d7b927e123942

SHA1
f0b88c9985195558e12bc00f8a31422861e73908

SHA256
29e5b0b67593ebb77e0f681ca0c2dbcba9efcecee7d71591f5c91be5760c963e

SHA512
35ca3de41a3eee6f99766682459e7808d17b37d92decae6cc4f960bb5219eceb6165ee21db8b038f5669f6852854e6c2c0a6e4104787031a2da52bd3f813cff2

Download Submit
C:\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\mpg123.dll

Filesize
212KB

MD5
1063bdbb4cff2f688e77df90b1873b01

SHA1
917beda2a65f64a089fbcff75620319df0893924

SHA256
a58a87086194c25e6f13318cb4b4eb63030e936a835f9740a773d9a421264cf5

SHA512
d2f1683d8682c7153e92164570dad11d404544487a6af178098dd71c9f25424662f926feba24929862ba8cd17f5f7f6b49614bdeb83aa9f90ccaf374efd42faa

Download Submit
C:\Users\Admin\Downloads\Intel-Driver-and-Support-Assistant-Installer.pd2QF0Ei.exe.part

Filesize
176KB

MD5
1327599b442f893dce0c47acef77d3e1

SHA1
2141a8b1cc2ba86388c279889bcde132c9302dd7

SHA256
12a9d690bc98399553e0e0f72fee12fa29f561465d3084a3a66647737b8088cb

SHA512
b5980caf628bf8b73253a44cbe24781cc5fe375ad7752de9301a2fe6888bbc348799cfd7d5d4e651a9c24151c7e6cd0eef71394b1c8071e2869db0a8598847c4

Download Submit
C:\Windows\TEMP\SDIAG_2e9c281a-d500-415c-a0a3-941830c1ed43\TS_ProgramCompatibilityWizard.ps1

Filesize
9KB

MD5
46e22c2582b54be56d80d7a79fec9bb5

SHA1
604fac637a35f60f5c89d1367c695feb68255ccd

SHA256
459af2960b08e848573d45a7350223657adb2115f24a3c37e69ffe61dea647f9

SHA512
a9a24df3fb391738405d2ea32cd3ef8657d8d00d7366858a39c624dc9ebbf0b64d2817355d41eed6ad3cc7703d264d2921c8a2590ff95601d89f3cca72ba786f

Download Submit
C:\Windows\TEMP\SDIAG_2e9c281a-d500-415c-a0a3-941830c1ed43\en-US\CL_LocalizationData.psd1

Filesize
6KB

MD5
5e03d8afb0fae97904a14d6b2d1cac9a

SHA1
78f401b1944ed92965d7a48dba036413688f949a

SHA256
538a5f22a12b0be59a7a83e0381c6ff661932f07643a87c2d3a542eade741671

SHA512
884c0494728dd9f1a4fc8092152b2253350304b745d6fc1e4b02c9cd2366bc8c92a169c549cd77bcd67e5e2e515d89d46c1d11de5eeb500d531d87839365cd19

Download Submit
C:\Windows\Temp\SDIAG_2e9c281a-d500-415c-a0a3-941830c1ed43\DiagPackage.dll

Filesize
64KB

MD5
e382ec1c184e7d7d6da1e0b3eacfa84b

SHA1
9a0d95eb339774874f4f0da35d10fd326438b56c

SHA256
786d95dc0d59089e14055385cce8765888f55236b5220fdfd28cf2d9b07e63ee

SHA512
019bcb4f41b5bc5853db2fa528ef126e839c5b0d0dc096dd441ba02d8c71e7913efd16b74aed93952ad2cc5422b151c12d3017fc22a65ae5ce2e7e1fc72a396c

Download Submit
C:\Windows\Temp\SDIAG_2e9c281a-d500-415c-a0a3-941830c1ed43\en-US\DiagPackage.dll.mui

Filesize
8KB

MD5
526bcf713fe4662e9f8a245a3a57048f

SHA1
cf0593c3a973495c395bbce779aef8764719abf7

SHA256
c8190f45d62c5c03013ffc66b3f9bf60f52a32464fa271d2fad5fd10432da606

SHA512
df7e93617461c2fd25b5b684311126e66b7cf9f1ecfbf4c8a944f65fb2c904194ec635a9c7b962d4583ea77b0312435c7dc1b5ecbcb1fb3a5a74fc1eb2c21d04

Download Submit
C:\Windows\Temp\{2049E7D6-5E73-46B2-A7DA-3DC9BB8DB54E}\.ba\BootstrapperCore.config

Filesize
703B

MD5
997f9a7602d7be3e11f7f57af18c145b

SHA1
7465ad71e9836d3418680dc8952ed8254be02067

SHA256
e1237292e9e31afd2d8bccd824948c424674e9c8fe6e143ac9a8cbecc41f0c12

SHA512
dd3b695e2d5dd979543dd99e546a9043a4bd3951f09a02333bd42865ce324742df198810441cdb726b66a0fe1e4999961aa2daa37b34a87a5dad71908c1c2b0b

Download Submit
C:\Windows\Temp\{2049E7D6-5E73-46B2-A7DA-3DC9BB8DB54E}\.be\Intel-Driver-and-Support-Assistant-Installer.exe

Filesize
1.0MB

MD5
7c65d5d2134ac87513f909ff682fb425

SHA1
95966f5539fc73e4242ab6d4d54962412b73cb95

SHA256
24afe13b52c9cc5456a46429f23c820ea2d2830b377dd33f2f966e903dce9623

SHA512
dfa0f06e8fc141b4b1cd116008be6eb31f3396ce7376c696c59890d77fd2be86663da01824ac860bb81ab05a1bc9fb629f1161a447d6dd14aa43164fb95f992a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\-g7qn9pv.0.cs

Filesize
791B

MD5
3880de647b10555a534f34d5071fe461

SHA1
38b108ee6ea0f177b5dd52343e2ed74ca6134ca1

SHA256
f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e

SHA512
2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\-g7qn9pv.cmdline

Filesize
309B

MD5
111fe6dc438f209cbaf2617416df8cbc

SHA1
92d526834d084466c199a31969f696e1f0599a70

SHA256
0c2c5b80ba0db2dca309c6981bb984c814059f0783ad4d46cf64f1cfe24f1c04

SHA512
11da353eb8cd29f66c104de08edef1aabfe416d9984b60beb6856acfea83716867818967f2f709b463590e89d6ae4594caf06d14e4499ed320a1520724ce6914

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\3r3hd0s_.0.cs

Filesize
965B

MD5
b0dc59b099ca7c12fb8ad72d3c50c82c

SHA1
f19e28849921cf51e322824c5a8ae8bc00014cd1

SHA256
e75eaaa3d7908fb05000c0a957048d20091a0d2575e87d091d11cdb3a5b562e5

SHA512
852c937d36afe3b6df5826b9f1877d511259e2a0ffcdf229c8c655ced7346b36e526928537386121e3ecbc8b1285144dabe3b760db1873cb3baaf70a0f21c364

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\3r3hd0s_.cmdline

Filesize
309B

MD5
d4d3eba9f426bddf0402a1c5d4f7b99a

SHA1
5cd6a5265ed8bc8f45b67937cc307da7d8e3c593

SHA256
656fbbe5354d33b96b4cccd835934201882b4f48230224b96ef11caea3272888

SHA512
d46281006a178f43505a27eabb9f072574fdb99cb8f31a6f80d2397a3b17dbb99abb8376bd9f3858dbf86b774f9aab09335db484dc75aa1ca3fa7b2f00ed56bf

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC3015.tmp

Filesize
652B

MD5
0a4abb6a3cf75db382094a7514e7f7fd

SHA1
3fa48838f344340cdf11655b788801e0865547e1

SHA256
d1a81e5d961de806baee3e82584fbaad8d50de5b250a188b6cc9083a97afb1bc

SHA512
c784e0e5d8ba0629d90f19e858900db9a0b504410d82fab0fbca86d5efa95302ff82422174d89b2505046de507315d2dd7618c6e695186831f1647aae6429893

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC3063.tmp

Filesize
652B

MD5
336e0dfcd1efd0b9c6d8692539279588

SHA1
eba7fa4fcc20ea28a21a5fcde9b146a7f8da0055

SHA256
0cda9fb7377367a3073773e73ff34887b3b58e2292acebe7895935da23c17eba

SHA512
7bbf2873f4aa134c3a164817cd2e57ab32c5729c74b4e02d55a6523a59a830fee0bae7ae4d87e175876839fa739bc41b8aeca1319f6bde7777f6357695e3ed44

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
734KB

MD5
5f35918ccac5b821645db49ddbef6671

SHA1
e89c2e4f8db03a6051994f7415aee428b2cc467d

SHA256
38ad025567604d6a3d5851d585f8b9c02f7badfbe696992e1f47afbe4e6ab742

SHA512
bd3ea9fc088ec2c990f9f32c6e9f2a2e2dd7be088ecfbf7a309723b16591470e2a3d726307389ebd8a679b6894230546958eac8387ecd4520a26ddb4defb9ebb

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
16.6MB

MD5
0e5f2ba03aeafe4e796838ef87d01cfd

SHA1
ea0f85d3b9545fd7db1610c8b60aaf91bd20274b

SHA256
23e73206ba18bbc35643adb7651a60929b5090a09a1b0a29d1ae69582d5190db

SHA512
239d904de5ab290ce55199af1a47e1c44bc5e51a2e8c74ee5f68a62a98444bed26b3c65365c8c301655a35c33c6c82358f0f93fafd8de3a8161629084ebffe54

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
20.1MB

MD5
7320f0cfbd3a358da0a37c5f8520dbe5

SHA1
37947741ff9c5ba330370b47f819ff1e4ea8e830

SHA256
2ff5f8945858f8c02f4c4c58a56c1db1b0928a8cfa675f20daac4889ec5fb25c

SHA512
293f196d9acf7e5eacee0db15165ae7d37b47e539425a5635f54b204884764c819fc66f47294fbe8e26217ad8ff416cf18a22d6fa2437bc09dbd41819bc3c6dd

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
1.5MB

MD5
043af0eb69a01f5d063df67802cbd761

SHA1
2a25724f964e4c9709c3356e5f4e2fe53c30e9ff

SHA256
a2c6738a7d0da9c43a78cf8f8d06dda7919b81e3789e105203499e2f08532494

SHA512
e438f4d3f9653f39947474a0bfe83701b08f25b849fd28c63de15f0baa057613ecb0b0bedd2c830e27e06f7dd11ad35d7d98711135511c7a1752335f95de2319

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
2.0MB

MD5
235c49f0eda24c0de2ca5bb4c7464967

SHA1
2c2b7cfa85e3d33fa4a704322bcb15bd619f71fb

SHA256
3404ec626c17f765212c2bbcf66aead166b78a20391b0b105a9b9eb571e2b65b

SHA512
dd3f78bc43f36dddeff19cce95ff390f924f148c0e7042e0dbf4cd1a8dfcdd82ae3ca806d69f03e340277428c531ec646131149ba7c4c76f85bf708e85a972f5

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
1.7MB

MD5
a0693feb8b5e7792fa87abef8a514094

SHA1
22b2e6418d7a16b34eeb88f70e09a3f8fdbd9d57

SHA256
16f93179d358410d5615534d54f5a36b0fc37764035c9b4a177747130f2d7a3c

SHA512
8801a63c48fee49d89a12b5514eda0c90579c8d23bee3fe5832ac18a338900493bfbd98ee7fffef1c1575cc37495f212f2cabfa0d5e4f75cbdbea45c4c43096e

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
2.0MB

MD5
16953f38c4adf45551a36a3c602364f4

SHA1
49cdf6ed6acb0f33ea7f320a147b62903b5f20a1

SHA256
51f0b80f8e4a0383b8bf82ccfed6f67c6d9bb8c7c48b7fc53f5a35cfa4bb9848

SHA512
754b9ca5995a09d8ff240fbe4ed536c86c6b9175719577afa9a357dc85c326746ce03744974b8a19daa9f09919b6ab4fec80411bd79c5c7f1f92decce5a43250

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
1.9MB

MD5
0a62f6a6a56fd883b16c3fb08cdecf5c

SHA1
256ef1cf22fb937bf5edab6e777ae162f69a19a6

SHA256
2ccdea942a12b67508fcb37a88e7954fc254c60cc8ce0f70536c700b2e22a81d

SHA512
1b9cd61484841b997ea0946a36a693f18ba39dd0892c713c7da2b29807652fffe88b5b0b483e01d5fb2f58af1302e91e4e3a08f792b439d524b572f71194f8cc

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
2.0MB

MD5
3cec9ab7403e7fa6a67df8bf5e2d1d50

SHA1
c82fbb8e0fa52bcff80338af95e8fe606a7bf37a

SHA256
17a21ea79beee4d4d08fbe0ff7f177e64c2201199749e07dad927fc307f101b2

SHA512
ce64ddda983dac9b76c2a685c43831bcffb6a4f16a38334294bece011f0888c5dd670883ee9ef9fcda2131fcec2e45a053236ab1e35e5bcfa3788174387132f8

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
976KB

MD5
b9fec5135cab5168a34b0a8d3f7af20a

SHA1
e651e675bdd9ff08b3d82fdb62bd760fe8fdd982

SHA256
9c360a93fc731d69859026f070542e7f18806c6a5a1853a78723a8bfaf827aa1

SHA512
7b8c085358c90a47a7e0769e3d930a8e44c6af5bfdbd3704ad2155bf14b2fe92a14cf65320d31dea68a6a1c992a30782b1698d7dc65d35b546b9bbfb9f480663

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
832KB

MD5
3ba770344e21145698a97f0f6cf93891

SHA1
c1b77d194dded5c9759a8b4e5e75f0551839d0f5

SHA256
66837c4adab621b05e18b3335ee6dd2adbd378588dd23568a3d2f79a4f87b966

SHA512
977b5f367cf94f4ec9e914413204ef5be2aa57fdb3b164299cf217acf5ebdd919df6d9df31c704a85aa8c60234b54995aa54bf64f10d0a0d09b4d18cee2a98a7

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
974KB

MD5
a8ab7979ddf23dd7b62c5059ee1c42b6

SHA1
7bc0dba1d6ac9e8425a649bd8233a1eb1a02b5a9

SHA256
e105b74547f6be70da248172415fed6afb5a47b4a710d6d1e864f3b4402e109c

SHA512
df759e032467bb0f279c281e450a8e6bddb61a5359784f52bee760593add2f237aeda6785e353a126498e03c192573c9d8c215e8ece646b30b74436204b62117

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\Balatro.exe

Filesize
862KB

MD5
f1e7453be84b534eeab036fe76779bf9

SHA1
bf531367f4fd5b81038eaa9da6e719a83f838edb

SHA256
fec8d844ad099188591d4110946af2e9d9644cde053285805721cc1ee7ffd69a

SHA512
4fc4a228ca984f6fa15d7f425369376fa9f355365cd401077a2a8d83850d2bf43e64a0ba7bfec0c6750ed16291e9e291548421148ae4544ee4e8743cd0f1b5e8

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\OpenAL32.dll

Filesize
736KB

MD5
e65e5b9cad44e2d6b90ef09ce2ba8ca0

SHA1
75db2145dd5ff0ad3e6d771fd66cfe03013648cf

SHA256
23eacf2ee43149e70e71f8acd5494ccb991b146d7fb0121c06a3390edcd2dbd7

SHA512
d94e1645bf4d0a15de1ffef5b3d52b033cbee85a8ee53b1da4c6d2fb21569a1e6023d4a7ebf2b67775e23a7b4724f0c754162fdef17d7b7ec9999eb3d9568b8e

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\SDL2.dll

Filesize
941KB

MD5
b3b181b2dbf187087d8831247c2d9a54

SHA1
54d2ac05000315881be8ce24c9bc0215924981c9

SHA256
ba4477bfb118f82601c61d8d4c1e8ad88da07e2e086a744c838ca2e90e06c8a3

SHA512
9eb88a43456b7a1652d1d9b600db4a7771958b2299ffd00216695c2fbbdd0b0176b063f021ccf5814d474ec3a3badb0a3aa12c5d873d96f9a9e2f0a1cc90cf00

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\SDL2.dll

Filesize
1.4MB

MD5
e5bd29852a7383c3c9f2a78c64a67e08

SHA1
42853bdc724a8b91aa9c0ca528ae0da8d0b3c59a

SHA256
5b861db85940fffbb178b8cbbab43a598755a15f861570339ce327283af02f21

SHA512
466d108c002b0afb2711267f6c613fa70567ab14ef719be427c12a52ec703ba91049281f02cdcf06ebcd7da7df6106634d7c656df07bd7644ee2c51b3292c04f

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\SDL2.dll

Filesize
1.3MB

MD5
b7e37ee6c9ad92630f71a204c572d4ab

SHA1
52bac34011eacec7a2060b308db9b5c7bf0061cd

SHA256
91246884d5a4a1435a7456090da396f54d4b37f1986829fe01998e85df44e6dd

SHA512
6df6378a03a63b0a23fc828a27afc07dd4863aed1568466a2b99e2e8b20000e22874144f83fc25813f35cc0c247d85eb1ac5e8551beabc8ced90e0d913409575

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\love.dll

Filesize
894KB

MD5
38ea9390c20daacc34d712c67206c548

SHA1
6df9775d454874b404d39e34195818ef44c3ef9a

SHA256
2ba4d248a41658f960aed6c106ecb1692a2cb4c8f0c979a035b03ebb4cb0ba3c

SHA512
e663d38821c338e3f454e3e27742e8b233bd6cc0abce18f12916620a1a980972eb9380dd6515563a94c97bf42d25a173e3cdabf9ae7b14772b0356dc77d1920a

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\love.dll

Filesize
1.1MB

MD5
eda0e83f85494548619f9cce6e16aece

SHA1
d8ee1b9d7d3ed6ed72f440b5045c7003939846e9

SHA256
67e5ad689d6fe9b7eea6766fdae6f28fbabff544c355475e7bcda0764220ceb7

SHA512
989c6a92f4609d7c69ad112246f76ad4ed414f465e8b3c9171c74e6d27205b9d9c5b66e17170a6f5bd320a87060203f955da0cc4abe7dd9e160498ad22d61ba8

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\love.dll

Filesize
2.5MB

MD5
2dc331c98487514d4da32e0ee18c951d

SHA1
8bc23670cc41403473c79995dd9e70a7e6864623

SHA256
8e4c87fc19a4de2b38e68b87bad3af1097b8d52e15efc92d54ad9ad66ba5c319

SHA512
7aff21caa8a5887d19135c52d53a8a96042196620d4120f3a17523898d2619ba4b7cc11f8844fbe0eb8b9845db66e5f7e24aa7702d0276e44209726c7a39b862

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\love.dll

Filesize
2.1MB

MD5
4880fee79a82714da88188b34ae18d15

SHA1
23c55c6eca37317a038560f4752f1418b4f8dc43

SHA256
561200d47619289fc5d1df3ceac3437570d18379cd82edbdd6e71488614ff3d4

SHA512
534db19d8424d26d69726eec2251e5efa31659a5c77fe26b2b51451abe637255ee60b859408ce7a2a964e99d0d078bcf43fddbd9e66685ce0f1c9e331fd59acd

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\love.dll

Filesize
1.8MB

MD5
3f3272b28bb24ff5125e49aef7b2881f

SHA1
37b8784b55da5946bb8ab4d58d5a8bebebab9f9a

SHA256
927a63f0dc2eed924951835fde01938fbfe63a55ec458e8413b43996d985032f

SHA512
92d154153c7d0654cdb4f05fd556b4bbcc896b12eb7eddc772ba47b22770222ccadaa961cda51bdde486a86540b0d3072ec6aeebee6b736e68041f9a0f56af48

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\love.dll

Filesize
2.1MB

MD5
50a92058e82aa00774d7031045fbf08e

SHA1
11fb0ca6e272456791731928c9e0b5b0c48020f2

SHA256
ecb56311535f1156499fbd0c173cfd7ba7002d7726d6c4a7fb59253c08d37666

SHA512
6bdb1e8624b05b727710856ee224dc9b8f294704cf01969944aa9a55622375d385c82d0e73543469bde2e2699f1115e8019b4b77ce2bcdb5f467505a8e739ede

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\lua51.dll

Filesize
377KB

MD5
afcec626c83fd975201f3684f0004ad2

SHA1
6dc5157bdd96c5ce18134e32a3f0a15d8bb50a44

SHA256
8a6456907685cf9fc428bb6450972154c6ce4839147215acc747bd3d9aa69ad6

SHA512
5d54c6e19acf531886b7b41fdeb43ed6368d7b01bebf86ae687aac0a8eb00843c61c36b96cc4023ce0bc44f8318f8ffc5931d8682c9ae1b526f2371629ddad97

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\msvcp120.dll

Filesize
450KB

MD5
882b1a4439cc8c9611f7f7ee248c9bac

SHA1
af2a414bbf9c4ff9223c7fe9f3e59499584e8e6f

SHA256
e6de4a9ccc458f92f2c3c634771e781922bcc06d59648c80b10f7d75c000529f

SHA512
76f06d105653b7a365322056fc2b9bc5eb77430b38edffbda423e81b91998218d10731e94ebba8c4666c0a66e89f86f0c82a02e47ac79cc6d85b051d99ab3ebc

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\msvcp120.dll

Filesize
644KB

MD5
46060c35f697281bc5e7337aee3722b1

SHA1
d0164c041707f297a73abb9ea854111953e99cf1

SHA256
2abf0aab5a3c5ae9424b64e9d19d9d6d4aebc67814d7e92e4927b9798fef2848

SHA512
2cf2ed4d45c79a6e6cebfa3d332710a97f5cf0251dc194eec8c54ea0cb85762fd19822610021ccd6a6904e80afae1590a83af1fa45152f28ca56d862a3473f0a

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\msvcr120.dll

Filesize
794KB

MD5
4882ee48947be63066e1e4397c82639d

SHA1
d7e4ba948895f750f8d94b1b5e874756c7b6b4ec

SHA256
0318100fcfcd0e7e4976d356c6474a2715acb008a3a9c244a3ea1d7d6613f801

SHA512
1523363f19cf375df19b67f94134b41c29f4ffa3f8ffd632a5b2cf6ae3b92440a92213436c522ab019a9604dfa8f11aeac3e5424228b471080b571d0a9c92b26

Download Submit
\Users\Admin\Desktop\Balatro.v1.0.0L-Unleashed\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
memory/1192-237-0x0000000001DD0000-0x0000000001DD8000-memory.dmp

Filesize
32KB

Download
memory/1192-221-0x000007FEF5310000-0x000007FEF5CAD000-memory.dmp

Filesize
9.6MB

Download
memory/1192-267-0x0000000001E80000-0x0000000001E88000-memory.dmp

Filesize
32KB

Download
memory/1192-257-0x0000000002B20000-0x0000000002BA0000-memory.dmp

Filesize
512KB

Download
memory/1192-254-0x0000000001E60000-0x0000000001E68000-memory.dmp

Filesize
32KB

Download
memory/1192-307-0x000007FEF5310000-0x000007FEF5CAD000-memory.dmp

Filesize
9.6MB

Download
memory/1192-271-0x0000000002B20000-0x0000000002BA0000-memory.dmp

Filesize
512KB

Download
memory/1192-219-0x000007FEF5310000-0x000007FEF5CAD000-memory.dmp

Filesize
9.6MB

Download
memory/1192-270-0x000007FEF5310000-0x000007FEF5CAD000-memory.dmp

Filesize
9.6MB

Download
memory/1192-220-0x0000000002B20000-0x0000000002BA0000-memory.dmp

Filesize
512KB

Download
memory/1704-272-0x0000000002100000-0x0000000002180000-memory.dmp

Filesize
512KB

Download
memory/1704-248-0x0000000002100000-0x0000000002180000-memory.dmp

Filesize
512KB

Download
memory/1996-1698-0x0000000000F00000-0x0000000000F08000-memory.dmp

Filesize
32KB

Download
memory/1996-1728-0x0000000006610000-0x0000000006710000-memory.dmp

Filesize
1024KB

Download
memory/1996-1695-0x0000000000EE0000-0x0000000000EE8000-memory.dmp

Filesize
32KB

Download
memory/1996-1696-0x0000000000EF0000-0x0000000000EF8000-memory.dmp

Filesize
32KB

Download
memory/1996-1676-0x0000000073C50000-0x000000007433E000-memory.dmp

Filesize
6.9MB

Download
memory/1996-1699-0x0000000000F50000-0x0000000000F5A000-memory.dmp

Filesize
40KB

Download
memory/1996-1700-0x0000000000F50000-0x0000000000F5A000-memory.dmp

Filesize
40KB

Download
memory/1996-1701-0x0000000006610000-0x0000000006710000-memory.dmp

Filesize
1024KB

Download
memory/1996-1702-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1705-0x0000000073C50000-0x000000007433E000-memory.dmp

Filesize
6.9MB

Download
memory/1996-1710-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1693-0x0000000000E20000-0x0000000000E2A000-memory.dmp

Filesize
40KB

Download
memory/1996-1715-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1716-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1725-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1726-0x0000000000F50000-0x0000000000F5A000-memory.dmp

Filesize
40KB

Download
memory/1996-1727-0x0000000000F50000-0x0000000000F5A000-memory.dmp

Filesize
40KB

Download
memory/1996-1694-0x0000000000E30000-0x0000000000E38000-memory.dmp

Filesize
32KB

Download
memory/1996-1729-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1692-0x0000000000E10000-0x0000000000E1E000-memory.dmp

Filesize
56KB

Download
memory/1996-1689-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1688-0x0000000001020000-0x000000000109A000-memory.dmp

Filesize
488KB

Download
memory/1996-1677-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1683-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1679-0x0000000000C10000-0x0000000000C50000-memory.dmp

Filesize
256KB

Download
memory/1996-1681-0x0000000000500000-0x0000000000518000-memory.dmp

Filesize
96KB

Download
memory/2620-264-0x0000000000640000-0x00000000006C0000-memory.dmp

Filesize
512KB

Download
memory/2884-118-0x0000000001C50000-0x0000000001C51000-memory.dmp

Filesize
4KB

Download
memory/2884-269-0x0000000001C50000-0x0000000001C51000-memory.dmp

Filesize
4KB

Download
memory/3864-1070-0x000007FEF1860000-0x000007FEF189A000-memory.dmp

Filesize
232KB

Download
memory/3864-1083-0x000007FEF1860000-0x000007FEF189A000-memory.dmp

Filesize
232KB

Download
memory/3864-1069-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/3864-1071-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads