ed9e5b3986147c79fff860e2fe5597cc2f34762adc8c84000c8734b8fb0dc808

Analysis

max time kernel
278s
max time network
283s
platform
windows10_x64
resource
win10v20210410
submitted
21-04-2021 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BookLot.17.2102.1pawk.exe
Size

69.7MB
MD5

262dbc70f4b9486ac7b7fcd6d3461a45
SHA1

895c8588764e11e410921928d10784771744f1a1
SHA256

ed9e5b3986147c79fff860e2fe5597cc2f34762adc8c84000c8734b8fb0dc808
SHA512

fa3bede3ed0fbf2a701b2d9ac68a9e2e4d726e05913ea375d15ffef3a0a3c439957eb358b0ebcb79c9b608921bce69e87ae575ab7a56dc36c0773360b25b7bce

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 8 IoCs

Processes:

BookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exe

pid process

4256 BookLot.exe
504 BookLot.exe
3152 BookLot.exe
2108 BookLot.exe
1832 BookLot.exe
4108 BookLot.exe
648 BookLot.exe
2272 BookLot.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BookLot.exeBookLot.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Control Panel\International\Geo\Nation	BookLot.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Control Panel\International\Geo\Nation	BookLot.exe

Loads dropped DLL 24 IoCs

Processes:

BookLot.17.2102.1pawk.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exe

pid	process
4464	BookLot.17.2102.1pawk.exe
4464	BookLot.17.2102.1pawk.exe
4464	BookLot.17.2102.1pawk.exe
4464	BookLot.17.2102.1pawk.exe
4464	BookLot.17.2102.1pawk.exe
4256	BookLot.exe
4256	BookLot.exe
504	BookLot.exe
3152	BookLot.exe
3152	BookLot.exe
3152	BookLot.exe
3152	BookLot.exe
3152	BookLot.exe
2108	BookLot.exe
2108	BookLot.exe
2108	BookLot.exe
1832	BookLot.exe
1832	BookLot.exe
4108	BookLot.exe
4108	BookLot.exe
648	BookLot.exe
648	BookLot.exe
2272	BookLot.exe
2272	BookLot.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

BookLot.17.2102.1pawk.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	BookLot.17.2102.1pawk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BookLot = "C:\\Users\\Admin\\AppData\\Roaming\\BookLot\\BookLot.exe --su"	BookLot.17.2102.1pawk.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

BookLot.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0400000001000000100000002c8f9f661d1890b147269d8e86828ca90300000001000000140000006252dc40f71143a22fde9ef7348e064251b181187e00000001000000080000000000cf97a737d6010b000000010000000e000000430065007200740075006d0000001d000000010000001000000096f98b6e79a74810ce7d398a82f977781400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded37f0000000100000016000000301406082b0601050507030906082b06010505070301620000000100000020000000d8e0febc1db2e38d00940f37d27d41344d993e734b99d5656d9778d4d814362409000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad2000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	BookLot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 1900000001000000100000000b6cd9778e41ad67fd6be0a6903710440f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b06010505070308620000000100000020000000d8e0febc1db2e38d00940f37d27d41344d993e734b99d5656d9778d4d81436247f0000000100000016000000301406082b0601050507030906082b060105050703011400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000007e00000001000000080000000000cf97a737d6010300000001000000140000006252dc40f71143a22fde9ef7348e064251b181180400000001000000100000002c8f9f661d1890b147269d8e86828ca92000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	BookLot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 5c0000000100000004000000000800000400000001000000100000002c8f9f661d1890b147269d8e86828ca90300000001000000140000006252dc40f71143a22fde9ef7348e064251b181187e00000001000000080000000000cf97a737d6010b000000010000000e000000430065007200740075006d0000001d000000010000001000000096f98b6e79a74810ce7d398a82f977781400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded37f0000000100000016000000301406082b0601050507030906082b06010505070301620000000100000020000000d8e0febc1db2e38d00940f37d27d41344d993e734b99d5656d9778d4d814362409000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad1900000001000000100000000b6cd9778e41ad67fd6be0a6903710442000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	BookLot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	BookLot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	BookLot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	BookLot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b06010505070308620000000100000020000000d8e0febc1db2e38d00940f37d27d41344d993e734b99d5656d9778d4d81436247f0000000100000016000000301406082b0601050507030906082b060105050703011400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000007e00000001000000080000000000cf97a737d6010300000001000000140000006252dc40f71143a22fde9ef7348e064251b181182000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	BookLot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\Blob = 5c000000010000000400000000080000190000000100000010000000a8827a3cbd2d87d783b59b8062c87e9a03000000010000001400000075e0abb6138512271c04f85fddde38e4b7242efe7e00000001000000080000000000cf97a737d6017a000000010000000c000000300a06082b060105050703091d000000010000001000000073621e116224668780b2d2bee454e52e1400000001000000140000009be20757671c1ec06a06de59b49a2ddfdc19862e7f0000000100000016000000301406082b0601050507030306082b06010505070309620000000100000020000000ca42dd41745fd0b81eb902362cf9d8bf719da1bd1b1efc946f5b4c99f42c1b9e5300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000005c00000047006f006f0067006c00650020005400720075007300740020005300650072007600690063006500730020002d00200047006c006f00620061006c005300690067006e00200052006f006f0074002000430041002d00520032000000090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f0000000100000014000000bf4d2c390bbf0aa3a2b7ea2dc751011bf5fd422e0400000001000000100000009414777e3e5efd8f30bd41b0cfe7d0302000000001000000be030000308203ba308202a2a003020102020b0400000000010f8626e60d300d06092a864886f70d0101050500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3036313231353038303030305a170d3231313231353038303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a6cf240ebe2e6f28994542c4ab3e21549b0bd37f8470fa12b3cbbf875fc67f86d3b2305cd6fdadf17bdce5f86096099210f5d053defb7b7e7388ac52887b4aa6ca49a65ea8a78c5a11bc7a82ebbe8ce9b3ac962507974a992a072fb41e77bf8a0fb5027c1b96b8c5b93a2cbcd612b9eb597de2d006865f5e496ab5395e8834ecbc780c0898846ca8cd4bb4a07d0c794df0b82dcb21cad56c5b7de1a02984a1f9d39449cb24629120bcdd0bd5d9ccf9ea270a2b7391c69d1bacc8cbe8e0a0f42f908b4dfbb0361bf6197a85e06df26113885c9fe0930a51978a5aceafabd5f7aa09aa60bddcd95fdf72a960135e0001c94afa3fa4ea070321028e82ca03c29b8f0203010001a3819c308199300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604149be20757671c1ec06a06de59b49a2ddfdc19862e30360603551d1f042f302d302ba029a0278625687474703a2f2f63726c2e676c6f62616c7369676e2e6e65742f726f6f742d72322e63726c301f0603551d230418301680149be20757671c1ec06a06de59b49a2ddfdc19862e300d06092a864886f70d01010505000382010100998153871c68978691ece04ab8440bab81ac274fd6c1b81c4378b30c9afcea2c3c6e611b4d4b29f59f051d26c1b8e983006245b6a90893b9a9334b189ac2f887884edbdd71341ac154da463fe0d32aab6d5422f53a62cd206fba2989d7dd91eed35ca23ea15b41f5dfe564432de9d539abd2a2dfb78bd0c080191c45c02d8ce8f82da4745649c505b54f15de6e44783987a87ebbf3791891bbf46f9dc1f08c358c5d01fbc36db9ef446d7946317e0afea982c1ffefab6e20c450c95f9d4d9b178c0ce501c9a0416a7353faa550b46e250ffb4c18f4fd52d98e69b1e8110fde88d8fb1d49f7aade95cf2078c26012db25408c6afc7e4238406412f79e81e1932e	BookLot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	BookLot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE	BookLot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\Blob = 0400000001000000100000009414777e3e5efd8f30bd41b0cfe7d0300f0000000100000014000000bf4d2c390bbf0aa3a2b7ea2dc751011bf5fd422e090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080b000000010000005c00000047006f006f0067006c00650020005400720075007300740020005300650072007600690063006500730020002d00200047006c006f00620061006c005300690067006e00200052006f006f0074002000430041002d005200320000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0620000000100000020000000ca42dd41745fd0b81eb902362cf9d8bf719da1bd1b1efc946f5b4c99f42c1b9e7f0000000100000016000000301406082b0601050507030306082b060105050703091400000001000000140000009be20757671c1ec06a06de59b49a2ddfdc19862e1d000000010000001000000073621e116224668780b2d2bee454e52e7a000000010000000c000000300a06082b060105050703097e00000001000000080000000000cf97a737d60103000000010000001400000075e0abb6138512271c04f85fddde38e4b7242efe190000000100000010000000a8827a3cbd2d87d783b59b8062c87e9a2000000001000000be030000308203ba308202a2a003020102020b0400000000010f8626e60d300d06092a864886f70d0101050500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3036313231353038303030305a170d3231313231353038303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a6cf240ebe2e6f28994542c4ab3e21549b0bd37f8470fa12b3cbbf875fc67f86d3b2305cd6fdadf17bdce5f86096099210f5d053defb7b7e7388ac52887b4aa6ca49a65ea8a78c5a11bc7a82ebbe8ce9b3ac962507974a992a072fb41e77bf8a0fb5027c1b96b8c5b93a2cbcd612b9eb597de2d006865f5e496ab5395e8834ecbc780c0898846ca8cd4bb4a07d0c794df0b82dcb21cad56c5b7de1a02984a1f9d39449cb24629120bcdd0bd5d9ccf9ea270a2b7391c69d1bacc8cbe8e0a0f42f908b4dfbb0361bf6197a85e06df26113885c9fe0930a51978a5aceafabd5f7aa09aa60bddcd95fdf72a960135e0001c94afa3fa4ea070321028e82ca03c29b8f0203010001a3819c308199300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604149be20757671c1ec06a06de59b49a2ddfdc19862e30360603551d1f042f302d302ba029a0278625687474703a2f2f63726c2e676c6f62616c7369676e2e6e65742f726f6f742d72322e63726c301f0603551d230418301680149be20757671c1ec06a06de59b49a2ddfdc19862e300d06092a864886f70d01010505000382010100998153871c68978691ece04ab8440bab81ac274fd6c1b81c4378b30c9afcea2c3c6e611b4d4b29f59f051d26c1b8e983006245b6a90893b9a9334b189ac2f887884edbdd71341ac154da463fe0d32aab6d5422f53a62cd206fba2989d7dd91eed35ca23ea15b41f5dfe564432de9d539abd2a2dfb78bd0c080191c45c02d8ce8f82da4745649c505b54f15de6e44783987a87ebbf3791891bbf46f9dc1f08c358c5d01fbc36db9ef446d7946317e0afea982c1ffefab6e20c450c95f9d4d9b178c0ce501c9a0416a7353faa550b46e250ffb4c18f4fd52d98e69b1e8110fde88d8fb1d49f7aade95cf2078c26012db25408c6afc7e4238406412f79e81e1932e	BookLot.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

BookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exeBookLot.exe

pid	process
4256	BookLot.exe
4256	BookLot.exe
3152	BookLot.exe
3152	BookLot.exe
2108	BookLot.exe
2108	BookLot.exe
1832	BookLot.exe
1832	BookLot.exe
4108	BookLot.exe
4108	BookLot.exe
648	BookLot.exe
648	BookLot.exe
2272	BookLot.exe
2272	BookLot.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

BookLot.exe

pid process

4256 BookLot.exe
4256 BookLot.exe
4256 BookLot.exe
4256 BookLot.exe

Suspicious use of WriteProcessMemory 53 IoCs

Processes:

BookLot.17.2102.1pawk.execmd.exeexplorer.exeBookLot.exeBookLot.execmd.execmd.execmd.exe

description	pid	process	target process
PID 4464 wrote to memory of 1020	4464	BookLot.17.2102.1pawk.exe	cmd.exe
PID 4464 wrote to memory of 1020	4464	BookLot.17.2102.1pawk.exe	cmd.exe
PID 4464 wrote to memory of 1020	4464	BookLot.17.2102.1pawk.exe	cmd.exe
PID 1020 wrote to memory of 4132	1020	cmd.exe	sc.exe
PID 1020 wrote to memory of 4132	1020	cmd.exe	sc.exe
PID 1020 wrote to memory of 4132	1020	cmd.exe	sc.exe
PID 1020 wrote to memory of 4012	1020	cmd.exe	find.exe
PID 1020 wrote to memory of 4012	1020	cmd.exe	find.exe
PID 1020 wrote to memory of 4012	1020	cmd.exe	find.exe
PID 4464 wrote to memory of 4188	4464	BookLot.17.2102.1pawk.exe	explorer.exe
PID 4464 wrote to memory of 4188	4464	BookLot.17.2102.1pawk.exe	explorer.exe
PID 4172 wrote to memory of 4256	4172	explorer.exe	BookLot.exe
PID 4172 wrote to memory of 4256	4172	explorer.exe	BookLot.exe
PID 4172 wrote to memory of 4256	4172	explorer.exe	BookLot.exe
PID 4256 wrote to memory of 504	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 504	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 504	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 3152	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 3152	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 3152	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 2108	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 2108	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 2108	4256	BookLot.exe	BookLot.exe
PID 2108 wrote to memory of 4472	2108	BookLot.exe	cmd.exe
PID 2108 wrote to memory of 4472	2108	BookLot.exe	cmd.exe
PID 2108 wrote to memory of 4472	2108	BookLot.exe	cmd.exe
PID 4472 wrote to memory of 2184	4472	cmd.exe	driverquery.exe
PID 4472 wrote to memory of 2184	4472	cmd.exe	driverquery.exe
PID 4472 wrote to memory of 2184	4472	cmd.exe	driverquery.exe
PID 2108 wrote to memory of 4876	2108	BookLot.exe	cmd.exe
PID 2108 wrote to memory of 4876	2108	BookLot.exe	cmd.exe
PID 2108 wrote to memory of 4876	2108	BookLot.exe	cmd.exe
PID 2108 wrote to memory of 4908	2108	BookLot.exe	cmd.exe
PID 2108 wrote to memory of 4908	2108	BookLot.exe	cmd.exe
PID 2108 wrote to memory of 4908	2108	BookLot.exe	cmd.exe
PID 4876 wrote to memory of 5048	4876	cmd.exe	driverquery.exe
PID 4876 wrote to memory of 5048	4876	cmd.exe	driverquery.exe
PID 4876 wrote to memory of 5048	4876	cmd.exe	driverquery.exe
PID 4908 wrote to memory of 5116	4908	cmd.exe	driverquery.exe
PID 4908 wrote to memory of 5116	4908	cmd.exe	driverquery.exe
PID 4908 wrote to memory of 5116	4908	cmd.exe	driverquery.exe
PID 4256 wrote to memory of 1832	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 1832	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 1832	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 4108	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 4108	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 4108	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 648	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 648	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 648	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 2272	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 2272	4256	BookLot.exe	BookLot.exe
PID 4256 wrote to memory of 2272	4256	BookLot.exe	BookLot.exe

C:\Users\Admin\AppData\Local\Temp\BookLot.17.2102.1pawk.exe
"C:\Users\Admin\AppData\Local\Temp\BookLot.17.2102.1pawk.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4464

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C "sc QUERY NPF | FIND /C "RUNNING""
2⤵
- Suspicious use of WriteProcessMemory
PID:1020

C:\Windows\SysWOW64\sc.exe
sc QUERY NPF
3⤵
PID:4132

C:\Windows\SysWOW64\find.exe
FIND /C "RUNNING"
3⤵
PID:4012

C:\Windows\explorer.exe
"C:\Windows\explorer.exe" C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
2⤵
PID:4188

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:4172

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
"C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4256

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BookLot\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BookLot\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\BookLot\User Data" --annotation=plat=Win32 --annotation=prod=BookLot --annotation=ver=0.0.99 --initial-client-data=0x2bc,0x2b8,0x2b4,0x2a4,0x2b0,0x746850d0,0x746850e0,0x746850ec
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:504

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
"C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe" --type=gpu-process --field-trial-handle=1556,2832525132137231256,17711191167471778521,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --service-request-channel-token=1376631568257993730 --mojo-platform-channel-handle=1568 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3152

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
"C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\BookLot\gen" --js-flags=--expose-gc --no-zygote --field-trial-handle=1556,2832525132137231256,17711191167471778521,131072 --service-pipe-token=17641056481912048011 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=17641056481912048011 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2108

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "driverquery /FO list /v"
4⤵
- Suspicious use of WriteProcessMemory
PID:4472

C:\Windows\SysWOW64\driverquery.exe
driverquery /FO list /v
5⤵
PID:2184

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "driverquery /FO list /v"
4⤵
- Suspicious use of WriteProcessMemory
PID:4876

C:\Windows\SysWOW64\driverquery.exe
driverquery /FO list /v
5⤵
PID:5048

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "driverquery /FO list /v"
4⤵
- Suspicious use of WriteProcessMemory
PID:4908

C:\Windows\SysWOW64\driverquery.exe
driverquery /FO list /v
5⤵
PID:5116

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
"C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe" --type=utility --field-trial-handle=1556,2832525132137231256,17711191167471778521,131072 --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --service-request-channel-token=7014170730990576680 --mojo-platform-channel-handle=3780 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1832

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
"C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe" --type=gpu-process --field-trial-handle=1556,2832525132137231256,17711191167471778521,131072 --disable-gpu-sandbox --use-gl=disabled --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --service-request-channel-token=17808402287273950877 --mojo-platform-channel-handle=3928 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4108

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
"C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe" --type=utility --field-trial-handle=1556,2832525132137231256,17711191167471778521,131072 --lang=en-US --no-sandbox --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --service-request-channel-token=16182115434982097 --mojo-platform-channel-handle=3776 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:648

C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
"C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe" --type=utility --field-trial-handle=1556,2832525132137231256,17711191167471778521,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\BookLot\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4256_16631" --service-request-channel-token=13546111742164130280 --mojo-platform-channel-handle=4164 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2272

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\BookLot\User Data\Crashpad\settings.dat
MD5
c9e7401592a7bfd2d0dea8f82c883490

SHA1
a050c1f5e6349b67362c14a5649b1ea90fb1a247

SHA256
7e2e293c1bdeb63a9b834d2e0004a056955beacc061b253c6982901e5b6c2e8c

SHA512
a6d433c68b143bc89238321d85682dea653bfc45c2103625cc4809434731d4105a8c25fb2f1eca83013bc6df296010dfe77abb82511cbf238d7dfe3247955d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\ip-regex\index.js
MD5
d8ad95a7b6a3fb035c7e1a4dae741dd5

SHA1
a05b912f4f6be16338c0b4fc279dd246144875b0

SHA256
3d6009cb08e64bda7305c2834057f0599ff3b8d1aced030c240ffa0d6a16257a

SHA512
830ed3ad7244c996d76998d02d09dfc9766b91305cddfb6e255f7b7fca9d1df7c94431f665ad5c6f9c30fb8ded8a4f301837fd05590d215df4ded416b3d17e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\ip-regex\package.json
MD5
e7bb1b751128d586108f27b7ef29b3aa

SHA1
76e1bedb697b627aa3db14047ab860a68bbdcfa3

SHA256
cb551dfefed71849e88eb8c590959194f8b13df0b6be84e3b7455766889aca93

SHA512
9e0602fda1a0379045b21b5c3fb7c363a5daa8c08db209232b89121c6b2654c71263804c0b4d4c8b1a88a601e685f771df5c635ea6054dfd9e264ef2e99ca29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\json-stringify-safe\package.json
MD5
fb9afefdbee5b88803b2e0af75c937e4

SHA1
afc7ac4d0caf06b25f890f841cbdcfd095daa0e3

SHA256
440291671674822a83d72a070b99e46ce6c479f881022b464f6155b92ce26b2c

SHA512
aeea50f7d612bd5eb3ca09a962f5ddbfa4bfaae7e7a564885ac803969bf35fb1599e75b23a8217bc8b9ee7374f5ca181972aea9191a585f124f8e9a529dba8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\json-stringify-safe\stringify.js
MD5
a138c2d1114bef6d26623141fc9e7a92

SHA1
b36a3a8d0f794fae13dc8e1c93bd4a8cae311bf2

SHA256
952ffb7fc912b6168d6b9afb92cd12d4a01a4c55fe2eb82a9abce4def0a207c5

SHA512
78d4b8acf2638885978e5d1d06d751738839d3e4e1ac67775674c38fb28a91d0e1dc278142eab6691432b8112e71081978d799779189e0df9d0c761eb22e3e0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\psl\data\rules.json
MD5
cf25864c2720ab33bbf6938527114678

SHA1
cda973ccb804bb70c4fceda0533a03a354be2ffe

SHA256
dddb3446e3caa6df63ff0b527c9e67466d6d52dae3293e085cfd2980ef44e3ad

SHA512
9685023cd3c11e953b803a971029a002f2e065b4478b146ec9e4febc1463a477c9fe86a311899645d3d2f7a1d0013f31dbe1c57035a90bd7b2b419989f404ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\psl\index.js
MD5
bae2793857cca142ce83734db1e5cc57

SHA1
9e7fd00d5e988f4034720c6831e47a0f258261f0

SHA256
b031d76949a9fa16597773062d56615533b45fe856e131b395dcf8be9ffa99d3

SHA512
d9a0af2392db032566127fbd51d57ab2b0379349cbd684496b028427feab3f11b394cdd3fd43ec2f9e8db670e2c2a1b97399d6c9d81af00df58235b7c776ca96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\psl\package.json
MD5
c04dd778e12a1504eee4d5de982a183e

SHA1
a1eb37be9cdaf76e14071f620cc3b9c9289239ef

SHA256
e57d4cc025540785aa04a44c3675c79832aea606724dceef8ccbe86b28af1e72

SHA512
f99257686620cf333bec04f0d2c22d079df0afd6bdb5ee796f8d66b0cd63899c3e626ca91bd69a2201c4fc39cb3edec257fc42c330e7d13c06da7814d59b6c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\qs\index.js
MD5
279b5408af1f82bfb5846a40504b1b86

SHA1
8dd441855f345ab5de8626bec2dd91084b9dd611

SHA256
f87890b6d58f3a7e71b06299d2166c29e394be25534e469d158d26682a228376

SHA512
46e30b504f3710df997e20e94fcde8516ea3372ba17fcf338188ffe8e19221f27b11427098b1975475a39395005cdb1f9fc32b2966646fe207d9c627f89f4305

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\qs\lib\index.js
MD5
a2dd930d422861906388041dd04aee21

SHA1
1d12b60ebf187b97694b40050dc582b1205775c0

SHA256
234a0ac59c4d5f5f333bd756c3d7939fa5637a20fd5246848aa0d31bc26fbfbe

SHA512
b6efd4b7df1c18e8a9639bc6cdc1374f8f2121e4dff74370023eaa3f03c1e908986ebe94bf181b3cda6ac0228f0e6fd2e72e4eed9e80eb95196383ce627bcbdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\qs\lib\parse.js
MD5
cc380e9fea9bb7ad67ce34b33e88c534

SHA1
dbaafe860bb283d1a92e14a66f8f09cc686b7eb8

SHA256
57d6025fa104a8ae20c22b9f77a867c4de6560ab678e0a84fd2c5dd8f5392b8b

SHA512
feac4c61d42bdc4af29bd1aa9ba89dbe09bae0c0dc349d55e4d5780633b61876621efa1314dbe6ca7389e2daf60d822b84220261f645ba3bf476a538ff564c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\qs\lib\stringify.js
MD5
646365106b68ba6f712c89fbda884e45

SHA1
431945ae0e164742e0f436f54b2fae43b852b500

SHA256
62eb9fdf8d5f4a1f523ee6db752437aff8d02e5ff6671486ef02a17ce00dd86c

SHA512
cf51470c05e69b0b6f9967c35ed0188b901cac87bf59ee2b91d9c11f73e20c00712e01fa0a7912c89c5d7a5e132b8e9a888df8b58997f9526aa7b6a68dc6c288

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\qs\lib\utils.js
MD5
0c0f28c1983190be4107fd13c4ad0963

SHA1
fcf019ac2b47e6518188129c501fb9202dc8ce87

SHA256
30796ee7b897b6d6c234a41817e1d4a2d3bcc63e02d89e79e7b1c4511f341bad

SHA512
fc02b98b2986e2da78cd68b0d76732a40d9bf971157847031a011934bf76d427e67babd8faf36db6788e5a2509aab4a3eed8e9777d78998a0612205ac906a27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\qs\package.json
MD5
0c648e05aa267fcf6b4d6afebf2bbd30

SHA1
6c481f0e61925bfad5b1d180273a99a655c371c2

SHA256
e64a3ac21e4bde0462b70d43c0454e95464dde01cddd84fb249b12999c6fedac

SHA512
688ba6756301e8413227baf58d45492a4455733a5c9a728643f740d9080694caa91843a6e9fe5a09760f0676b18ee7c64d17f8e84cc87be48c9301eca036ae3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\request\index.js
MD5
32ef3686a6e9a154933429aca8852d2a

SHA1
4f4cf280c357784ae223a0aa6f7d7aa2a0b70b73

SHA256
176ff6da743f5de88422c87e993f12fd62e49710755fa2f80204efab817f0cec

SHA512
58ac8a8ab019d90e05b059334ae843c91ca4c5edb9543d6f1e6eb461767fa70824c1cbb509e7fc50afd91ff7d0bffba507f32bef4552f42ca550a90a320f42c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\request\lib\cookies.js
MD5
3f1cad79f7518a5caa203c9c47f8fe56

SHA1
4f7a0ad5981b555857ed98dfc4e338a69883173d

SHA256
2cbb36d465eac68f9253fa9733ac9f301ed7079e8b4f36d1ea1a3b6acb3e83fc

SHA512
3bcc306e77797358ffbf049d1b31223d21f5037f94c5276d18879ec01bbcb4e95e4ec2f1463bd16d8df8668d5889bdcabe57c344a1adcf5f2757ca4de48cdf26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\request\lib\helpers.js
MD5
1380ce3ff72761b4f0c435c74005bfef

SHA1
c22d03f7407650d6d4047c6af6dbb1261b8d7472

SHA256
241466f93a63b2be5be0b4fcc2d87a518e18003724f16bbf334e5f66538e6ef9

SHA512
c6f7631afd2a37eea1eb472b03c56354a0cc7e607440a64776a70742f7bcc9c464892975d1317f71016eac902c10420e1367c2a16d6cb7d469f5a45b2de75946

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\request\package.json
MD5
ec131d3108b7e619ad69a8a21e506325

SHA1
fb48c4cc9ac5e6cb43c795da4fba6a82e600f19e

SHA256
58ffec60b67393a22709c25f9a3787a84ab3af52676096a6f340873ff8e2ba06

SHA512
953198776ecc6c3b84a4eb5a3034d252f952804cf8cdc05b6afe1b294420e5364d6766fb0e026a61bd906171ee8ae2e27668582ff67956dcea63de8675fd6629

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\request\request.js
MD5
f0f60fd5ff5adb2c4bccc9c93b5b2573

SHA1
85ca89504958937c37646bdcb3bf478db9f1cdb9

SHA256
a986479ffb5aef638deddb3cfaf8dd306cc2f541f018f9ffd95289e9ffc68b3f

SHA512
eea7a81b4a076c5b09476cc1c84f012f94f1cb150095c1a109afb3270daa9406b9d051d8137a75e52986f2a56d4f5bb4172a4d3cf3efe233d1789837cffe4414

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\lib\cookie.js
MD5
c2e24ba6412b3cc0e29ced71846deed9

SHA1
c7fb3b80ec3050b53e14eb32001725bddf7adb3a

SHA256
1abae9de95f5c7fd912200db127dd25a5186ef757c56d05e632046776a412eb5

SHA512
c8cb9ccb1b056adb0c87d4b6392c78547df210aaee6cd0fe8e0835bfb0a8505ca01b411d7a21c1a75e2885d7ae58bc10b444fc6a804809f432e7fee1865186f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\lib\memstore.js
MD5
8375fca65218785c0dbebfc20bd50fa2

SHA1
507ed22a5208cad71c234fbe3750d1cbe0c2b80b

SHA256
279c134838e62cd0fa962467334a568332188079a8167b01744c2aa1f4bc06f2

SHA512
595e0e588bd12ec8a364975fe7cb6bca4bd7b1e9fc2231e98495204ed49ad25036ca383bcc72d4fc3d29e2efefc10da820f5552856c89883c3b5ce4dcd18fb47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\lib\pathMatch.js
MD5
8ef4b4a39dcaa8d84894d1a3b325565d

SHA1
3d403b8aad536db9e97eef4915eb01ef53405323

SHA256
1f07134d0b6d5f0dcdfd8be2b8aefc792ee8aa97c7204e81300a6950fc7fa24f

SHA512
759a08f6dfa17660892474cf6425788d8b35a1e6a20feb84b10ed04ee396942a85cc594d856446e7982c2b05d9dc835d7965d70ad03965b5a84f22734b36593a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\lib\permuteDomain.js
MD5
f45210a61831992857e540985cb4de17

SHA1
d028d9ac2af6241ebc40810eaa1c1d886d922451

SHA256
1265469f37c9cd695ea24717342684c89812c3a3a7181345a1f57d13841965e5

SHA512
9421e5e96939aa7b4b2aa05168d6a92bb8d2f17a82fe2b5f6dba657d01b6385440b2646542704c67c028aa409673049418cea1bc1ef2ee42bedf1dcb48bc3df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\lib\pubsuffix-psl.js
MD5
7c0d6e0ac48eb3cff5b516d139b850f4

SHA1
e6f44577dc69725e632107a5f710de480e178eac

SHA256
393965637a28f3ddb461409b34a1724c6ac48e97f2a387456aef58922a76ea4e

SHA512
ef7a2ac21587d93e98a39c0b82d63b42cbc6d6fb0bd7b65df2a757743f9bd1afbcf161a324c63877364d4fb16856e628546e80d3ea5fdc9250beb22ab596c750

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\lib\store.js
MD5
5a442a244ee5ff6740784d4e197339bd

SHA1
52af1a436ae6783907e59fcd6d3c97c3279f363a

SHA256
8f19685eb26680203b59528485626bf9c53bc31a865bd3f9874907eeb382b29e

SHA512
ee66225a425d4dd3a7d66faec473fdea06b013a3c75cc7eafd2c9af1e7f6dc2669a4b2f83bab161d79fabd5c4f8a522c97151f13ae055dfd10687a30bf49d494

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\lib\version.js
MD5
baa98c66e060961b36737e5accf536e0

SHA1
827b8135724e0b7ebda388d4f38e613744c99724

SHA256
1ba7730b2e132a94bd03cf6e1d86e83310d7e03c4db7280a17b0a381c112ac32

SHA512
84bdbd74affcc09e3e664ca184f604cccf3434abfe0c5f97e1b67666cf7c58bf4cfa384f5c9cfb7d25db8fdf00214a65a94cec56cbd94e75540816cc26564c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\node_modules\tough-cookie\package.json
MD5
b119555fa455b8f383ff59b06cd88904

SHA1
c5b3185392c9faf953d29c4d251e180ae846442e

SHA256
8c317399f7be46612be54413eb3aba558cd7e036bdea719aec83d53c94fe3507

SHA512
481ac71f21e9d081965cd78b94044b86cea09215f9c4bd7e07d640ec01bafd630b8e2f640993b8b8a5be6b083459e5349a519b156e527323cd4c2310d6023982

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\package.json
MD5
137b5f87e6fa904be7b07f2f4942d034

SHA1
21ffed1eff3f90b520726fec8c675b4f23d9262a

SHA256
46639a2ffe335fefc7f90163e528f27844aeace23eee5761d1d8baaf7800ca40

SHA512
05cfcf9a771df188faa0efd456df4812d7e9b67882c1942bd890d7e973fb8ea1cbda2ffef03c6fc8d39b84111d656264aedd342c419889c91588f25171d5a2f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nw4256_16631\settings.js
MD5
b1543e36f8614041ea18bc835e861401

SHA1
98e2d3a9a52a9a4f3b4cdd11c31975df3fb565c2

SHA256
77499c96d3c83ebc81db9a44f9a538945bb6704c0b8a274eabd2fcc0bd701ebc

SHA512
206bec9b1f1599bc32e9bda12ad362afd693524fab72251b8ddd7ac1737e3bd3e31b3d36c09708433848d9ffd8604bc4449bafab69cb2a447d1b52b3820a4757

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
MD5
ab87fe73a386f63c49d474cbc52b79c8

SHA1
b37f17af0e2fd108291953047458e69d84ec865c

SHA256
187047b6542cb613194f8e3c449d61978735fc28f952ee7b26532a47c697b3d6

SHA512
b4166d48c44918ce9a0526c5e8ce98fb2f3e2073b0172383f7dd79971f3fd45f6c981c60262719108d25341e530231f8f69f1de33d7edae631b809e2cc0e55c3

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
MD5
ab87fe73a386f63c49d474cbc52b79c8

SHA1
b37f17af0e2fd108291953047458e69d84ec865c

SHA256
187047b6542cb613194f8e3c449d61978735fc28f952ee7b26532a47c697b3d6

SHA512
b4166d48c44918ce9a0526c5e8ce98fb2f3e2073b0172383f7dd79971f3fd45f6c981c60262719108d25341e530231f8f69f1de33d7edae631b809e2cc0e55c3

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
MD5
ab87fe73a386f63c49d474cbc52b79c8

SHA1
b37f17af0e2fd108291953047458e69d84ec865c

SHA256
187047b6542cb613194f8e3c449d61978735fc28f952ee7b26532a47c697b3d6

SHA512
b4166d48c44918ce9a0526c5e8ce98fb2f3e2073b0172383f7dd79971f3fd45f6c981c60262719108d25341e530231f8f69f1de33d7edae631b809e2cc0e55c3

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
MD5
ab87fe73a386f63c49d474cbc52b79c8

SHA1
b37f17af0e2fd108291953047458e69d84ec865c

SHA256
187047b6542cb613194f8e3c449d61978735fc28f952ee7b26532a47c697b3d6

SHA512
b4166d48c44918ce9a0526c5e8ce98fb2f3e2073b0172383f7dd79971f3fd45f6c981c60262719108d25341e530231f8f69f1de33d7edae631b809e2cc0e55c3

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\BookLot.exe
MD5
ab87fe73a386f63c49d474cbc52b79c8

SHA1
b37f17af0e2fd108291953047458e69d84ec865c

SHA256
187047b6542cb613194f8e3c449d61978735fc28f952ee7b26532a47c697b3d6

SHA512
b4166d48c44918ce9a0526c5e8ce98fb2f3e2073b0172383f7dd79971f3fd45f6c981c60262719108d25341e530231f8f69f1de33d7edae631b809e2cc0e55c3

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\D3DCompiler_47.dll
MD5
16ce419ea09cf06a4da2f2834101b537

SHA1
3a2fff27a58100acdc3596c4f65402c07c71ede4

SHA256
53afc756cbe3d08549fbd1b28d7d9abb40fa03b0f646cd0a156cce808cdbe7a2

SHA512
d92fd638952e072f67ac95eaa9722a5f2cb03c403827a4a27e45c50fb32907051501c34a6525cca2fbb08ae0571ad31b19b03098f74bf436af2fd51f2b73887e

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\icudtl.dat
MD5
59e21005a68ed37eb7019091301b2c6c

SHA1
0161c874d50f245238b8683381b3c39ced4873f7

SHA256
75b9d0e6c2ce9d8f8abd53c7198f614ab77af4912b39cb9a0ff272a7c2093b95

SHA512
40241f90bf4ef435a0449acfdec416c8a86c9db9219a532b27ec7dc265d731809dd1932f97b8695d425b4597d5c9c08149ea8bff8324a4a27077e4ed60cd881e

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\locales\en-US.pak
MD5
04401732451f77ad1987f25c8d1361be

SHA1
270fb5000804cfde8cf84ce6a6e9000e157f7ff0

SHA256
bc1a09ef4a2d3cd3a8e1cb5f53a3084d4784dd08af9bb77b7db192b50a33dbc2

SHA512
b0e824208681dc6975286df88a33acc4e70a10880ceaefb78cb75e660e8b4f7cad5d31e5ad7d3afbd22f54ef8ee9e0cac0488166ff6ede0bfba51f7ec2b85d41

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\natives_blob.bin
MD5
ee8117cf109aa1e47599b6b6bbffc176

SHA1
5860d98d47084650ace3847b956686df01a32d14

SHA256
05620c1db015ddfbbc7dfe39afb14c250f20090a61d9aba8dcd55e6a1a649223

SHA512
49cecab0c2657e5c9811d90bc65bc8b9763bf51b033c27b6db159354911865729e62f47dcde8598c854d2d458296cddb0de76697687925892a94e9e45edd6730

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\node.dll
MD5
7ddc0a5c72a07307f64068a83c8c250d

SHA1
89ec1e9c61c8e568fbc4eb376519d302504624c3

SHA256
e61bba7993725279d8e0020b2bb3c2386a684057e4124784f78e696adeb21bcb

SHA512
337cda4fd6e78b4b21425028542061af0960b414ba86a6b9f84caa3b45975d367c50bd6a59281b19f81a7e15d794d3fd1e514cadece32ab7ab76b1f7d737f8bf

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\nw.dll
MD5
e0c896dcea1f6902297da1b6994823f2

SHA1
46028311abdbc27acffc01696fcfcdc54f256b04

SHA256
e1fcc4bab0cf1d31a3cdcfbd5cc841ff2ce2e60a73fab21b74f9a311f9a08491

SHA512
5bddb9f6a9af50de92b8946150814c3075e01786af6fdd516e9cb3b17d3e16798731acd879f75ab85d6542b07aed33e7a64eda926b3d822924e5368d50e00107

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\nw_100_percent.pak
MD5
032b5d5a86b3a7485dfb0e04e5267714

SHA1
018a6944cee946ea57b9860e3c4f686d3762544e

SHA256
e768e532a867066e90df8fcd1db7d4f94f1fd0585e8cae87205c46062cb68d66

SHA512
0f718e665dab13797bd57cb6d2a636204074e5a5ca12bb6b12d203b9f277099f8c475e1db344e371518c76d56f86d2dbf9eaad2705d5d49bc0570e88121dd39c

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\nw_200_percent.pak
MD5
4d35e77150b45dfc89356a2c73462612

SHA1
952ce0fae80cf131a2fa23f6c0349849b12dd6bb

SHA256
53dab7f756ed37e4ab8b7c280b5c5d517edc6820d35478a285d32a31ca1b34a4

SHA512
0ad4d40f21f34c82ad1f67067420ad49b58e63e291776a93796b97323b895b0ff1054883c4b24cc42d4456db2c32ec2358d77de57cf21ad4828bcbd4f97a876e

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\nw_elf.dll
MD5
9c73c5e60cc4df891f7988126dea06d3

SHA1
daebadd2c69e32ef64060e736efd81a69ca2f132

SHA256
dfc9f22c1cbca7de9422d794ff6c3107ea9161eb11d3756e34b6108d5c994892

SHA512
0b17283ec4e4101036a915cefab930710e95e79f8bb9bc184b40c90ddd801fc09d3cfe7b9570570ca0f6c494bb02c81fbebdd0850c111b1cd6b90cfd51d25d13

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\resources.pak
MD5
5d3fa0a9a55681de1026c0bae589dd74

SHA1
a404f7598a26302b933783ad665092a712519dc6

SHA256
dbf6c9ca5fb13ab009da8b233891c3606cd344961c1c5af374c43476c0758dec

SHA512
a5acd110be6bbe58101ff1736ad227c6efe3113045b3eb8198be699e5b3cbce637644ed88f6381defcd64ff1327d60e889ec925096d937c3f11b4811496e3663

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\swiftshader\libegl.dll
MD5
1c85ae3c2cd01a0fa35306e4a79ab09d

SHA1
a23d819ba4805a47bfa1774f8e1c0f3b78ba7347

SHA256
e73aee1df92cc5ed40f38097310f98c58c41e729c05fe554877b42b620c7d658

SHA512
983a039d324aa442fc90e0f5bf2c5056370cb700b780d5a2c1c6058edd370a48f44354c6b755ab9486f6fdbae1b4bc743f48f01eaef1a83775c4db8c5099faff

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\swiftshader\libglesv2.dll
MD5
dc0a1c2539d26524aadf8aa8937cef0b

SHA1
831ddc55343284fcbfc46915224beacb18aa419d

SHA256
6c3f9d4062a383983716c6956dee35c6832e6c7d5de82d60220d3bf6beb74a56

SHA512
a39ae1f34f73545a14b5ee8acb0bc99eefe093de7264932da669a24eeace1593033510a6b62fa4450903abd7d01efc368221b8744da079a16a43d7ead2e45d9d

Download Submit
C:\Users\Admin\AppData\Roaming\BookLot\v8_context_snapshot.bin
MD5
edc01d3db74ca95705aaf11cee734c71

SHA1
318aa7196dc4d7954afd5e353cf4e9a9854f89c7

SHA256
6dd5f4d2ff9389f939991d7fe9a14f68a89249712df9fa23613849678c05bd83

SHA512
85ac8fd58d5243231c78561c0859fb1847d8aec580648f426d4411a56782427185b46a2f24004c4133a6cd91eb94dd8538053d043e4859b77505168f32e92d05

Download Submit
\??\pipe\crashpad_4256_VEMGYFAAJHQEMOWL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1D72.tmp\System.dll
MD5
5ccde6cbe28a74c393f2b7b6f5cc7458

SHA1
f49a9731b0c94418430c2d82970164b21acb4bfd

SHA256
2c2db6b7ca5781a34c30c42c18ec1ece1284b8d500fd0251fa383fd7b1eeb6e0

SHA512
f2a24ec74409f006c9c99ea5ebe7e33de6ae8f49d8f90b05d1f56de9c0ae17a31b3217a71ccf2dc33ebb4305db19cad2e296f32f12273cd9bcbb2603d536100c

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1D72.tmp\System.dll
MD5
5ccde6cbe28a74c393f2b7b6f5cc7458

SHA1
f49a9731b0c94418430c2d82970164b21acb4bfd

SHA256
2c2db6b7ca5781a34c30c42c18ec1ece1284b8d500fd0251fa383fd7b1eeb6e0

SHA512
f2a24ec74409f006c9c99ea5ebe7e33de6ae8f49d8f90b05d1f56de9c0ae17a31b3217a71ccf2dc33ebb4305db19cad2e296f32f12273cd9bcbb2603d536100c

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1D72.tmp\inetc.dll
MD5
1fc1fbb2c7a14b7901fc9abbd6dbef10

SHA1
4d9ed86f31075a3d3f674ff78f39c190a4098126

SHA256
4f26394c93f1acb315c42c351983dafc7f094b2d05db6d7a1ba7dcb39a3a599e

SHA512
76d8ff7fc301cc5ff966ad8be17f0f3f2d869ef797c5a2c55a062305c02133a842906448741bf9818ec369bbb2932b9a9c2193ebc59835b50e8703db0090fdb2

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1D72.tmp\inetc.dll
MD5
1fc1fbb2c7a14b7901fc9abbd6dbef10

SHA1
4d9ed86f31075a3d3f674ff78f39c190a4098126

SHA256
4f26394c93f1acb315c42c351983dafc7f094b2d05db6d7a1ba7dcb39a3a599e

SHA512
76d8ff7fc301cc5ff966ad8be17f0f3f2d869ef797c5a2c55a062305c02133a842906448741bf9818ec369bbb2932b9a9c2193ebc59835b50e8703db0090fdb2

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1D72.tmp\nsDialogs.dll
MD5
635e0750d89a69fcfca2efae8b65c0f2

SHA1
f36a7c3341eb9fa2669068851b2bb254cd92fa1d

SHA256
7f7af08e55e792805930c9090147085a047fbd8fd820ba72df3783b8fdf26f87

SHA512
7fcae19c3bc49f2fcbf38790ead11e19e323530596c307a48cdd62772138f16686da2c6fe4c6552929db5f627c69467580cc2e36d80f7b40ec20af04485fa501

Download Submit
\Users\Admin\AppData\Roaming\BookLot\d3dcompiler_47.dll
MD5
16ce419ea09cf06a4da2f2834101b537

SHA1
3a2fff27a58100acdc3596c4f65402c07c71ede4

SHA256
53afc756cbe3d08549fbd1b28d7d9abb40fa03b0f646cd0a156cce808cdbe7a2

SHA512
d92fd638952e072f67ac95eaa9722a5f2cb03c403827a4a27e45c50fb32907051501c34a6525cca2fbb08ae0571ad31b19b03098f74bf436af2fd51f2b73887e

Download Submit
\Users\Admin\AppData\Roaming\BookLot\node.dll
MD5
7ddc0a5c72a07307f64068a83c8c250d

SHA1
89ec1e9c61c8e568fbc4eb376519d302504624c3

SHA256
e61bba7993725279d8e0020b2bb3c2386a684057e4124784f78e696adeb21bcb

SHA512
337cda4fd6e78b4b21425028542061af0960b414ba86a6b9f84caa3b45975d367c50bd6a59281b19f81a7e15d794d3fd1e514cadece32ab7ab76b1f7d737f8bf

Download Submit
\Users\Admin\AppData\Roaming\BookLot\nw.dll
MD5
e0c896dcea1f6902297da1b6994823f2

SHA1
46028311abdbc27acffc01696fcfcdc54f256b04

SHA256
e1fcc4bab0cf1d31a3cdcfbd5cc841ff2ce2e60a73fab21b74f9a311f9a08491

SHA512
5bddb9f6a9af50de92b8946150814c3075e01786af6fdd516e9cb3b17d3e16798731acd879f75ab85d6542b07aed33e7a64eda926b3d822924e5368d50e00107

Download Submit
\Users\Admin\AppData\Roaming\BookLot\nw.dll
MD5
e0c896dcea1f6902297da1b6994823f2

SHA1
46028311abdbc27acffc01696fcfcdc54f256b04

SHA256
e1fcc4bab0cf1d31a3cdcfbd5cc841ff2ce2e60a73fab21b74f9a311f9a08491

SHA512
5bddb9f6a9af50de92b8946150814c3075e01786af6fdd516e9cb3b17d3e16798731acd879f75ab85d6542b07aed33e7a64eda926b3d822924e5368d50e00107

Download Submit
\Users\Admin\AppData\Roaming\BookLot\nw.dll
MD5
e0c896dcea1f6902297da1b6994823f2

SHA1
46028311abdbc27acffc01696fcfcdc54f256b04

SHA256
e1fcc4bab0cf1d31a3cdcfbd5cc841ff2ce2e60a73fab21b74f9a311f9a08491

SHA512
5bddb9f6a9af50de92b8946150814c3075e01786af6fdd516e9cb3b17d3e16798731acd879f75ab85d6542b07aed33e7a64eda926b3d822924e5368d50e00107

Download Submit
\Users\Admin\AppData\Roaming\BookLot\nw_elf.dll
MD5
9c73c5e60cc4df891f7988126dea06d3

SHA1
daebadd2c69e32ef64060e736efd81a69ca2f132

SHA256
dfc9f22c1cbca7de9422d794ff6c3107ea9161eb11d3756e34b6108d5c994892

SHA512
0b17283ec4e4101036a915cefab930710e95e79f8bb9bc184b40c90ddd801fc09d3cfe7b9570570ca0f6c494bb02c81fbebdd0850c111b1cd6b90cfd51d25d13

Download Submit
\Users\Admin\AppData\Roaming\BookLot\nw_elf.dll
MD5
9c73c5e60cc4df891f7988126dea06d3

SHA1
daebadd2c69e32ef64060e736efd81a69ca2f132

SHA256
dfc9f22c1cbca7de9422d794ff6c3107ea9161eb11d3756e34b6108d5c994892

SHA512
0b17283ec4e4101036a915cefab930710e95e79f8bb9bc184b40c90ddd801fc09d3cfe7b9570570ca0f6c494bb02c81fbebdd0850c111b1cd6b90cfd51d25d13

Download Submit
\Users\Admin\AppData\Roaming\BookLot\nw_elf.dll
MD5
9c73c5e60cc4df891f7988126dea06d3

SHA1
daebadd2c69e32ef64060e736efd81a69ca2f132

SHA256
dfc9f22c1cbca7de9422d794ff6c3107ea9161eb11d3756e34b6108d5c994892

SHA512
0b17283ec4e4101036a915cefab930710e95e79f8bb9bc184b40c90ddd801fc09d3cfe7b9570570ca0f6c494bb02c81fbebdd0850c111b1cd6b90cfd51d25d13

Download Submit
\Users\Admin\AppData\Roaming\BookLot\nw_elf.dll
MD5
9c73c5e60cc4df891f7988126dea06d3

SHA1
daebadd2c69e32ef64060e736efd81a69ca2f132

SHA256
dfc9f22c1cbca7de9422d794ff6c3107ea9161eb11d3756e34b6108d5c994892

SHA512
0b17283ec4e4101036a915cefab930710e95e79f8bb9bc184b40c90ddd801fc09d3cfe7b9570570ca0f6c494bb02c81fbebdd0850c111b1cd6b90cfd51d25d13

Download Submit
\Users\Admin\AppData\Roaming\BookLot\swiftshader\libEGL.dll
MD5
1c85ae3c2cd01a0fa35306e4a79ab09d

SHA1
a23d819ba4805a47bfa1774f8e1c0f3b78ba7347

SHA256
e73aee1df92cc5ed40f38097310f98c58c41e729c05fe554877b42b620c7d658

SHA512
983a039d324aa442fc90e0f5bf2c5056370cb700b780d5a2c1c6058edd370a48f44354c6b755ab9486f6fdbae1b4bc743f48f01eaef1a83775c4db8c5099faff

Download Submit
\Users\Admin\AppData\Roaming\BookLot\swiftshader\libGLESv2.dll
MD5
dc0a1c2539d26524aadf8aa8937cef0b

SHA1
831ddc55343284fcbfc46915224beacb18aa419d

SHA256
6c3f9d4062a383983716c6956dee35c6832e6c7d5de82d60220d3bf6beb74a56

SHA512
a39ae1f34f73545a14b5ee8acb0bc99eefe093de7264932da669a24eeace1593033510a6b62fa4450903abd7d01efc368221b8744da079a16a43d7ead2e45d9d

Download Submit
memory/504-133-0x0000000000000000-mapping.dmp

Download
memory/648-216-0x0000000000000000-mapping.dmp

Download
memory/1020-118-0x0000000000000000-mapping.dmp

Download
memory/1832-208-0x0000000000000000-mapping.dmp

Download
memory/2108-156-0x0000000000000000-mapping.dmp

Download
memory/2184-203-0x0000000000000000-mapping.dmp

Download
memory/2272-219-0x0000000000000000-mapping.dmp

Download
memory/3152-147-0x0000000000000000-mapping.dmp

Download
memory/4012-120-0x0000000000000000-mapping.dmp

Download
memory/4108-211-0x0000000000000000-mapping.dmp

Download
memory/4132-119-0x0000000000000000-mapping.dmp

Download
memory/4188-123-0x0000000000000000-mapping.dmp

Download
memory/4256-125-0x0000000000000000-mapping.dmp

Download
memory/4464-117-0x0000000002B71000-0x0000000002B73000-memory.dmp

Filesize
8KB

Download
memory/4472-202-0x0000000000000000-mapping.dmp

Download
memory/4876-204-0x0000000000000000-mapping.dmp

Download
memory/4908-205-0x0000000000000000-mapping.dmp

Download
memory/5048-206-0x0000000000000000-mapping.dmp

Download
memory/5116-207-0x0000000000000000-mapping.dmp

Download