locky | 8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4

Analysis

max time kernel
144s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
09-01-2023 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Prepros-Setup-7.6.0.exe
Size

226.8MB
MD5

3a734395c8d70263eb3b41d3eda9ee7d
SHA1

26644f9adbdd330eeb9f07379bd2f3fc67fa737a
SHA256

8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4
SHA512

1e82cd06f5960049f99d3ea7a026f52c955f36de73d5996f62614eea577770b42c73d2b606454cc8d6a20664ec23d8e7be0e6bc2ef4d16a6c35784c920d0fda6
SSDEEP

6291456:REqeKBbSB1OF3XLM5c8nfK10uPgq7mULvhOs93YbLr2FPo:REOBmB1OJY5LfK10jamM5Os93Pq

Score

10^/10

locky discovery ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky

Executes dropped EXE 10 IoCs

Processes:

Update.exeSquirrel.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exe

pid	process
3724	Update.exe
3176	Squirrel.exe
1500	Prepros.exe
3940	Prepros.exe
2816	Prepros.exe
4972	Prepros.exe
1344	Prepros.exe
1540	Prepros.exe
1196	Prepros.exe
2780	Prepros.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Update.exePrepros.exePrepros.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	Prepros.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	Prepros.exe

Loads dropped DLL 13 IoCs

Processes:

Prepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exePrepros.exe

pid	process
1500	Prepros.exe
3940	Prepros.exe
2816	Prepros.exe
4972	Prepros.exe
1344	Prepros.exe
1344	Prepros.exe
1344	Prepros.exe
1344	Prepros.exe
1344	Prepros.exe
1344	Prepros.exe
1540	Prepros.exe
1196	Prepros.exe
2780	Prepros.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

Prepros.exeUpdate.exePrepros.exe

pid	process
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
1500	Prepros.exe
3724	Update.exe
3724	Update.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

Prepros.exeUpdate.exe

description	pid	process
Token: SeShutdownPrivilege	2816	Prepros.exe
Token: SeCreatePagefilePrivilege	2816	Prepros.exe
Token: SeShutdownPrivilege	2816	Prepros.exe
Token: SeCreatePagefilePrivilege	2816	Prepros.exe
Token: SeDebugPrivilege	3724	Update.exe
Token: SeShutdownPrivilege	2816	Prepros.exe
Token: SeCreatePagefilePrivilege	2816	Prepros.exe
Token: SeShutdownPrivilege	2816	Prepros.exe
Token: SeCreatePagefilePrivilege	2816	Prepros.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

Update.exePrepros.exe

pid process

3724 Update.exe
2816 Prepros.exe
2816 Prepros.exe
2816 Prepros.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

Prepros.exe

pid process

2816 Prepros.exe
2816 Prepros.exe
2816 Prepros.exe
2816 Prepros.exe

pid	process
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe
2816	Prepros.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Prepros-Setup-7.6.0.exeUpdate.exePrepros.exePrepros.exe

description	pid	process	target process
PID 4048 wrote to memory of 3724	4048	Prepros-Setup-7.6.0.exe	Update.exe
PID 4048 wrote to memory of 3724	4048	Prepros-Setup-7.6.0.exe	Update.exe
PID 4048 wrote to memory of 3724	4048	Prepros-Setup-7.6.0.exe	Update.exe
PID 3724 wrote to memory of 3176	3724	Update.exe	Squirrel.exe
PID 3724 wrote to memory of 3176	3724	Update.exe	Squirrel.exe
PID 3724 wrote to memory of 3176	3724	Update.exe	Squirrel.exe
PID 3724 wrote to memory of 1500	3724	Update.exe	Prepros.exe
PID 3724 wrote to memory of 1500	3724	Update.exe	Prepros.exe
PID 3724 wrote to memory of 1500	3724	Update.exe	Prepros.exe
PID 1500 wrote to memory of 3940	1500	Prepros.exe	Prepros.exe
PID 1500 wrote to memory of 3940	1500	Prepros.exe	Prepros.exe
PID 1500 wrote to memory of 3940	1500	Prepros.exe	Prepros.exe
PID 3724 wrote to memory of 2816	3724	Update.exe	Prepros.exe
PID 3724 wrote to memory of 2816	3724	Update.exe	Prepros.exe
PID 3724 wrote to memory of 2816	3724	Update.exe	Prepros.exe
PID 2816 wrote to memory of 4972	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 4972	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 4972	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1344	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1540	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1540	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1540	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1196	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1196	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 1196	2816	Prepros.exe	Prepros.exe
PID 2816 wrote to memory of 2780	2816	Prepros.exe	Prepros.exe

C:\Users\Admin\AppData\Local\Temp\Prepros-Setup-7.6.0.exe
"C:\Users\Admin\AppData\Local\Temp\Prepros-Setup-7.6.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4048

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3724

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
3⤵
- Executes dropped EXE
PID:3176

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --squirrel-install 7.6.0
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1500

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Prepros /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Prepros\Crashpad --url=https://sentry.io/api/1863100/minidump/?sentry_key=049c8416847c4b8e8e49cfc359154f7a --annotation=_productName=Prepros --annotation=_version=7.6.0 --annotation=prod=Electron --annotation=sentry___initialScope={} --annotation=ver=18.3.1 --initial-client-data=0x478,0x47c,0x480,0x474,0x484,0x7a31e40,0x7a31e50,0x7a31e5c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3940

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --squirrel-firstrun
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Prepros /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Prepros\Crashpad --url=https://sentry.io/api/1863100/minidump/?sentry_key=049c8416847c4b8e8e49cfc359154f7a --annotation=_productName=Prepros --annotation=_version=7.6.0 --annotation=prod=Electron --annotation=sentry___initialScope={} --annotation=ver=18.3.1 --initial-client-data=0x478,0x47c,0x480,0x474,0x484,0x7a31e40,0x7a31e50,0x7a31e5c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4972

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1748,i,1681499549332200465,10033435178680059823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1344

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --mojo-platform-channel-handle=2096 --field-trial-handle=1748,i,1681499549332200465,10033435178680059823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1540

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --app-user-model-id=com.squirrel.Prepros.Prepros --app-path="C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --node-integration-in-worker --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2288 --field-trial-handle=1748,i,1681499549332200465,10033435178680059823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:1196

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
"C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Prepros-7" --mojo-platform-channel-handle=2324 --field-trial-handle=1748,i,1681499549332200465,10033435178680059823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\D3DCompiler_47.dll
Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
122.8MB

MD5
59d0eb2917a3d8aa70d80148f4b4a849

SHA1
a4c11b5c44bdee5cfca888909701e68fbc6f523b

SHA256
273fe71a9361e1904ef494b8536e524eb2facc5699e930332dd94b60d2a21523

SHA512
f6074e4d532aef5956533c30f1f8125629f40ddeb418a80df6d9a21a808cda43a7165d6db89a21b6872f1c316ea2231fde5b36011bb8dea21b31b342b7be5a74

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
101.1MB

MD5
ab90a34da6be40e2d227adfdf6c59a1d

SHA1
774ce21b34f49c73768485bff541b252e2607cbd

SHA256
74a5cc05110266223b8625ac07446de973186ec0cd207579312d84bfd17ce3f1

SHA512
d09965a46a86d414f452167eb85a5c9ec0b117fb63f433bb1b1169a991c39ddbdbc049e0b64908246223aa5f1ee7f745903911ecbd1271b75a22fd0e3c0077e4

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Prepros.exe
Filesize
54.9MB

MD5
1f48be869830ee7913e6c2ba2a190960

SHA1
36470456587ed41a9b95efd382a6e60fc9b85c18

SHA256
4305eeeb85cd1a8a4bad7907264508eea901a4db1861e9d66a46fc1dbdb94238

SHA512
976a9bbf5befaeafb166a43666b717b1ff75504061bfb64d49a39f9cf45cc1cf675712ad01ff942ac1ee98ec040f3c018155bc950927efb798ff247d1c22153c

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\Squirrel.exe
Filesize
2.1MB

MD5
42cf3e8c6361d5f6f58554eb55718f93

SHA1
b02f59b6098b2d6adc1d1c36af0cae9374916f86

SHA256
e0439e271e62bcc6d980fcbf6569e65e09e635ecf5dcf47eac63c932ec8c2753

SHA512
7f6987472fb67dc0c4e323020c81e9bde2b78304cb6540ce59da42dbe6b4fd8223e9991d2a5dc1eabba5736f1c03cb3ef054f6d4deab319c247a2f89bf304820

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\chrome_100_percent.pak
Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\chrome_200_percent.pak
Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\d3dcompiler_47.dll
Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\ffmpeg.dll
Filesize
2.5MB

MD5
a847325843fc91a81afa9d1e60d7698f

SHA1
a61d50da926b7391ff5d689c6b04539193b3ddca

SHA256
c1566ca4660a2bfad7da4ef93cd6fec16ea83b23b94f51d8ebcb25318d53174b

SHA512
f634afb56ae5842924a0ffb5c580cbf4f2fdf00d0829d318dbc62991fb5105ddbcfc8d588ecb096bebc4fa10bd28004779f857cfb22b2a817271d9bc8e8002fb

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\libEGL.dll
Filesize
375KB

MD5
b7098705fc1cfc723fcbfc9af82c51d4

SHA1
965326988eae817e2ca947f742a4fa4adfb2b669

SHA256
205da7f88661d990aaaed88502d234ac360c3b970a3ba86b6b45c5380f86b8e2

SHA512
d770f2d0df1e560c04afe02abfae3d847c20e7de917f230c1e2de6cc2b7989b451c2bab083baf6d13d4eb6f39caa16b744fa5e6aa6f4d5a6ea91fd069b54fd13

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\libGLESv2.dll
Filesize
6.0MB

MD5
a459b1dccee0a366ad6b525d2ba40d31

SHA1
65b63d55a59661c76119758296f0e3b5f0b02a26

SHA256
98548e9c4a9985c2b40546fe346453fe0c8aa670e10a575d40a4a14c9ca93b62

SHA512
369d5415c93a38874a1cde61cd6407dc7422aec9cafd078b49c4aa8d5f519589bd80683f860b3e3fed56d70d43ae7f5c9b0559334008dd748b213acfd5d8262d

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\libegl.dll
Filesize
375KB

MD5
b7098705fc1cfc723fcbfc9af82c51d4

SHA1
965326988eae817e2ca947f742a4fa4adfb2b669

SHA256
205da7f88661d990aaaed88502d234ac360c3b970a3ba86b6b45c5380f86b8e2

SHA512
d770f2d0df1e560c04afe02abfae3d847c20e7de917f230c1e2de6cc2b7989b451c2bab083baf6d13d4eb6f39caa16b744fa5e6aa6f4d5a6ea91fd069b54fd13

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\libglesv2.dll
Filesize
6.0MB

MD5
a459b1dccee0a366ad6b525d2ba40d31

SHA1
65b63d55a59661c76119758296f0e3b5f0b02a26

SHA256
98548e9c4a9985c2b40546fe346453fe0c8aa670e10a575d40a4a14c9ca93b62

SHA512
369d5415c93a38874a1cde61cd6407dc7422aec9cafd078b49c4aa8d5f519589bd80683f860b3e3fed56d70d43ae7f5c9b0559334008dd748b213acfd5d8262d

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\locales\es.pak
Filesize
137KB

MD5
e9b6d88c4a56b81aa136fbbafc818bbf

SHA1
ff6f24ce4375ec4f8438bcc8ce620853fcaa099a

SHA256
07ebba3ca9248b15ba39c0cc48aec98a19b4a8f70850ac8cdbdefc4312f36dd7

SHA512
33a0687fbdd916036dcfdb0685b145066846f6c90e880452291c62ac6699e957fae54e75ab9e6106a63d03d19b2ab425dfa337617b0107433ccdb7df9382c94b

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\resources.pak
Filesize
4.9MB

MD5
ff31c1a39edc8202e052a41fb977a300

SHA1
f220ed82575e346c2fb086c0868c07318d57ef92

SHA256
965dcddcb984a231fb2356d6d7ff4e047c2d8fa527442fa64981ab5d254525c9

SHA512
3b3370dd630fd200969331ae7d9b7e005cfbc3aa41ad128274bdc7797de2eca89998787a90a96baecf25ffc64e2c764cb75051efbac57c679abfd17b47873cce

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\resources\app.asar
Filesize
340.2MB

MD5
68cc9bd2b666b0c0c18364afdf69ae56

SHA1
3e7aa3f9284dea67f0796a557c42a72c8c7d970f

SHA256
3b89bd01d3c0af92dfbee988acac39ded023d7de5879b3530b353a18eaa3c4b3

SHA512
726e8585c61d31f290b5bec442628100cb0253e9d9e05b6112571fae12300529a51a7444ebbd9a247133ea259669f42ee9b64721cffd2e2568556e820de2df20

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\squirrel.exe
Filesize
2.1MB

MD5
42cf3e8c6361d5f6f58554eb55718f93

SHA1
b02f59b6098b2d6adc1d1c36af0cae9374916f86

SHA256
e0439e271e62bcc6d980fcbf6569e65e09e635ecf5dcf47eac63c932ec8c2753

SHA512
7f6987472fb67dc0c4e323020c81e9bde2b78304cb6540ce59da42dbe6b4fd8223e9991d2a5dc1eabba5736f1c03cb3ef054f6d4deab319c247a2f89bf304820

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\v8_context_snapshot.bin
Filesize
592KB

MD5
5490a6b619c784169f5db60ba31af7e2

SHA1
53d05e3e8da46fcfe7ab770c6534d1bc12da3e34

SHA256
a2336d5925b57213f27843b66d4d19766bd2c7eb611833583fb496397e76aa34

SHA512
ed323b42b1450962eed7ce7fc9afbdfbed2e25db9aed85051ea403da92080e3ccf01a53cdff24d94fa97d52433a9d311ae37462058d49c057ee6dff5cf6f52c8

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\vk_swiftshader.dll
Filesize
3.9MB

MD5
4c2b61dfaaad9e24e09ce333ae94c15e

SHA1
cde1f5d463d4272b766fb47ba25b79c5c891306c

SHA256
b9d621bd0bdaa5f3b9997e78d524966f91e89789aa2691e497033f4c928d9581

SHA512
4e55d1cc03b21e9ea6c241d116a12bcdd69a68b6125746d3c04407e1764882a17607c4a492e9fbe8af61b4d34747b432352c6ed2ab45daddc6829b83d4610c42

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\vk_swiftshader.dll
Filesize
3.9MB

MD5
4c2b61dfaaad9e24e09ce333ae94c15e

SHA1
cde1f5d463d4272b766fb47ba25b79c5c891306c

SHA256
b9d621bd0bdaa5f3b9997e78d524966f91e89789aa2691e497033f4c928d9581

SHA512
4e55d1cc03b21e9ea6c241d116a12bcdd69a68b6125746d3c04407e1764882a17607c4a492e9fbe8af61b4d34747b432352c6ed2ab45daddc6829b83d4610c42

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\vulkan-1.dll
Filesize
751KB

MD5
b3e2c2ff66cfe65bbcced715f4dd9296

SHA1
9bb8166a9a044bfa6826c8878c2b0d552eb8a543

SHA256
07db369968e53a4f4d75768944e836802de7d1337934630d6c718caa188aa133

SHA512
e61ac9153be4a670a46912005c01f897df38e2a7912cd1abeb63214bd9177bcc908ac88b02d2c2600598becf0c9db730dd555d8b6fb5c87206be858242d54914

Download Submit
C:\Users\Admin\AppData\Local\Prepros\app-7.6.0\vulkan-1.dll
Filesize
751KB

MD5
b3e2c2ff66cfe65bbcced715f4dd9296

SHA1
9bb8166a9a044bfa6826c8878c2b0d552eb8a543

SHA256
07db369968e53a4f4d75768944e836802de7d1337934630d6c718caa188aa133

SHA512
e61ac9153be4a670a46912005c01f897df38e2a7912cd1abeb63214bd9177bcc908ac88b02d2c2600598becf0c9db730dd555d8b6fb5c87206be858242d54914

Download Submit
C:\Users\Admin\AppData\Local\Prepros\update.exe
Filesize
1.8MB

MD5
e7d118758687987883b663e7830f55ad

SHA1
b0417dd8c1071c1d339e186b23f153f01b12c0c6

SHA256
847364df41b463680ed259e6f5e30e7bb24210d22c20e1bd9da5f7a9d4f06949

SHA512
c47833061de70b7fccb327f67b0976d17d76eb0cb2e179733640eb9f6523cf21990f6fb7690cb27408de5849097417df298ebddd43da23820751d5543bbbc3fd

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Prepros-7.6.0-full.nupkg
Filesize
227.4MB

MD5
9ee46e46878aa658b0cdc80d196811b6

SHA1
a7224330fa37367703afabf41a598e0785843762

SHA256
d0712dda0ea6a2d5c478db30e9c15fe33f01d5569ce36587b4e7bf7ee73f79dc

SHA512
37899599ef698ef8c13f97e821d5299f09c7ad143d255748fc239a927698537d2eadbea28801f3d4efe49f47c57a78bfaf1f452f66c1b9fa864574cbf48c232f

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
Filesize
78B

MD5
815e86408ed524f5a414ddeb552ca31d

SHA1
ed4e84de12a4396799e7d8a447be5e048a3b7d78

SHA256
ecf2da0ea368a10fe20ff700f5e7b542cf369c258e2dc9e057b1f027de4a38b2

SHA512
075d442cf1bd2c74a002736628d9c769a2e394968672d867b5155aabfba75885d8c5d6b00934dbb7fdbe774ce4b5e5fa8e90653c785dabc85fc41b6f6e29d747

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
e7d118758687987883b663e7830f55ad

SHA1
b0417dd8c1071c1d339e186b23f153f01b12c0c6

SHA256
847364df41b463680ed259e6f5e30e7bb24210d22c20e1bd9da5f7a9d4f06949

SHA512
c47833061de70b7fccb327f67b0976d17d76eb0cb2e179733640eb9f6523cf21990f6fb7690cb27408de5849097417df298ebddd43da23820751d5543bbbc3fd

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
e7d118758687987883b663e7830f55ad

SHA1
b0417dd8c1071c1d339e186b23f153f01b12c0c6

SHA256
847364df41b463680ed259e6f5e30e7bb24210d22c20e1bd9da5f7a9d4f06949

SHA512
c47833061de70b7fccb327f67b0976d17d76eb0cb2e179733640eb9f6523cf21990f6fb7690cb27408de5849097417df298ebddd43da23820751d5543bbbc3fd

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif
Filesize
49KB

MD5
ebcf5809bb4c06214f453de9800527cf

SHA1
11ad20a7a9ef0e3d84a9f5155c9238af375a7c2f

SHA256
a63ed119ae1bb9e4d6bcd8d85968bc0b6edcf17295d59666bd2b8b2ed4eaf070

SHA512
b91470445bf7e10bf1dfb7b1c29cc12a90501bb8a87f31eb6c173fc4812c4e15b1a9d9c88f45f819830f814ab77b40ea6420838903cea7e8741eb79f73ee121a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico
Filesize
361KB

MD5
d95e66d23f39836c6bbe6eccb123fd3a

SHA1
96699a7ee1587e204029c50b34642ef49375e745

SHA256
f723d5298ba3b8ef4dbf70b47f9d5ffa936e39d4e1ec634514e5b6c927e493f1

SHA512
b56780e6fe67ffa513da01a3a9c9a5d2c5eb62b6f7b5e95adcceb71994ed5819aabc35736fa1a9a8b408806dcab82e6595576c063724c1e234e0795698f49274

Download Submit
C:\Users\Admin\AppData\Roaming\Prepros\Crashpad\settings.dat
Filesize
40B

MD5
bb63cc1a6865030a1809b6e82201f998

SHA1
56af9821fc11523b77cde86b7d3a15a51d830724

SHA256
dd24cb95aa63059d61d1106fa3220ddf456b75aa366093208c3362b1e67c6348

SHA512
e9c2377359cc8105942af39c2970b145f9e2f3aa164b43f30e78f473fd93be6a83411c6d54dc9153609a91748c3b9f56bfcc18cd344512634e4cb7ad9cc0b92f

Download Submit
\??\pipe\crashpad_2816_JGBLORMFKVWZVKLI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1196-192-0x0000000000000000-mapping.dmp

Download
memory/1344-170-0x0000000000000000-mapping.dmp

Download
memory/1500-147-0x0000000000000000-mapping.dmp

Download
memory/1540-187-0x0000000000000000-mapping.dmp

Download
memory/2780-196-0x0000000000000000-mapping.dmp

Download
memory/2816-158-0x0000000000000000-mapping.dmp

Download
memory/3176-146-0x0000000000CA0000-0x0000000000EBE000-memory.dmp

Filesize
2.1MB

Download
memory/3176-143-0x0000000000000000-mapping.dmp

Download
memory/3724-132-0x0000000000000000-mapping.dmp

Download
memory/3724-142-0x000000000AA70000-0x000000000AA7E000-memory.dmp

Filesize
56KB

Download
memory/3724-135-0x0000000000D40000-0x0000000000F04000-memory.dmp

Filesize
1.8MB

Download
memory/3724-137-0x0000000006230000-0x0000000006332000-memory.dmp

Filesize
1.0MB

Download
memory/3724-193-0x0000000001360000-0x0000000001380000-memory.dmp

Filesize
128KB

Download
memory/3724-186-0x000000000ACE0000-0x000000000AD72000-memory.dmp

Filesize
584KB

Download
memory/3724-141-0x000000000AA90000-0x000000000AAC8000-memory.dmp

Filesize
224KB

Download
memory/3724-191-0x0000000005E40000-0x0000000005E5A000-memory.dmp

Filesize
104KB

Download
memory/3940-155-0x0000000000000000-mapping.dmp

Download
memory/4972-161-0x0000000000000000-mapping.dmp

Download