locky | 8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4

Analysis

max time kernel
77s
max time network
152s
platform
windows7_x64
resource
win7-20220812-es
resource tags

arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
submitted
09-01-2023 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Prepros-Setup-7.6.0.exe
Size

226.8MB
MD5

3a734395c8d70263eb3b41d3eda9ee7d
SHA1

26644f9adbdd330eeb9f07379bd2f3fc67fa737a
SHA256

8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4
SHA512

1e82cd06f5960049f99d3ea7a026f52c955f36de73d5996f62614eea577770b42c73d2b606454cc8d6a20664ec23d8e7be0e6bc2ef4d16a6c35784c920d0fda6
SSDEEP

6291456:REqeKBbSB1OF3XLM5c8nfK10uPgq7mULvhOs93YbLr2FPo:REOBmB1OJY5LfK10jamM5Os93Pq

Score

10^/10

locky discovery ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Executes dropped EXE 9 IoCs

Processes:

Update.exeSquirrel.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exe

pid process

1888 Update.exe
808 Squirrel.exe
1748 Prepros.exe
1068 Prepros.exe
1360 Prepros.exe
1552 Prepros.exe
364 Prepros.exe
1048 Prepros.exe
388 Prepros.exe

pid	process
1888	Update.exe
808	Squirrel.exe
1748	Prepros.exe
1068	Prepros.exe
1360	Prepros.exe
1552	Prepros.exe
364	Prepros.exe
1048	Prepros.exe
388	Prepros.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Prepros.exePrepros.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	Prepros.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	Prepros.exe

Loads dropped DLL 17 IoCs

Processes:

Prepros-Setup-7.6.0.exeUpdate.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exe

pid	process
2020	Prepros-Setup-7.6.0.exe
1888	Update.exe
1888	Update.exe
1888	Update.exe
1888	Update.exe
1888	Update.exe
1888	Update.exe
1748	Prepros.exe
1068	Prepros.exe
1360	Prepros.exe
1552	Prepros.exe
1048	Prepros.exe
364	Prepros.exe
388	Prepros.exe
364	Prepros.exe
364	Prepros.exe
364	Prepros.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Update.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Update.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Update.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

Prepros.exeUpdate.exePrepros.exe

pid	process
1748	Prepros.exe
1748	Prepros.exe
1748	Prepros.exe
1748	Prepros.exe
1748	Prepros.exe
1888	Update.exe
1888	Update.exe
1360	Prepros.exe
1360	Prepros.exe
1360	Prepros.exe
1360	Prepros.exe
1360	Prepros.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

Update.exePrepros.exe

description	pid	process
Token: SeDebugPrivilege	1888	Update.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe
Token: SeShutdownPrivilege	1360	Prepros.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Update.exePrepros.exe

pid process

1888 Update.exe
1360 Prepros.exe
1360 Prepros.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

Prepros.exe

pid process

1360 Prepros.exe
1360 Prepros.exe

pid	process
1888	Update.exe
1360	Prepros.exe
1360	Prepros.exe

pid	process
1360	Prepros.exe
1360	Prepros.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Prepros-Setup-7.6.0.exeUpdate.exePrepros.exePrepros.exe

description	pid	process	target process
PID 2020 wrote to memory of 1888	2020	Prepros-Setup-7.6.0.exe	Update.exe
PID 2020 wrote to memory of 1888	2020	Prepros-Setup-7.6.0.exe	Update.exe
PID 2020 wrote to memory of 1888	2020	Prepros-Setup-7.6.0.exe	Update.exe
PID 2020 wrote to memory of 1888	2020	Prepros-Setup-7.6.0.exe	Update.exe
PID 2020 wrote to memory of 1888	2020	Prepros-Setup-7.6.0.exe	Update.exe
PID 2020 wrote to memory of 1888	2020	Prepros-Setup-7.6.0.exe	Update.exe
PID 2020 wrote to memory of 1888	2020	Prepros-Setup-7.6.0.exe	Update.exe
PID 1888 wrote to memory of 808	1888	Update.exe	Squirrel.exe
PID 1888 wrote to memory of 808	1888	Update.exe	Squirrel.exe
PID 1888 wrote to memory of 808	1888	Update.exe	Squirrel.exe
PID 1888 wrote to memory of 808	1888	Update.exe	Squirrel.exe
PID 1888 wrote to memory of 1748	1888	Update.exe	Prepros.exe
PID 1888 wrote to memory of 1748	1888	Update.exe	Prepros.exe
PID 1888 wrote to memory of 1748	1888	Update.exe	Prepros.exe
PID 1888 wrote to memory of 1748	1888	Update.exe	Prepros.exe
PID 1748 wrote to memory of 1068	1748	Prepros.exe	Prepros.exe
PID 1748 wrote to memory of 1068	1748	Prepros.exe	Prepros.exe
PID 1748 wrote to memory of 1068	1748	Prepros.exe	Prepros.exe
PID 1748 wrote to memory of 1068	1748	Prepros.exe	Prepros.exe
PID 1888 wrote to memory of 1360	1888	Update.exe	Prepros.exe
PID 1888 wrote to memory of 1360	1888	Update.exe	Prepros.exe
PID 1888 wrote to memory of 1360	1888	Update.exe	Prepros.exe
PID 1888 wrote to memory of 1360	1888	Update.exe	Prepros.exe
PID 1360 wrote to memory of 1552	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 1552	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 1552	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 1552	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe
PID 1360 wrote to memory of 364	1360	Prepros.exe	Prepros.exe

C:\Users\Admin\AppData\Local\Temp\Prepros-Setup-7.6.0.exe
"C:\Users\Admin\AppData\Local\Temp\Prepros-Setup-7.6.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1888

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
3⤵
- Executes dropped EXE
PID:808

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --squirrel-install 7.6.0
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1748

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Prepros /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Prepros\Crashpad --url=https://sentry.io/api/1863100/minidump/?sentry_key=049c8416847c4b8e8e49cfc359154f7a --annotation=_productName=Prepros --annotation=_version=7.6.0 --annotation=prod=Electron --annotation=sentry___initialScope={} --annotation=ver=18.3.1 --initial-client-data=0x314,0x318,0x31c,0x30c,0x320,0x87b1e40,0x87b1e50,0x87b1e5c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1068

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --squirrel-firstrun
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Prepros /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Prepros\Crashpad --url=https://sentry.io/api/1863100/minidump/?sentry_key=049c8416847c4b8e8e49cfc359154f7a --annotation=_productName=Prepros --annotation=_version=7.6.0 --annotation=prod=Electron --annotation=sentry___initialScope={} --annotation=ver=18.3.1 --initial-client-data=0x300,0x304,0x308,0x2fc,0x30c,0x87b1e40,0x87b1e50,0x87b1e5c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1552

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1172,i,13178120038621318029,8023018938592245262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:364

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --mojo-platform-channel-handle=1356 --field-trial-handle=1172,i,13178120038621318029,8023018938592245262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1048

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --app-user-model-id=com.squirrel.Prepros.Prepros --app-path="C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --node-integration-in-worker --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1516 --field-trial-handle=1172,i,13178120038621318029,8023018938592245262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:388

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 --field-trial-handle=1172,i,13178120038621318029,8023018938592245262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
PID:2136

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1172,i,13178120038621318029,8023018938592245262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
PID:2364

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1780 --field-trial-handle=1172,i,13178120038621318029,8023018938592245262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
PID:2568

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\D3DCompiler_47.dll
Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
89.8MB

MD5
8ed7b3e845165a908f0b6851c83dea65

SHA1
75566fc79a0bb5afd3e3f2b9105be4200014a62b

SHA256
a97bac095db7036037a9a36abcfaf740d19a67a29dd74d67096cbe8242f7b7bb

SHA512
a360ef085f2a700dc5be07e7b7bd38cbc00474f4430e5f2c415ec119b2f3036f4aa34ef15e7c03681169853353b879670cb5111d084a298030151a56f302bf12

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
82.0MB

MD5
96461449e0c928f3a88af1f54daff44c

SHA1
51128df12c3ad7e64f11d8bbb9c8040d68cff731

SHA256
e85f0ade1b7d22155afc782be35702e7281b55ac5287e2b242df4b31e08ebc61

SHA512
d4e513546848860513e3389155dcc287b8ec9f3f91979b921749ddaa14f9540a61f922b5898cc2cda2d8d367dd941482aae99ff824a621108ef59a34105fc1c7

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
80.5MB

MD5
3c0ad2f45be6231a232d88d080d941aa

SHA1
670ad4a14ef717cfa7811ab0065ee72e6eb25dc1

SHA256
8d89b27c889e70e0fddcee3cdb7ea431b5ae8bc69109e8464d4385ec8bc5e92d

SHA512
7af9dd86986b24ef14747095f30b706ca5cb575e4b8abbd48e4e59dba90355e0f26cf07b0501aff6e074f2e0bd78315b804e48aaf42a76c24bc4b40da82d0203

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
71.1MB

MD5
92240542a611016a88aaa9fa7aeec599

SHA1
0852ee66591630d244cf7cefa828bd7a6afdfa69

SHA256
2c45f6b84cd23d52af27a3f25c4390b7487e7449b7de1e68732c4b5eccbe954d

SHA512
adafdaf47245e9d466058fcfced4fe9215e844948aef7d80452ec74f325108e23a93fb255655617a0f480aa0eda7d97b5ae75339f565d99c685e408c78a17373

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
69.6MB

MD5
1ca52e90dffe3625433a33a1577106a2

SHA1
3c2f2b7177b88721ff9f4adea154625bab83a0fd

SHA256
050c434abcc87667b847e36aa100b861c39ceec43cc584e7d94bdd483b1b51f4

SHA512
deabcfc9f2dddc2e12f9a90274d2b98b64d07ee62ed50f03455579ffb3f3773c058e3362048deade2676ddfe8b62ace85ff0ab146fe90445e2ebfb110128afd9

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
53.4MB

MD5
3cb721e3b33db440fd40c8b9253719b1

SHA1
c57f4479409ca3ed0c560f8e4871ca68d3cbd922

SHA256
70bd8e0faf6cbb9d80a6fd49ff5216d8c26681602b6852df34de2e90fde52d1d

SHA512
521056fbff53f19c2f443801b34d3825fd643c84a8218b93f501ac07f25c4aae22736c477d98abf391b6652973dce660906c733a986c2fbe01ee5ebc358b456c

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
39.9MB

MD5
22adccd3da4b1b1e4b86e1aafaa14d20

SHA1
1742f03da4e899ca6fcd2deeaaf47271ec8abacb

SHA256
151da05c29757d55081086c5a6a3045f3eac878b1c8d5a27457bd6d76f517f89

SHA512
145b6563d8af6a7417b46bb23c3a99059ab2b418263e4972d382262ccb876afd57e5a0d51c73d70dcf65b65e76efc54b091a4fed3644baec7d3c10d714676863

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
84.8MB

MD5
c6d43deb00aca7518983467757406946

SHA1
f05e1caa855c20c919dbad9372482e160e86173c

SHA256
f5520eae7e5556838c0758d65ad6164ad75afe02b68445f1ce06a9e8b1d620f0

SHA512
04edb5ae729ee26a53bd3308d2170587efda7daa8d0db2cb3903a9e3750c436fd91974678546ca9470f002434ebc2af8ac8cf82b80d8ee09972c9ab48c3c0307

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Squirrel.exe
Filesize
2.1MB

MD5
42cf3e8c6361d5f6f58554eb55718f93

SHA1
b02f59b6098b2d6adc1d1c36af0cae9374916f86

SHA256
e0439e271e62bcc6d980fcbf6569e65e09e635ecf5dcf47eac63c932ec8c2753

SHA512
7f6987472fb67dc0c4e323020c81e9bde2b78304cb6540ce59da42dbe6b4fd8223e9991d2a5dc1eabba5736f1c03cb3ef054f6d4deab319c247a2f89bf304820

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\chrome_100_percent.pak
Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\chrome_200_percent.pak
Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\libegl.dll
Filesize
375KB

MD5
b7098705fc1cfc723fcbfc9af82c51d4

SHA1
965326988eae817e2ca947f742a4fa4adfb2b669

SHA256
205da7f88661d990aaaed88502d234ac360c3b970a3ba86b6b45c5380f86b8e2

SHA512
d770f2d0df1e560c04afe02abfae3d847c20e7de917f230c1e2de6cc2b7989b451c2bab083baf6d13d4eb6f39caa16b744fa5e6aa6f4d5a6ea91fd069b54fd13

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\libglesv2.dll
Filesize
6.0MB

MD5
a459b1dccee0a366ad6b525d2ba40d31

SHA1
65b63d55a59661c76119758296f0e3b5f0b02a26

SHA256
98548e9c4a9985c2b40546fe346453fe0c8aa670e10a575d40a4a14c9ca93b62

SHA512
369d5415c93a38874a1cde61cd6407dc7422aec9cafd078b49c4aa8d5f519589bd80683f860b3e3fed56d70d43ae7f5c9b0559334008dd748b213acfd5d8262d

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\locales\es.pak
Filesize
137KB

MD5
e9b6d88c4a56b81aa136fbbafc818bbf

SHA1
ff6f24ce4375ec4f8438bcc8ce620853fcaa099a

SHA256
07ebba3ca9248b15ba39c0cc48aec98a19b4a8f70850ac8cdbdefc4312f36dd7

SHA512
33a0687fbdd916036dcfdb0685b145066846f6c90e880452291c62ac6699e957fae54e75ab9e6106a63d03d19b2ab425dfa337617b0107433ccdb7df9382c94b

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\resources.pak
Filesize
4.9MB

MD5
ff31c1a39edc8202e052a41fb977a300

SHA1
f220ed82575e346c2fb086c0868c07318d57ef92

SHA256
965dcddcb984a231fb2356d6d7ff4e047c2d8fa527442fa64981ab5d254525c9

SHA512
3b3370dd630fd200969331ae7d9b7e005cfbc3aa41ad128274bdc7797de2eca89998787a90a96baecf25ffc64e2c764cb75051efbac57c679abfd17b47873cce

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\resources\app.asar
Filesize
175.2MB

MD5
dbc0d56f7a64d950f71c11967614da29

SHA1
e4e48df6e6e5bbf4619252c5989056ce176ff840

SHA256
f2b5a9ba73236f1dccc35a55093a806cb8550201e04745fd9be157d319288a2d

SHA512
043ececd6c5d8e1ea9c03cd85b7f41be1b4b983a1e2f9a95e37d5d11e33f4879481f1698c2b8a9e803557340f620491f8886f4480ffdc2b9bbedabad1ddf568d

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\squirrel.exe
Filesize
2.1MB

MD5
42cf3e8c6361d5f6f58554eb55718f93

SHA1
b02f59b6098b2d6adc1d1c36af0cae9374916f86

SHA256
e0439e271e62bcc6d980fcbf6569e65e09e635ecf5dcf47eac63c932ec8c2753

SHA512
7f6987472fb67dc0c4e323020c81e9bde2b78304cb6540ce59da42dbe6b4fd8223e9991d2a5dc1eabba5736f1c03cb3ef054f6d4deab319c247a2f89bf304820

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\v8_context_snapshot.bin
Filesize
592KB

MD5
5490a6b619c784169f5db60ba31af7e2

SHA1
53d05e3e8da46fcfe7ab770c6534d1bc12da3e34

SHA256
a2336d5925b57213f27843b66d4d19766bd2c7eb611833583fb496397e76aa34

SHA512
ed323b42b1450962eed7ce7fc9afbdfbed2e25db9aed85051ea403da92080e3ccf01a53cdff24d94fa97d52433a9d311ae37462058d49c057ee6dff5cf6f52c8

Download Submit
C:\Users\Admin\AppData\Local\Prepros\update.exe
Filesize
1.8MB

MD5
e7d118758687987883b663e7830f55ad

SHA1
b0417dd8c1071c1d339e186b23f153f01b12c0c6

SHA256
847364df41b463680ed259e6f5e30e7bb24210d22c20e1bd9da5f7a9d4f06949

SHA512
c47833061de70b7fccb327f67b0976d17d76eb0cb2e179733640eb9f6523cf21990f6fb7690cb27408de5849097417df298ebddd43da23820751d5543bbbc3fd

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Prepros-7.6.0-full.nupkg
Filesize
227.4MB

MD5
9ee46e46878aa658b0cdc80d196811b6

SHA1
a7224330fa37367703afabf41a598e0785843762

SHA256
d0712dda0ea6a2d5c478db30e9c15fe33f01d5569ce36587b4e7bf7ee73f79dc

SHA512
37899599ef698ef8c13f97e821d5299f09c7ad143d255748fc239a927698537d2eadbea28801f3d4efe49f47c57a78bfaf1f452f66c1b9fa864574cbf48c232f

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
Filesize
78B

MD5
815e86408ed524f5a414ddeb552ca31d

SHA1
ed4e84de12a4396799e7d8a447be5e048a3b7d78

SHA256
ecf2da0ea368a10fe20ff700f5e7b542cf369c258e2dc9e057b1f027de4a38b2

SHA512
075d442cf1bd2c74a002736628d9c769a2e394968672d867b5155aabfba75885d8c5d6b00934dbb7fdbe774ce4b5e5fa8e90653c785dabc85fc41b6f6e29d747

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
e7d118758687987883b663e7830f55ad

SHA1
b0417dd8c1071c1d339e186b23f153f01b12c0c6

SHA256
847364df41b463680ed259e6f5e30e7bb24210d22c20e1bd9da5f7a9d4f06949

SHA512
c47833061de70b7fccb327f67b0976d17d76eb0cb2e179733640eb9f6523cf21990f6fb7690cb27408de5849097417df298ebddd43da23820751d5543bbbc3fd

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
e7d118758687987883b663e7830f55ad

SHA1
b0417dd8c1071c1d339e186b23f153f01b12c0c6

SHA256
847364df41b463680ed259e6f5e30e7bb24210d22c20e1bd9da5f7a9d4f06949

SHA512
c47833061de70b7fccb327f67b0976d17d76eb0cb2e179733640eb9f6523cf21990f6fb7690cb27408de5849097417df298ebddd43da23820751d5543bbbc3fd

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif
Filesize
49KB

MD5
ebcf5809bb4c06214f453de9800527cf

SHA1
11ad20a7a9ef0e3d84a9f5155c9238af375a7c2f

SHA256
a63ed119ae1bb9e4d6bcd8d85968bc0b6edcf17295d59666bd2b8b2ed4eaf070

SHA512
b91470445bf7e10bf1dfb7b1c29cc12a90501bb8a87f31eb6c173fc4812c4e15b1a9d9c88f45f819830f814ab77b40ea6420838903cea7e8741eb79f73ee121a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico
Filesize
361KB

MD5
d95e66d23f39836c6bbe6eccb123fd3a

SHA1
96699a7ee1587e204029c50b34642ef49375e745

SHA256
f723d5298ba3b8ef4dbf70b47f9d5ffa936e39d4e1ec634514e5b6c927e493f1

SHA512
b56780e6fe67ffa513da01a3a9c9a5d2c5eb62b6f7b5e95adcceb71994ed5819aabc35736fa1a9a8b408806dcab82e6595576c063724c1e234e0795698f49274

Download Submit
C:\Users\Admin\AppData\Roaming\Prepros\Crashpad\settings.dat
Filesize
40B

MD5
9dce29f6f8b2e9a6eebabcca83c79c5d

SHA1
b339f4c6f8ecbc039c25fb87ef2e6df39219d4bb

SHA256
18dac9b5bf959466cc81b09897c01e6b4db5c5763d164306ea9b4aabd6f26c23

SHA512
8664f0a474f69de23d8afb43f5c56cd741c0fbe6058d471b82502051fa7ebac3aac1b1aa40e7657dca920ee62b7188798c71601d713158d35dc7aac9d23b68c5

Download Submit
C:\Users\Admin\AppData\Roaming\Prepros\Crashpad\settings.dat
Filesize
40B

MD5
9dce29f6f8b2e9a6eebabcca83c79c5d

SHA1
b339f4c6f8ecbc039c25fb87ef2e6df39219d4bb

SHA256
18dac9b5bf959466cc81b09897c01e6b4db5c5763d164306ea9b4aabd6f26c23

SHA512
8664f0a474f69de23d8afb43f5c56cd741c0fbe6058d471b82502051fa7ebac3aac1b1aa40e7657dca920ee62b7188798c71601d713158d35dc7aac9d23b68c5

Download Submit
\??\pipe\crashpad_1360_MQMVTQXAFASDUXTS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_1748_SESPMKKHNMVAVSAK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\d3dcompiler_47.dll
Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\d3dcompiler_47.dll
Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\d3dcompiler_47.dll
Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\libEGL.dll
Filesize
375KB

MD5
b7098705fc1cfc723fcbfc9af82c51d4

SHA1
965326988eae817e2ca947f742a4fa4adfb2b669

SHA256
205da7f88661d990aaaed88502d234ac360c3b970a3ba86b6b45c5380f86b8e2

SHA512
d770f2d0df1e560c04afe02abfae3d847c20e7de917f230c1e2de6cc2b7989b451c2bab083baf6d13d4eb6f39caa16b744fa5e6aa6f4d5a6ea91fd069b54fd13

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\libEGL.dll
Filesize
375KB

MD5
b7098705fc1cfc723fcbfc9af82c51d4

SHA1
965326988eae817e2ca947f742a4fa4adfb2b669

SHA256
205da7f88661d990aaaed88502d234ac360c3b970a3ba86b6b45c5380f86b8e2

SHA512
d770f2d0df1e560c04afe02abfae3d847c20e7de917f230c1e2de6cc2b7989b451c2bab083baf6d13d4eb6f39caa16b744fa5e6aa6f4d5a6ea91fd069b54fd13

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\libEGL.dll
Filesize
375KB

MD5
b7098705fc1cfc723fcbfc9af82c51d4

SHA1
965326988eae817e2ca947f742a4fa4adfb2b669

SHA256
205da7f88661d990aaaed88502d234ac360c3b970a3ba86b6b45c5380f86b8e2

SHA512
d770f2d0df1e560c04afe02abfae3d847c20e7de917f230c1e2de6cc2b7989b451c2bab083baf6d13d4eb6f39caa16b744fa5e6aa6f4d5a6ea91fd069b54fd13

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\libGLESv2.dll
Filesize
6.0MB

MD5
a459b1dccee0a366ad6b525d2ba40d31

SHA1
65b63d55a59661c76119758296f0e3b5f0b02a26

SHA256
98548e9c4a9985c2b40546fe346453fe0c8aa670e10a575d40a4a14c9ca93b62

SHA512
369d5415c93a38874a1cde61cd6407dc7422aec9cafd078b49c4aa8d5f519589bd80683f860b3e3fed56d70d43ae7f5c9b0559334008dd748b213acfd5d8262d

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\libGLESv2.dll
Filesize
6.0MB

MD5
a459b1dccee0a366ad6b525d2ba40d31

SHA1
65b63d55a59661c76119758296f0e3b5f0b02a26

SHA256
98548e9c4a9985c2b40546fe346453fe0c8aa670e10a575d40a4a14c9ca93b62

SHA512
369d5415c93a38874a1cde61cd6407dc7422aec9cafd078b49c4aa8d5f519589bd80683f860b3e3fed56d70d43ae7f5c9b0559334008dd748b213acfd5d8262d

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\libGLESv2.dll
Filesize
6.0MB

MD5
a459b1dccee0a366ad6b525d2ba40d31

SHA1
65b63d55a59661c76119758296f0e3b5f0b02a26

SHA256
98548e9c4a9985c2b40546fe346453fe0c8aa670e10a575d40a4a14c9ca93b62

SHA512
369d5415c93a38874a1cde61cd6407dc7422aec9cafd078b49c4aa8d5f519589bd80683f860b3e3fed56d70d43ae7f5c9b0559334008dd748b213acfd5d8262d

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\squirrel.exe
Filesize
2.1MB

MD5
42cf3e8c6361d5f6f58554eb55718f93

SHA1
b02f59b6098b2d6adc1d1c36af0cae9374916f86

SHA256
e0439e271e62bcc6d980fcbf6569e65e09e635ecf5dcf47eac63c932ec8c2753

SHA512
7f6987472fb67dc0c4e323020c81e9bde2b78304cb6540ce59da42dbe6b4fd8223e9991d2a5dc1eabba5736f1c03cb3ef054f6d4deab319c247a2f89bf304820

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\squirrel.exe
Filesize
2.1MB

MD5
42cf3e8c6361d5f6f58554eb55718f93

SHA1
b02f59b6098b2d6adc1d1c36af0cae9374916f86

SHA256
e0439e271e62bcc6d980fcbf6569e65e09e635ecf5dcf47eac63c932ec8c2753

SHA512
7f6987472fb67dc0c4e323020c81e9bde2b78304cb6540ce59da42dbe6b4fd8223e9991d2a5dc1eabba5736f1c03cb3ef054f6d4deab319c247a2f89bf304820

Download Submit
\Users\Admin\AppData\Local\Prepros\app-7.6.0\squirrel.exe
Filesize
2.1MB

MD5
42cf3e8c6361d5f6f58554eb55718f93

SHA1
b02f59b6098b2d6adc1d1c36af0cae9374916f86

SHA256
e0439e271e62bcc6d980fcbf6569e65e09e635ecf5dcf47eac63c932ec8c2753

SHA512
7f6987472fb67dc0c4e323020c81e9bde2b78304cb6540ce59da42dbe6b4fd8223e9991d2a5dc1eabba5736f1c03cb3ef054f6d4deab319c247a2f89bf304820

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
e7d118758687987883b663e7830f55ad

SHA1
b0417dd8c1071c1d339e186b23f153f01b12c0c6

SHA256
847364df41b463680ed259e6f5e30e7bb24210d22c20e1bd9da5f7a9d4f06949

SHA512
c47833061de70b7fccb327f67b0976d17d76eb0cb2e179733640eb9f6523cf21990f6fb7690cb27408de5849097417df298ebddd43da23820751d5543bbbc3fd

Download Submit
memory/364-137-0x0000000000000000-mapping.dmp

Download
memory/388-141-0x0000000000000000-mapping.dmp

Download
memory/808-67-0x0000000000000000-mapping.dmp

Download
memory/808-70-0x0000000000890000-0x0000000000AAE000-memory.dmp

Filesize
2.1MB

Download
memory/1048-139-0x0000000000000000-mapping.dmp

Download
memory/1068-86-0x0000000000000000-mapping.dmp

Download
memory/1360-92-0x0000000000000000-mapping.dmp

Download
memory/1552-98-0x0000000000000000-mapping.dmp

Download
memory/1748-76-0x0000000000000000-mapping.dmp

Download
memory/1888-65-0x0000000000480000-0x000000000048A000-memory.dmp

Filesize
40KB

Download
memory/1888-59-0x0000000000B10000-0x0000000000CD4000-memory.dmp

Filesize
1.8MB

Download
memory/1888-56-0x0000000000000000-mapping.dmp

Download
memory/2020-54-0x0000000075E01000-0x0000000075E03000-memory.dmp

Filesize
8KB

Download
memory/2136-190-0x0000000000000000-mapping.dmp

Download
memory/2364-228-0x0000000000000000-mapping.dmp

Download
memory/2568-266-0x0000000000000000-mapping.dmp

Download