3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac

Resubmissions

15-09-2024 19:09

240915-xttvcsyfrk 10

15-09-2024 19:00

240915-xnw3jaydpq 10

14-11-2022 18:39

221114-xavybach56 10

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2022 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WindowsBootManager.exe
Size

60.6MB
MD5

eb86fd461746ebda6b026b9d5154f821
SHA1

80b924a49aba14ceaf8db4b3c033c18d030f7fe0
SHA256

3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac
SHA512

0418d5300bcd28e67723cd72c3dc0198b972dc722e19f6534d5ac3e18ba8dcfba04c2480e7f0fa9e21f0bad310891d1f6951826b4dcc0d4d21593a76dcdd1996
SSDEEP

1572864:OtvePCPUV3Yqj8Eu/cr+dzc166A2I2vokH4N7:OlaCcV9jiUr+1mgpN7

Score

8^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3056	WindowsBootManager.exe
920	WindowsBootManager.exe
932	WindowsBootManager.exe
1380	WindowsBootManager.exe
4984	WindowsBootManager.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	WindowsBootManager.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	WindowsBootManager.exe

Loads dropped DLL 16 IoCs

pid	Process
4328	WindowsBootManager.exe
4328	WindowsBootManager.exe
4328	WindowsBootManager.exe
3056	WindowsBootManager.exe
3056	WindowsBootManager.exe
920	WindowsBootManager.exe
932	WindowsBootManager.exe
920	WindowsBootManager.exe
920	WindowsBootManager.exe
920	WindowsBootManager.exe
920	WindowsBootManager.exe
920	WindowsBootManager.exe
1380	WindowsBootManager.exe
3056	WindowsBootManager.exe
4984	WindowsBootManager.exe
4984	WindowsBootManager.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
19	ipinfo.io
20	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2548	816	WerFault.exe	43

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4984	WindowsBootManager.exe
4984	WindowsBootManager.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4328	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe
Token: SeCreatePagefilePrivilege	3056	WindowsBootManager.exe
Token: SeShutdownPrivilege	3056	WindowsBootManager.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 3056	4328	WindowsBootManager.exe	89
PID 4328 wrote to memory of 3056	4328	WindowsBootManager.exe	89
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 920	3056	WindowsBootManager.exe	92
PID 3056 wrote to memory of 932	3056	WindowsBootManager.exe	93
PID 3056 wrote to memory of 932	3056	WindowsBootManager.exe	93
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94
PID 3056 wrote to memory of 1380	3056	WindowsBootManager.exe	94

C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe
"C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
  C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
    "C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,18293558240883120809,16641774971572418371,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:920
- - C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
    "C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --mojo-platform-channel-handle=2044 --field-trial-handle=1844,i,18293558240883120809,16641774971572418371,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
    "C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --app-path="C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2460 --field-trial-handle=1844,i,18293558240883120809,16641774971572418371,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    PID:1380
- - C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
    "C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1008 --field-trial-handle=1844,i,18293558240883120809,16641774971572418371,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4984

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 816 -ip 816
1⤵
PID:2772

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 816 -s 2468
1⤵
- Program crash
PID:2548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0fbdf762-6ad5-49ee-830b-975274d62031.tmp.node

Filesize
141KB

MD5
5ecb9303024b5e5a960bc37e4be31773

SHA1
235705541c5d347a4e236af604d44e332c3976b4

SHA256
a90f84a584806ac02a3a405aa605eb6e98f9b7cee5f526ca47300e73eb1c0b0e

SHA512
094a8ab08d5112575543e3b44f7bfe4ac6a77e5ab7dc5de8b2ecb7d2f833100f3f00297c13591ab77e934457f7ae325048d21b001ba8717e621d1155e77dfa49

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Filesize
139.8MB

MD5
6d582ad6377f23e6ded3fbe114cdebef

SHA1
255a6e30eee82dd5f3084a2cfcd636f9f2571114

SHA256
f1d66f5ad4a4a3429e962adc3d6d037f71d4ae1772e86253987e7aaa5652fdb4

SHA512
8544c5847b06b143f736f5337b3f49eb2e0bf04c0bfebaba727f5954e73715c07a914c901f6a72dfc995abf654615856797743c21a6bb68339584a727a4ae5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Filesize
139.8MB

MD5
6d582ad6377f23e6ded3fbe114cdebef

SHA1
255a6e30eee82dd5f3084a2cfcd636f9f2571114

SHA256
f1d66f5ad4a4a3429e962adc3d6d037f71d4ae1772e86253987e7aaa5652fdb4

SHA512
8544c5847b06b143f736f5337b3f49eb2e0bf04c0bfebaba727f5954e73715c07a914c901f6a72dfc995abf654615856797743c21a6bb68339584a727a4ae5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Filesize
139.8MB

MD5
6d582ad6377f23e6ded3fbe114cdebef

SHA1
255a6e30eee82dd5f3084a2cfcd636f9f2571114

SHA256
f1d66f5ad4a4a3429e962adc3d6d037f71d4ae1772e86253987e7aaa5652fdb4

SHA512
8544c5847b06b143f736f5337b3f49eb2e0bf04c0bfebaba727f5954e73715c07a914c901f6a72dfc995abf654615856797743c21a6bb68339584a727a4ae5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Filesize
139.8MB

MD5
6d582ad6377f23e6ded3fbe114cdebef

SHA1
255a6e30eee82dd5f3084a2cfcd636f9f2571114

SHA256
f1d66f5ad4a4a3429e962adc3d6d037f71d4ae1772e86253987e7aaa5652fdb4

SHA512
8544c5847b06b143f736f5337b3f49eb2e0bf04c0bfebaba727f5954e73715c07a914c901f6a72dfc995abf654615856797743c21a6bb68339584a727a4ae5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Filesize
139.8MB

MD5
6d582ad6377f23e6ded3fbe114cdebef

SHA1
255a6e30eee82dd5f3084a2cfcd636f9f2571114

SHA256
f1d66f5ad4a4a3429e962adc3d6d037f71d4ae1772e86253987e7aaa5652fdb4

SHA512
8544c5847b06b143f736f5337b3f49eb2e0bf04c0bfebaba727f5954e73715c07a914c901f6a72dfc995abf654615856797743c21a6bb68339584a727a4ae5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Filesize
139.8MB

MD5
6d582ad6377f23e6ded3fbe114cdebef

SHA1
255a6e30eee82dd5f3084a2cfcd636f9f2571114

SHA256
f1d66f5ad4a4a3429e962adc3d6d037f71d4ae1772e86253987e7aaa5652fdb4

SHA512
8544c5847b06b143f736f5337b3f49eb2e0bf04c0bfebaba727f5954e73715c07a914c901f6a72dfc995abf654615856797743c21a6bb68339584a727a4ae5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\chrome_100_percent.pak

Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\chrome_200_percent.pak

Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\icudtl.dat

Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\libEGL.dll

Filesize
437KB

MD5
91f11a9181583f75e2b29fcd9050c7f5

SHA1
fd90abc3048f3347435dfbd1075b8051ac6ffabc

SHA256
43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330

SHA512
925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\libGLESv2.dll

Filesize
6.7MB

MD5
16deb84c2dd1d55ed938a112b6ce92d4

SHA1
15ed353f418030e2a3d94c2c77d45605ea9cb3c2

SHA256
b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8

SHA512
bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\libegl.dll

Filesize
437KB

MD5
91f11a9181583f75e2b29fcd9050c7f5

SHA1
fd90abc3048f3347435dfbd1075b8051ac6ffabc

SHA256
43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330

SHA512
925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\libglesv2.dll

Filesize
6.7MB

MD5
16deb84c2dd1d55ed938a112b6ce92d4

SHA1
15ed353f418030e2a3d94c2c77d45605ea9cb3c2

SHA256
b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8

SHA512
bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\locales\en-US.pak

Filesize
110KB

MD5
5cc884bf0ec1c702240173b35a421d1b

SHA1
19bdfb0b31dc4a75e7c135d1a8ef76f5f6cc3a31

SHA256
9f0c75c84381360677055d6197812c7a6c42dbfc6134eb8212d8a60ed1ca1601

SHA512
48772f50f6b0d846084a0cfb0d6433f2fbf73677b557b022d0d73d04790636c0c40ed873c32fd037013e943fb7c24816efdcde38429520895c00c2d85a17ea5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources.pak

Filesize
4.9MB

MD5
a1e5aafe5a1509ef461d584c98484ff7

SHA1
455a36fff7a12989d0d1fc944a3c8840141d865a

SHA256
dd0cdd9201c5966dcc8b3ac3f587fdb05cad09547e267e0d16b8b1a3cff14772

SHA512
f98e33fe7e89a7798c6c274b4220c7c5262a2cedd0c0a04c7821634679f71145eca78c7a36a9f576712a00ffbabfabf58c958483d2d69fa9960178a7c3581946

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar

Filesize
26.2MB

MD5
4b2f3c2a979721edaa7e8141cd9ed59b

SHA1
5a8441a0e7292cfacf776185c5bb0ff64c763005

SHA256
b46ffd5eaa28f8b42970d4b9ac5b5dfab5306e8393676fe6a29ed1e23ab36e80

SHA512
2cfd1000147c005ae0b8412682b78ee6b7220635bc491bab757e1db565060a27eff42c7a12b67585439d34424e41c274f494ae0dfa24a1ff5819ee3eb2bb98db

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar.unpacked\node_modules\clipboardy\index.js

Filesize
1KB

MD5
76ddee29be6d109fb8bfd6c0f387ada6

SHA1
99d6f7e30c631c246e63f0bd48cf7faaf078a02b

SHA256
66880b0d3ec39ba64b224a34a5ef0352032ee95862e1f4e6b2951df85cbc9399

SHA512
555b1d9dbae2b39a0d06b1f8f2ca73ee5faee759deb6e76064047b82aa63e7ea16f69b18856660e9811110a2590696fb8f967182878dfce1e342c391e0d0541a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar.unpacked\node_modules\clipboardy\lib\linux.js

Filesize
1KB

MD5
56d77986c00c7c8bc6000f4068578295

SHA1
657e0769181d7d0f1c36036117763b41c342566d

SHA256
0b364961d2374291c79cf8556f065b7bc272f117fcef6b9b67aefa2b9d762109

SHA512
16f2b7c4fe77d38df07c0b05a72329d5c820b5d727390dc9780b2f9962a766d3cc65decea01a6d7caad32f6127bd280c55e38a07bccd5dba6307e6b8f8728777

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar.unpacked\node_modules\clipboardy\lib\macos.js

Filesize
379B

MD5
4814022b2ae67df02bc84afd6e218ef3

SHA1
a4a6a3280110acd5f8c15f51fb98030a7d9e1f03

SHA256
e50f203ab3894301fd7e3ec2d2581739d5f39f395df34b754964927cfca6aeda

SHA512
415d98b8825d8b95c3c6931a0e42bacc3a7ab4b67fe2dd4f09b2319cf52fb516696229dc7c5ccdf5218ac4effe76b361dc455e1f58eea5a87b2a52704ea3a597

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar.unpacked\node_modules\clipboardy\lib\termux.js

Filesize
797B

MD5
42964227cd4d18db36d54abb31751ad3

SHA1
3194be24a98f6a8493eb1cf96081c592c5986320

SHA256
20177609ef84109cbd8e76f554d622ec14587297c1d2a98100a42cfb0f181535

SHA512
e523b1a1edad998294f7a3c4feb10bb8946bd8284f09457ac56dd721970c792d3dc8d58bdbf3dca8e24d8a109b13aac461019d6c47a5acbe0b2db013af2deaa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar.unpacked\node_modules\clipboardy\lib\windows.js

Filesize
669B

MD5
f912cda66cb6fc434824a5aa3ffcb717

SHA1
95a9e0e407db544a16745af494aaefe3e8693231

SHA256
a56136479ba0522e8138839c4453571bb28fa9e1ac009f103e251cc75e8066d6

SHA512
5466dfca3b5ce776cb34fec8ff48e82ac22ef759f2d62ac2462c184b5e629487e10a07d7fc1b7babee2abbda97f0250103b65c307acdd516ad5c713b70c19e5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar.unpacked\node_modules\clipboardy\package.json

Filesize
714B

MD5
6dcf210526904a7678858cf77afe862b

SHA1
9f8724cad326edcf256106581e41831e5dbc186f

SHA256
10bac01de1f6cd92affed90c16888c0e81e557a6426f266862723196712c1779

SHA512
5114adbd62189df69dbbefd095ef3041719d4bcd6ea985dcd61477f4aed3a8ff43bc1b41eec9f5add4562610cf6d9b51b3b3ac773a59b2a36e70ab49796fe366

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\v8_context_snapshot.bin

Filesize
709KB

MD5
dd0d4997dfab65b96aad66d035f6029c

SHA1
65faa1dbb7ccd902f1f1af544f6941234ff679d3

SHA256
f033fb86fa92df1be464de590aa312cc016bc5d6bea26672c896bf4d3f1261cd

SHA512
86b06bd0f91f50bd13b3af179f3f498f10a225d25ba5ca32258f75567e601c3f48f7a3fb436c3b0d2ba53cc9eaaa8f74c95b44458628b0ea716563694a3c7002

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\vulkan-1.dll

Filesize
830KB

MD5
4783d34314ef4feb241f4fdf36499521

SHA1
89296d6ac36cd005045db7307bf31005d0cf29a7

SHA256
6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b

SHA512
7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\vulkan-1.dll

Filesize
830KB

MD5
4783d34314ef4feb241f4fdf36499521

SHA1
89296d6ac36cd005045db7307bf31005d0cf29a7

SHA256
6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b

SHA512
7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\edd91671-cecd-49ad-aacf-cf4b604ddf58.tmp.node

Filesize
2.6MB

MD5
083fd9f2e3e93e1f2c599a2b609c9e5e

SHA1
6db2b6ce3e60d828ca32a6000c270c09224f3139

SHA256
5800c926c34c7ef38a45840c30e8855c1b3a6ec1ec8f37ffc6ce2d402728eabd

SHA512
08206b13d7e91f36d65de545b483d5fa446c2a1d8baab4c2fb19aa711af10cbfd98da3811d34a16033b5c09eb297fdcfaf09a186b4dcf69e84bb4dfcc11d96b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoC50B.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoC50B.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoC50B.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit