Analysis
-
max time kernel
300s -
max time network
306s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
24-09-2022 18:37
General
-
Target
BotClient-win-x64.exe
-
Size
80.8MB
-
MD5
4137605ce658443571c3675003dbb118
-
SHA1
cdd748f6a069050c012ac7fa16477329adfbd95e
-
SHA256
bb8bbf8bf681396e89f3a519422927def07fcf79e9a3080710932d2385fb2107
-
SHA512
1809f1079820b361e0a32b7f46ad583c5cb4b72421b9a437619bdd852b81a41bc2bb06478e2b9692fd10dd9129f1a1e5fe3730aa6cf6bea7f8501a226b72ac49
-
SSDEEP
1572864:0MMMIbVMR3m+rtLi099hwpZVDO3Aax4eGh/1thIY8uH2bD/T+0IuE4kiYQevZwD3:0M/IKFprskIO3/x50/18uH2f6IkiYQeK
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 18 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 58 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 24 IoCs
-
Suspicious use of WriteProcessMemory 53 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\BotClient-win-x64.exe"C:\Users\Admin\AppData\Local\Temp\BotClient-win-x64.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BotClient.exe" | %SYSTEMROOT%\System32\find.exe "BotClient.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BotClient.exe"3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\find.exeC:\Windows\System32\find.exe "BotClient.exe"3⤵
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe"C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe"1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe"C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BotClient" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1680,i,9107068616747674024,15132495410149844870,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe"C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BotClient" --mojo-platform-channel-handle=1980 --field-trial-handle=1680,i,9107068616747674024,15132495410149844870,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe"C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BotClient" --app-path="C:\Users\Admin\AppData\Local\Programs\botclient\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1680,i,9107068616747674024,15132495410149844870,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe"C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\BotClient" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1680,i,9107068616747674024,15132495410149844870,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\00ad454dc1984c3589663a2dae192900 /t 3652 /p 36081⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x538 0x52c1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exeFilesize
139.8MB
MD5c3becb215dc2c4819b9f72f1c1e6dc3f
SHA1243fc99c65ea1c493928f2850574e6b35b773b09
SHA25691821ce8b8bc888b579f7abc4d40aa823b65c4c69d5d2a0cbf6920bbe1bb2b22
SHA512cf84983949848391d11c83942f3daf983635fea506c5bdc333d7d2b9b9db9999d0475022014fac7b95c6584c394356baf41ee32b85967ad970d52687aab18a3a
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exeFilesize
139.8MB
MD5c3becb215dc2c4819b9f72f1c1e6dc3f
SHA1243fc99c65ea1c493928f2850574e6b35b773b09
SHA25691821ce8b8bc888b579f7abc4d40aa823b65c4c69d5d2a0cbf6920bbe1bb2b22
SHA512cf84983949848391d11c83942f3daf983635fea506c5bdc333d7d2b9b9db9999d0475022014fac7b95c6584c394356baf41ee32b85967ad970d52687aab18a3a
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exeFilesize
139.8MB
MD5c3becb215dc2c4819b9f72f1c1e6dc3f
SHA1243fc99c65ea1c493928f2850574e6b35b773b09
SHA25691821ce8b8bc888b579f7abc4d40aa823b65c4c69d5d2a0cbf6920bbe1bb2b22
SHA512cf84983949848391d11c83942f3daf983635fea506c5bdc333d7d2b9b9db9999d0475022014fac7b95c6584c394356baf41ee32b85967ad970d52687aab18a3a
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exeFilesize
139.8MB
MD5c3becb215dc2c4819b9f72f1c1e6dc3f
SHA1243fc99c65ea1c493928f2850574e6b35b773b09
SHA25691821ce8b8bc888b579f7abc4d40aa823b65c4c69d5d2a0cbf6920bbe1bb2b22
SHA512cf84983949848391d11c83942f3daf983635fea506c5bdc333d7d2b9b9db9999d0475022014fac7b95c6584c394356baf41ee32b85967ad970d52687aab18a3a
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exeFilesize
139.8MB
MD5c3becb215dc2c4819b9f72f1c1e6dc3f
SHA1243fc99c65ea1c493928f2850574e6b35b773b09
SHA25691821ce8b8bc888b579f7abc4d40aa823b65c4c69d5d2a0cbf6920bbe1bb2b22
SHA512cf84983949848391d11c83942f3daf983635fea506c5bdc333d7d2b9b9db9999d0475022014fac7b95c6584c394356baf41ee32b85967ad970d52687aab18a3a
-
C:\Users\Admin\AppData\Local\Programs\botclient\BotClient.exeFilesize
139.8MB
MD5c3becb215dc2c4819b9f72f1c1e6dc3f
SHA1243fc99c65ea1c493928f2850574e6b35b773b09
SHA25691821ce8b8bc888b579f7abc4d40aa823b65c4c69d5d2a0cbf6920bbe1bb2b22
SHA512cf84983949848391d11c83942f3daf983635fea506c5bdc333d7d2b9b9db9999d0475022014fac7b95c6584c394356baf41ee32b85967ad970d52687aab18a3a
-
C:\Users\Admin\AppData\Local\Programs\botclient\D3DCompiler_47.dllFilesize
4.3MB
MD57641e39b7da4077084d2afe7c31032e0
SHA12256644f69435ff2fee76deb04d918083960d1eb
SHA25644422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA5128010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
C:\Users\Admin\AppData\Local\Programs\botclient\chrome_100_percent.pakFilesize
145KB
MD5237ca1be894f5e09fd1ccb934229c33b
SHA1f0dfcf6db1481315054efb690df282ffe53e9fa1
SHA256f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2
SHA5121e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca
-
C:\Users\Admin\AppData\Local\Programs\botclient\chrome_200_percent.pakFilesize
214KB
MD57059af03603f93898f66981feb737064
SHA1668e41a728d2295a455e5e0f0a8d2fee1781c538
SHA25604d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6
SHA512435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544
-
C:\Users\Admin\AppData\Local\Programs\botclient\d3dcompiler_47.dllFilesize
4.3MB
MD57641e39b7da4077084d2afe7c31032e0
SHA12256644f69435ff2fee76deb04d918083960d1eb
SHA25644422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA5128010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
C:\Users\Admin\AppData\Local\Programs\botclient\ffmpeg.dllFilesize
2.6MB
MD5fbc8f21d7d85e4fb1b12fff8f23e9ff8
SHA116dd59a1bf8eb9814fe1c70720be4fb9f1d5d5d1
SHA256f97c53d4606466e84a1ab1a59ff873bc2b24e2682130cb6a7dd7096d1637d670
SHA51251597d8d86f44b316dd6d58e456ec4f8780494c3657f501ee6d0574f2847eba269be579e9c2a6af102b22980432ba809b9383a3ef970baf5b3a92784a14ba6af
-
C:\Users\Admin\AppData\Local\Programs\botclient\ffmpeg.dllFilesize
2.6MB
MD5fbc8f21d7d85e4fb1b12fff8f23e9ff8
SHA116dd59a1bf8eb9814fe1c70720be4fb9f1d5d5d1
SHA256f97c53d4606466e84a1ab1a59ff873bc2b24e2682130cb6a7dd7096d1637d670
SHA51251597d8d86f44b316dd6d58e456ec4f8780494c3657f501ee6d0574f2847eba269be579e9c2a6af102b22980432ba809b9383a3ef970baf5b3a92784a14ba6af
-
C:\Users\Admin\AppData\Local\Programs\botclient\ffmpeg.dllFilesize
2.6MB
MD5fbc8f21d7d85e4fb1b12fff8f23e9ff8
SHA116dd59a1bf8eb9814fe1c70720be4fb9f1d5d5d1
SHA256f97c53d4606466e84a1ab1a59ff873bc2b24e2682130cb6a7dd7096d1637d670
SHA51251597d8d86f44b316dd6d58e456ec4f8780494c3657f501ee6d0574f2847eba269be579e9c2a6af102b22980432ba809b9383a3ef970baf5b3a92784a14ba6af
-
C:\Users\Admin\AppData\Local\Programs\botclient\ffmpeg.dllFilesize
2.6MB
MD5fbc8f21d7d85e4fb1b12fff8f23e9ff8
SHA116dd59a1bf8eb9814fe1c70720be4fb9f1d5d5d1
SHA256f97c53d4606466e84a1ab1a59ff873bc2b24e2682130cb6a7dd7096d1637d670
SHA51251597d8d86f44b316dd6d58e456ec4f8780494c3657f501ee6d0574f2847eba269be579e9c2a6af102b22980432ba809b9383a3ef970baf5b3a92784a14ba6af
-
C:\Users\Admin\AppData\Local\Programs\botclient\ffmpeg.dllFilesize
2.6MB
MD5fbc8f21d7d85e4fb1b12fff8f23e9ff8
SHA116dd59a1bf8eb9814fe1c70720be4fb9f1d5d5d1
SHA256f97c53d4606466e84a1ab1a59ff873bc2b24e2682130cb6a7dd7096d1637d670
SHA51251597d8d86f44b316dd6d58e456ec4f8780494c3657f501ee6d0574f2847eba269be579e9c2a6af102b22980432ba809b9383a3ef970baf5b3a92784a14ba6af
-
C:\Users\Admin\AppData\Local\Programs\botclient\ffmpeg.dllFilesize
2.6MB
MD5fbc8f21d7d85e4fb1b12fff8f23e9ff8
SHA116dd59a1bf8eb9814fe1c70720be4fb9f1d5d5d1
SHA256f97c53d4606466e84a1ab1a59ff873bc2b24e2682130cb6a7dd7096d1637d670
SHA51251597d8d86f44b316dd6d58e456ec4f8780494c3657f501ee6d0574f2847eba269be579e9c2a6af102b22980432ba809b9383a3ef970baf5b3a92784a14ba6af
-
C:\Users\Admin\AppData\Local\Programs\botclient\icudtl.datFilesize
9.8MB
MD5d866d68e4a3eae8cdbfd5fc7a9967d20
SHA142a5033597e4be36ccfa16d19890049ba0e25a56
SHA256c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d
SHA5124cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97
-
C:\Users\Admin\AppData\Local\Programs\botclient\libEGL.dllFilesize
437KB
MD550d01a8a83dc0fb8e3c4239391b2578e
SHA19acc3f657b11f7e4e41b26e8d705fbc69c372345
SHA256663c3ec6cdf99fc7c2bcc716187066b15226a71f2db4781ee18e3dd4779cd856
SHA512cc17801ea10ca6bdfdfa395f07528c918bfa2790ecfb4cde3f330d78cf1708d7daa93657d204775c904c194ae957b2f64c70a529286fa2c5632f889d76760201
-
C:\Users\Admin\AppData\Local\Programs\botclient\libGLESv2.dllFilesize
6.7MB
MD53935e595886350d2f61e5ecf958c5fc9
SHA132673de296b75c910627df9614751481649ba275
SHA2569c70bfcde3f0cf312b1fea1165355f094955b44d54fe30fd3126924f905b8067
SHA51221394ecffcdd91f515785b40f365525028b9d684c2de1e7df9fbc8cd055c6845a8c8d0db746e0b27d75a3b54afaa35388cabb1b633498c4d519321df544f762c
-
C:\Users\Admin\AppData\Local\Programs\botclient\libegl.dllFilesize
437KB
MD550d01a8a83dc0fb8e3c4239391b2578e
SHA19acc3f657b11f7e4e41b26e8d705fbc69c372345
SHA256663c3ec6cdf99fc7c2bcc716187066b15226a71f2db4781ee18e3dd4779cd856
SHA512cc17801ea10ca6bdfdfa395f07528c918bfa2790ecfb4cde3f330d78cf1708d7daa93657d204775c904c194ae957b2f64c70a529286fa2c5632f889d76760201
-
C:\Users\Admin\AppData\Local\Programs\botclient\libglesv2.dllFilesize
6.7MB
MD53935e595886350d2f61e5ecf958c5fc9
SHA132673de296b75c910627df9614751481649ba275
SHA2569c70bfcde3f0cf312b1fea1165355f094955b44d54fe30fd3126924f905b8067
SHA51221394ecffcdd91f515785b40f365525028b9d684c2de1e7df9fbc8cd055c6845a8c8d0db746e0b27d75a3b54afaa35388cabb1b633498c4d519321df544f762c
-
C:\Users\Admin\AppData\Local\Programs\botclient\locales\en-US.pakFilesize
108KB
MD56d5ce3664ee32a08c53ea6067c080aaf
SHA1087bb6859b10ef45a183cd6101b01d5eb64858b7
SHA25666f31b9647607326c67fed2316da92c343cf9770bbb9f8398cea3d39cd333983
SHA512803fd5bafdfb5fc242632c34541a78d8fc61da931f347eb31f3db320abd224226bcc6c006d1853e5b4d9e9b748dd18ee678b19959cacc8c04c071b612521ab01
-
C:\Users\Admin\AppData\Local\Programs\botclient\resources.pakFilesize
4.9MB
MD5df15387bf046715cc592a690da33e4b1
SHA1ad93b08dff82cbd894f6a0a9733c70d7e564113d
SHA25611d0f55c105883d203137a87a610ba793299dc4774fd6d8b3a86666a2c337041
SHA51271244553d7b1b559fcaaa059622c340d22148bd5324fa3f6730d37322025dbfe5e853948b49b91db6022a25bca4ddbab8fe6ee1522a461963dfba04a7c93d69a
-
C:\Users\Admin\AppData\Local\Programs\botclient\resources\app-update.ymlFilesize
89B
MD5d8a520b57be671cb7a5d8c068df9b5ac
SHA11898a826eac19d51777981f264e474450e450445
SHA2562b6737ffa32e414c2786a4a365faf78fdcbe171f16f4f297de013402dec263bb
SHA5120383a458abbe62f3bfb90987880b65e654253cff21294773f3d97e09aab2e79f3470eb5c38ab76210279556cb6e7c43e24dfa179d27f9e464362eed1a57a9b02
-
C:\Users\Admin\AppData\Local\Programs\botclient\resources\app.asarFilesize
142.3MB
MD5f6e575378183119ebecdf2d1b3837608
SHA15526e522571702b60b81505f008719c1da63f025
SHA256662faea7bb7e8726455181535e28956f15b3b35944817ce4717c1aca7eb11b4c
SHA5126310783800b219b3b0c7ebedaf7d4b023d2edd3aab626b8c52b1e70989af5e05d66aae186048af2220d908cf79f92adbbb65f18eaea49422823c6d8614201c7e
-
C:\Users\Admin\AppData\Local\Programs\botclient\v8_context_snapshot.binFilesize
709KB
MD5f333dbd74b6be6cda19aefa072cf2832
SHA11fd531a6527ec8dfe8be95d680708fa6da4e34fc
SHA2568dd6bca15341931ad1b48d82bd672fc0307be98ddb87ff9b2f22976cc105710d
SHA512dc434618f3fe5e2cf09c634b1a868ca46f0cc29363badc576fba7096884778ccf758ba739838358e5b7f7c28e1a59bc19d1b8a7f50c23bdea8933b02d087e0eb
-
C:\Users\Admin\AppData\Local\Programs\botclient\vk_swiftshader.dllFilesize
4.4MB
MD5cd8346623b3690eea4c4c76810042940
SHA14495c4e83c7c62e4a68151d3603e218a6c6d3be9
SHA2569221c6b812399f5c2e575dd76a0d55c8fbe2a78a9dc56caf74d2e7ce80cee123
SHA5129a404c678ab8be9a2f06979b8cc737459c41e474f5b78b41708e5988970c0bf92a9d739e14c4d96d5d1d72877f9ec36b005ffae2dcc0a4da352b2e41956bdabe
-
C:\Users\Admin\AppData\Local\Programs\botclient\vk_swiftshader.dllFilesize
4.4MB
MD5cd8346623b3690eea4c4c76810042940
SHA14495c4e83c7c62e4a68151d3603e218a6c6d3be9
SHA2569221c6b812399f5c2e575dd76a0d55c8fbe2a78a9dc56caf74d2e7ce80cee123
SHA5129a404c678ab8be9a2f06979b8cc737459c41e474f5b78b41708e5988970c0bf92a9d739e14c4d96d5d1d72877f9ec36b005ffae2dcc0a4da352b2e41956bdabe
-
C:\Users\Admin\AppData\Local\Programs\botclient\vk_swiftshader.dllFilesize
4.4MB
MD5cd8346623b3690eea4c4c76810042940
SHA14495c4e83c7c62e4a68151d3603e218a6c6d3be9
SHA2569221c6b812399f5c2e575dd76a0d55c8fbe2a78a9dc56caf74d2e7ce80cee123
SHA5129a404c678ab8be9a2f06979b8cc737459c41e474f5b78b41708e5988970c0bf92a9d739e14c4d96d5d1d72877f9ec36b005ffae2dcc0a4da352b2e41956bdabe
-
C:\Users\Admin\AppData\Local\Programs\botclient\vk_swiftshader_icd.jsonFilesize
106B
MD58642dd3a87e2de6e991fae08458e302b
SHA19c06735c31cec00600fd763a92f8112d085bd12a
SHA25632d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
-
C:\Users\Admin\AppData\Local\Programs\botclient\vulkan-1.dllFilesize
830KB
MD58c070007dac99a538dae78c18bdd6223
SHA17b962e75a4b22c047cd41aa8eabdad4fbf54f372
SHA2560de75831b951bf1eb6f3e5539ce6a0a06bc4aed7243420d65f13d99d05695fd0
SHA5129d4c372118e1b517eace94bdb0941d7a2c3bf4aeaba08c4333f09caec1c52485d5eaad9e5951f562df7c5c760bdff0991b78656a94b58165c7dbae115118d7ef
-
C:\Users\Admin\AppData\Local\Programs\botclient\vulkan-1.dllFilesize
830KB
MD58c070007dac99a538dae78c18bdd6223
SHA17b962e75a4b22c047cd41aa8eabdad4fbf54f372
SHA2560de75831b951bf1eb6f3e5539ce6a0a06bc4aed7243420d65f13d99d05695fd0
SHA5129d4c372118e1b517eace94bdb0941d7a2c3bf4aeaba08c4333f09caec1c52485d5eaad9e5951f562df7c5c760bdff0991b78656a94b58165c7dbae115118d7ef
-
C:\Users\Admin\AppData\Local\Temp\nsbA59C.tmp\SpiderBanner.dllFilesize
9KB
MD517309e33b596ba3a5693b4d3e85cf8d7
SHA17d361836cf53df42021c7f2b148aec9458818c01
SHA256996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA5121abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
C:\Users\Admin\AppData\Local\Temp\nsbA59C.tmp\StdUtils.dllFilesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
C:\Users\Admin\AppData\Local\Temp\nsbA59C.tmp\System.dllFilesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
C:\Users\Admin\AppData\Local\Temp\nsbA59C.tmp\WinShell.dllFilesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
C:\Users\Admin\AppData\Local\Temp\nsbA59C.tmp\WinShell.dllFilesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
C:\Users\Admin\AppData\Local\Temp\nsbA59C.tmp\nsExec.dllFilesize
6KB
MD5ec0504e6b8a11d5aad43b296beeb84b2
SHA191b5ce085130c8c7194d66b2439ec9e1c206497c
SHA2565d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA5123f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
C:\Users\Admin\AppData\Local\Temp\nsbA59C.tmp\nsis7z.dllFilesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
memory/1564-137-0x0000000000000000-mapping.dmp
-
memory/1656-153-0x0000000000000000-mapping.dmp
-
memory/1972-138-0x0000000000000000-mapping.dmp
-
memory/2052-183-0x000002A18E7B0000-0x000002A18E7D0000-memory.dmpFilesize
128KB
-
memory/2052-197-0x000002A191006000-0x000002A191009000-memory.dmpFilesize
12KB
-
memory/2052-185-0x000002A18F220000-0x000002A18F240000-memory.dmpFilesize
128KB
-
memory/2052-191-0x000002A191002000-0x000002A191006000-memory.dmpFilesize
16KB
-
memory/2052-192-0x000002A191002000-0x000002A191006000-memory.dmpFilesize
16KB
-
memory/2052-194-0x000002A191002000-0x000002A191006000-memory.dmpFilesize
16KB
-
memory/2052-200-0x000002A191006000-0x000002A191009000-memory.dmpFilesize
12KB
-
memory/2052-198-0x000002A191006000-0x000002A191009000-memory.dmpFilesize
12KB
-
memory/2052-199-0x000002A191006000-0x000002A191009000-memory.dmpFilesize
12KB
-
memory/2052-182-0x000002A18EA68000-0x000002A18EA70000-memory.dmpFilesize
32KB
-
memory/2052-195-0x000002A191002000-0x000002A191006000-memory.dmpFilesize
16KB
-
memory/2052-193-0x000002A191002000-0x000002A191006000-memory.dmpFilesize
16KB
-
memory/2052-207-0x000002A191050000-0x000002A191053000-memory.dmpFilesize
12KB
-
memory/2052-206-0x000002A191050000-0x000002A191053000-memory.dmpFilesize
12KB
-
memory/2052-205-0x000002A191050000-0x000002A191053000-memory.dmpFilesize
12KB
-
memory/3680-156-0x0000000000000000-mapping.dmp
-
memory/4584-209-0x0000000000000000-mapping.dmp
-
memory/4772-136-0x0000000000000000-mapping.dmp
-
memory/4872-160-0x0000000000000000-mapping.dmp