f11247d3a0f993401c85e57ce1b6555871ac1fd334213893249901b925e1ba3d

Analysis

max time kernel
49s
max time network
193s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Herobots Launcher.exe
Size

68.7MB
MD5

0706a5e09c3a7e2dbbdba209aebdab24
SHA1

3353060b6b6cfd1d6c8acbd7bdc8c2067feef23f
SHA256

f11247d3a0f993401c85e57ce1b6555871ac1fd334213893249901b925e1ba3d
SHA512

368bcc5cf1757644b763ceae4641d38d3a8215562dfe208c5f7cb171817edc38ea6874ffca9d5136cf13a04d5eb8e8f655643f98409bcc646621f20b983db68f
SSDEEP

1572864:wlB9i1v6tZEw9+xiLEJW6n2waOXmlX2NfqyAnrZ:2B9K6cw9+0LGp2wBXqkSfrZ

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\LICENSES.chromium.html

Ransom Note

<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="color-scheme" content="light dark"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <link rel="stylesheet" href="chrome://credits/credits.css"> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"> <div class="product"> <span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span> <span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre>Copyright(C) 1997,2001 Takuya OOURA (email: [email protected]). You may use, copy, modify this code for any purpose and without fee. You may distribute this ORIGINAL package. </pre> </div> </div> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="2"> <label class="show" for="2" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, in

Emails

[email protected]

[email protected])&quot

[email protected]

<[email protected]&gt

[email protected]

<[email protected]&gt

URLs

https://www.apache.org/licenses/

https://www.apache.org/licenses/LICENSE-2.0

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)&quot

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

https://github.com/typetools/jdk

https://github.com/typetools/stubparser

https://github.com/typetools/annotation-tools

https://github.com/plume-lib/

http://www.mozilla.org/MPL/

http://source.android.com/

http://source.android.com/compatibility

http://www.apple.com/legal/guidelinesfor3rdparties.html

https://github.com/easylist

https://easylist.to/)&quot

Signatures

Executes dropped EXE 4 IoCs

Processes:

Herobots Launcher.exeHerobots Launcher.exeHerobots Launcher.exeHerobots Launcher.exe

pid process

864 Herobots Launcher.exe
572 Herobots Launcher.exe
1720 Herobots Launcher.exe
756 Herobots Launcher.exe

pid	process
864	Herobots Launcher.exe
572	Herobots Launcher.exe
1720	Herobots Launcher.exe
756	Herobots Launcher.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Herobots Launcher.exeHerobots Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Control Panel\International\Geo\Nation	Herobots Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Control Panel\International\Geo\Nation	Herobots Launcher.exe

Loads dropped DLL 14 IoCs

Processes:

Herobots Launcher.exeHerobots Launcher.exeHerobots Launcher.exeHerobots Launcher.exeHerobots Launcher.exe

pid	process
2012	Herobots Launcher.exe
2012	Herobots Launcher.exe
2012	Herobots Launcher.exe
2012	Herobots Launcher.exe
864	Herobots Launcher.exe
864	Herobots Launcher.exe
572	Herobots Launcher.exe
572	Herobots Launcher.exe
572	Herobots Launcher.exe
572	Herobots Launcher.exe
864	Herobots Launcher.exe
1720	Herobots Launcher.exe
864	Herobots Launcher.exe
756	Herobots Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

Herobots Launcher.exeHerobots Launcher.exe

description	pid	process
Token: SeSecurityPrivilege	2012	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe
Token: SeShutdownPrivilege	864	Herobots Launcher.exe

Suspicious use of WriteProcessMemory 49 IoCs

Processes:

Herobots Launcher.exeHerobots Launcher.exe

description	pid	process	target process
PID 2012 wrote to memory of 864	2012	Herobots Launcher.exe	Herobots Launcher.exe
PID 2012 wrote to memory of 864	2012	Herobots Launcher.exe	Herobots Launcher.exe
PID 2012 wrote to memory of 864	2012	Herobots Launcher.exe	Herobots Launcher.exe
PID 2012 wrote to memory of 864	2012	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 572	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 1720	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 1720	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 1720	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 756	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 756	864	Herobots Launcher.exe	Herobots Launcher.exe
PID 864 wrote to memory of 756	864	Herobots Launcher.exe	Herobots Launcher.exe

C:\Users\Admin\AppData\Local\Temp\Herobots Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Herobots Launcher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2012

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:864

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Herobots" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1040 --field-trial-handle=1096,i,2647598976103981887,3775531450995627499,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:572

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Herobots" --mojo-platform-channel-handle=1332 --field-trial-handle=1096,i,2647598976103981887,3775531450995627499,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1720

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Herobots" --app-path="C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --force-device-scale-factor=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1692 --field-trial-handle=1096,i,2647598976103981887,3775531450995627499,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:756

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Herobots" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1096,i,2647598976103981887,3775531450995627499,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Herobots" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1148 --field-trial-handle=1096,i,2647598976103981887,3775531450995627499,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
PID:948

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\D3DCompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\chrome_100_percent.pak
Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\chrome_200_percent.pak
Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\ffmpeg.dll
Filesize
2.6MB

MD5
0c60baf0533c2d405fe676078b74e320

SHA1
7930f3c32320b0ec38662cadaae620922eaaec9c

SHA256
e3888c68b108e150afc3f21f7e3ea475c5a879b59204d1114a254b3aa68dc837

SHA512
4c09a0bb7a0d96174e195393b6bbdc08e079893f3489440d431a4f93b09e05caf9ba4b0aacb3c2d5dcc5a68f9a0ea243af26a6ccddced4e98c6cad9530738429

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\icudtl.dat
Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libegl.dll
Filesize
464KB

MD5
b16459e3977c09862f18b1eec581c625

SHA1
d892ed82a1178869f62b7007d68266eb09e0cdc0

SHA256
19a8c963797177dac6d424530fca12ffde678974afc7ccbd7b3830626dd81fdd

SHA512
0be655a151ae709e7f8fada0c77680e4554a2cc2c25d60f869752b9615b624109dff0089e5a641cc06d7d558f937b364318b757fd3ce1e60a728102bdbf5f8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libglesv2.dll
Filesize
7.0MB

MD5
eff79eb01dab6213097e5407ae524ada

SHA1
e8567ef1f0369a988af08108938bcfc0ed07578e

SHA256
a350c743f5ad8db792f26eac0f0feb568b5d8bbc5ec535eeaf0bb618f56899dc

SHA512
34987fdd997083b6b5c0dd3b4adc64055ac736020e06b97e9375afa35068b8767c78c936875fff9ed969a1177f6344b19a3b1393e9452bbcb7b528fcd64905ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\locales\en-US.pak
Filesize
302KB

MD5
3fef69b20e6f9599e9c2369398e571c0

SHA1
92be2b65b62938e6426ab333c82d70d337666784

SHA256
a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

SHA512
3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\resources.pak
Filesize
5.2MB

MD5
f24c85d2b898b6b4de118f6a2e63a244

SHA1
731adfc20807874b70bda7e2661e66ff6987e069

SHA256
aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6

SHA512
b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\resources\app.asar
Filesize
13.8MB

MD5
7c6efe8aacd322a77c090d23d8811958

SHA1
d23947b0ecb24670e14d764b5347ebe6eeb6963c

SHA256
97f914a7f79e7404bfa2045d7c41d9ef039a2d85cbc0d0f6f6adc36e8afd232b

SHA512
4f1c6f497721e193ac0311fee60edf3c73a7bcc5825df28d1f625b893b886a278a71a693618b123306d21fc24157da2fa2254564ce6bebd73774a0ceeda29b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\v8_context_snapshot.bin
Filesize
710KB

MD5
5c63706a2538907c559af906fc197540

SHA1
ae0baba7e1c84d3b1bccece6d875a61a7fb13ddd

SHA256
cb78b7dddc53491bc4d348d81173cff6b4a7fac1434a99bd025a66757016dc39

SHA512
47884ee1a7d27a42a1bc29e92230a4e302a81724b4565deb08667b07bbc3a3c5dba9884e5b6ae226549c174d48a6b0107ec108c47596b2a2f8049dbfc972b145

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vk_swiftshader.dll
Filesize
4.8MB

MD5
0307453662b334b28af831de575184c1

SHA1
7475a72b4f708f83d91cdfff63846af1aa644938

SHA256
97200ffcbfc10ca7b4ef7fc17236161286bc27c531497ace3b123300b1d26dfa

SHA512
c77feac8ef432575ac3976b639529ef07503c6a70a613fcdfba5ea458c59449ab1a5466975069dacfe1e41e2ade3013dd0c0578d1605bebdfa98314db76ebab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vulkan-1.dll
Filesize
858KB

MD5
a0c01e57b16cbf2339f81f60ae9b7125

SHA1
a341ed74a48a25625533b9aefbdf5c63510a3032

SHA256
4d8de373e7f06e48bae9d4eab07b92ee70f07dfe4ca711227d0ef99a2cf4c341

SHA512
a7fb6ff120592a8c7d2735b0f4f6527763df071a3082f24feb34c0ea46d8e1953fdac340a91e6b1f2caa8a95e0984fa4ee97c11a4096c02b305b89763aeb9046

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\Herobots Launcher.exe
Filesize
147.1MB

MD5
823978b10f1efaed3c9cbee8c047f51e

SHA1
52045f2c5e2f194f60d3b193769b55d8f542cec3

SHA256
9a644b31d1bcea12c5d5a8622f68e24d28b44f9637caaf5aa0bcd213aed48871

SHA512
e807d984f4ea153d781c4eb257a7ec93b37d5411725697a1d169936516e0828488fc0319dac58fae3c8efc808b91f49755badf33038c925092b63ec7a6567a07

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\d3dcompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\d3dcompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\d3dcompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\ffmpeg.dll
Filesize
2.6MB

MD5
0c60baf0533c2d405fe676078b74e320

SHA1
7930f3c32320b0ec38662cadaae620922eaaec9c

SHA256
e3888c68b108e150afc3f21f7e3ea475c5a879b59204d1114a254b3aa68dc837

SHA512
4c09a0bb7a0d96174e195393b6bbdc08e079893f3489440d431a4f93b09e05caf9ba4b0aacb3c2d5dcc5a68f9a0ea243af26a6ccddced4e98c6cad9530738429

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\ffmpeg.dll
Filesize
2.6MB

MD5
0c60baf0533c2d405fe676078b74e320

SHA1
7930f3c32320b0ec38662cadaae620922eaaec9c

SHA256
e3888c68b108e150afc3f21f7e3ea475c5a879b59204d1114a254b3aa68dc837

SHA512
4c09a0bb7a0d96174e195393b6bbdc08e079893f3489440d431a4f93b09e05caf9ba4b0aacb3c2d5dcc5a68f9a0ea243af26a6ccddced4e98c6cad9530738429

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\ffmpeg.dll
Filesize
2.6MB

MD5
0c60baf0533c2d405fe676078b74e320

SHA1
7930f3c32320b0ec38662cadaae620922eaaec9c

SHA256
e3888c68b108e150afc3f21f7e3ea475c5a879b59204d1114a254b3aa68dc837

SHA512
4c09a0bb7a0d96174e195393b6bbdc08e079893f3489440d431a4f93b09e05caf9ba4b0aacb3c2d5dcc5a68f9a0ea243af26a6ccddced4e98c6cad9530738429

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\ffmpeg.dll
Filesize
2.6MB

MD5
0c60baf0533c2d405fe676078b74e320

SHA1
7930f3c32320b0ec38662cadaae620922eaaec9c

SHA256
e3888c68b108e150afc3f21f7e3ea475c5a879b59204d1114a254b3aa68dc837

SHA512
4c09a0bb7a0d96174e195393b6bbdc08e079893f3489440d431a4f93b09e05caf9ba4b0aacb3c2d5dcc5a68f9a0ea243af26a6ccddced4e98c6cad9530738429

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\ffmpeg.dll
Filesize
2.6MB

MD5
0c60baf0533c2d405fe676078b74e320

SHA1
7930f3c32320b0ec38662cadaae620922eaaec9c

SHA256
e3888c68b108e150afc3f21f7e3ea475c5a879b59204d1114a254b3aa68dc837

SHA512
4c09a0bb7a0d96174e195393b6bbdc08e079893f3489440d431a4f93b09e05caf9ba4b0aacb3c2d5dcc5a68f9a0ea243af26a6ccddced4e98c6cad9530738429

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\ffmpeg.dll
Filesize
2.6MB

MD5
0c60baf0533c2d405fe676078b74e320

SHA1
7930f3c32320b0ec38662cadaae620922eaaec9c

SHA256
e3888c68b108e150afc3f21f7e3ea475c5a879b59204d1114a254b3aa68dc837

SHA512
4c09a0bb7a0d96174e195393b6bbdc08e079893f3489440d431a4f93b09e05caf9ba4b0aacb3c2d5dcc5a68f9a0ea243af26a6ccddced4e98c6cad9530738429

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libEGL.dll
Filesize
464KB

MD5
b16459e3977c09862f18b1eec581c625

SHA1
d892ed82a1178869f62b7007d68266eb09e0cdc0

SHA256
19a8c963797177dac6d424530fca12ffde678974afc7ccbd7b3830626dd81fdd

SHA512
0be655a151ae709e7f8fada0c77680e4554a2cc2c25d60f869752b9615b624109dff0089e5a641cc06d7d558f937b364318b757fd3ce1e60a728102bdbf5f8a2

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libEGL.dll
Filesize
464KB

MD5
b16459e3977c09862f18b1eec581c625

SHA1
d892ed82a1178869f62b7007d68266eb09e0cdc0

SHA256
19a8c963797177dac6d424530fca12ffde678974afc7ccbd7b3830626dd81fdd

SHA512
0be655a151ae709e7f8fada0c77680e4554a2cc2c25d60f869752b9615b624109dff0089e5a641cc06d7d558f937b364318b757fd3ce1e60a728102bdbf5f8a2

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libEGL.dll
Filesize
464KB

MD5
b16459e3977c09862f18b1eec581c625

SHA1
d892ed82a1178869f62b7007d68266eb09e0cdc0

SHA256
19a8c963797177dac6d424530fca12ffde678974afc7ccbd7b3830626dd81fdd

SHA512
0be655a151ae709e7f8fada0c77680e4554a2cc2c25d60f869752b9615b624109dff0089e5a641cc06d7d558f937b364318b757fd3ce1e60a728102bdbf5f8a2

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libGLESv2.dll
Filesize
7.0MB

MD5
eff79eb01dab6213097e5407ae524ada

SHA1
e8567ef1f0369a988af08108938bcfc0ed07578e

SHA256
a350c743f5ad8db792f26eac0f0feb568b5d8bbc5ec535eeaf0bb618f56899dc

SHA512
34987fdd997083b6b5c0dd3b4adc64055ac736020e06b97e9375afa35068b8767c78c936875fff9ed969a1177f6344b19a3b1393e9452bbcb7b528fcd64905ab

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libGLESv2.dll
Filesize
7.0MB

MD5
eff79eb01dab6213097e5407ae524ada

SHA1
e8567ef1f0369a988af08108938bcfc0ed07578e

SHA256
a350c743f5ad8db792f26eac0f0feb568b5d8bbc5ec535eeaf0bb618f56899dc

SHA512
34987fdd997083b6b5c0dd3b4adc64055ac736020e06b97e9375afa35068b8767c78c936875fff9ed969a1177f6344b19a3b1393e9452bbcb7b528fcd64905ab

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\libGLESv2.dll
Filesize
7.0MB

MD5
eff79eb01dab6213097e5407ae524ada

SHA1
e8567ef1f0369a988af08108938bcfc0ed07578e

SHA256
a350c743f5ad8db792f26eac0f0feb568b5d8bbc5ec535eeaf0bb618f56899dc

SHA512
34987fdd997083b6b5c0dd3b4adc64055ac736020e06b97e9375afa35068b8767c78c936875fff9ed969a1177f6344b19a3b1393e9452bbcb7b528fcd64905ab

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vk_swiftshader.dll
Filesize
4.8MB

MD5
0307453662b334b28af831de575184c1

SHA1
7475a72b4f708f83d91cdfff63846af1aa644938

SHA256
97200ffcbfc10ca7b4ef7fc17236161286bc27c531497ace3b123300b1d26dfa

SHA512
c77feac8ef432575ac3976b639529ef07503c6a70a613fcdfba5ea458c59449ab1a5466975069dacfe1e41e2ade3013dd0c0578d1605bebdfa98314db76ebab5

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vk_swiftshader.dll
Filesize
4.8MB

MD5
0307453662b334b28af831de575184c1

SHA1
7475a72b4f708f83d91cdfff63846af1aa644938

SHA256
97200ffcbfc10ca7b4ef7fc17236161286bc27c531497ace3b123300b1d26dfa

SHA512
c77feac8ef432575ac3976b639529ef07503c6a70a613fcdfba5ea458c59449ab1a5466975069dacfe1e41e2ade3013dd0c0578d1605bebdfa98314db76ebab5

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vk_swiftshader.dll
Filesize
4.8MB

MD5
0307453662b334b28af831de575184c1

SHA1
7475a72b4f708f83d91cdfff63846af1aa644938

SHA256
97200ffcbfc10ca7b4ef7fc17236161286bc27c531497ace3b123300b1d26dfa

SHA512
c77feac8ef432575ac3976b639529ef07503c6a70a613fcdfba5ea458c59449ab1a5466975069dacfe1e41e2ade3013dd0c0578d1605bebdfa98314db76ebab5

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vk_swiftshader.dll
Filesize
4.8MB

MD5
0307453662b334b28af831de575184c1

SHA1
7475a72b4f708f83d91cdfff63846af1aa644938

SHA256
97200ffcbfc10ca7b4ef7fc17236161286bc27c531497ace3b123300b1d26dfa

SHA512
c77feac8ef432575ac3976b639529ef07503c6a70a613fcdfba5ea458c59449ab1a5466975069dacfe1e41e2ade3013dd0c0578d1605bebdfa98314db76ebab5

Download Submit
\Users\Admin\AppData\Local\Temp\2I02S7GMWZJUoLs07zWvguWpOuf\vulkan-1.dll
Filesize
858KB

MD5
a0c01e57b16cbf2339f81f60ae9b7125

SHA1
a341ed74a48a25625533b9aefbdf5c63510a3032

SHA256
4d8de373e7f06e48bae9d4eab07b92ee70f07dfe4ca711227d0ef99a2cf4c341

SHA512
a7fb6ff120592a8c7d2735b0f4f6527763df071a3082f24feb34c0ea46d8e1953fdac340a91e6b1f2caa8a95e0984fa4ee97c11a4096c02b305b89763aeb9046

Download Submit
\Users\Admin\AppData\Local\Temp\nsj63D4.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsj63D4.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsj63D4.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/572-101-0x0000000000000000-mapping.dmp

Download
memory/756-116-0x0000000000000000-mapping.dmp

Download
memory/864-59-0x0000000000000000-mapping.dmp

Download
memory/864-66-0x000007FEFB7E1000-0x000007FEFB7E3000-memory.dmp

Filesize
8KB

Download
memory/948-185-0x0000000000000000-mapping.dmp

Download
memory/1720-112-0x0000000000000000-mapping.dmp

Download
memory/1740-149-0x0000000000000000-mapping.dmp

Download
memory/2012-54-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download