cc142d1cb00c0abe5496a32ecc5591533a5a0e4dd0f743bb0c9e5402e8bfa38e

Analysis

max time kernel
151s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2023 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Feather Launcher Setup 1.4.8.exe
Size

106.7MB
MD5

4234902e03d0de35cfdf2e325804a4b0
SHA1

e339fc0e19bbc25c5e9c32b5dbaee48b54c92f2b
SHA256

cc142d1cb00c0abe5496a32ecc5591533a5a0e4dd0f743bb0c9e5402e8bfa38e
SHA512

a20d6715d3a481aed61710bd43d2ce62a872f672d3a93bbbe0954e7d91d0247c046081e218dee3699cb660a0baca663147d8f78c45f1a9404bf7932668752366
SSDEEP

3145728:SrQEzgfHUoBz+GBTRJmgm0IDdFO7Ahhq60XYJMP2Zo:nwAzlggmty7Ahh9mxeo

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	VC_redist.x64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Feather Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Feather Launcher.exe

Executes dropped EXE 11 IoCs

pid	Process
4612	vcredist_x64.exe
3412	vcredist_x64.exe
3140	VC_redist.x64.exe
4816	VC_redist.x64.exe
5116	VC_redist.x64.exe
3608	Feather Launcher.exe
3464	Feather Launcher.exe
4120	Feather Launcher.exe
3876	Feather Launcher.exe
812	Feather Launcher.exe
1472	Feather Launcher.exe

Loads dropped DLL 24 IoCs

pid	Process
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
3412	vcredist_x64.exe
4816	VC_redist.x64.exe
3608	Feather Launcher.exe
3464	Feather Launcher.exe
4120	Feather Launcher.exe
3464	Feather Launcher.exe
3464	Feather Launcher.exe
3464	Feather Launcher.exe
3876	Feather Launcher.exe
3464	Feather Launcher.exe
3464	Feather Launcher.exe
3876	Feather Launcher.exe
3876	Feather Launcher.exe
812	Feather Launcher.exe
1472	Feather Launcher.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} = "\"C:\\ProgramData\\Package Cache\\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\\vcredist_x64.exe\" /burn.runonce"	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} = "\"C:\\ProgramData\\Package Cache\\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

Drops file in System32 directory 50 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Feather Launcher\locales	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\ta.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\ru.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\Uninstall Feather Launcher.exe	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\icudtl.dat	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\vk_swiftshader.dll	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\bg.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\vi.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\snapshot_blob.bin	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\vulkan-1.dll	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\zh-CN.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\resources\app-update.yml	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\lv.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\sw.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\hi.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\ko.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\nb.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\pt-PT.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\tr.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\uk.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\et.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\gu.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\ur.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\ca.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\id.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\sl.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\chrome_200_percent.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\am.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\pt-BR.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\v8_context_snapshot.bin	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\lt.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\sk.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\resources\app.asar.unpacked\native\cleanup.feather	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\libGLESv2.dll	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\de.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\el.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\fa.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\ja.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\ffmpeg.dll	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\libEGL.dll	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\cs.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\da.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\en-GB.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\es.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\fi.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\fr.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\Feather Launcher.exe	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\LICENSE.electron.txt	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\th.pak	Feather Launcher Setup 1.4.8.exe
File opened for modification	C:\Program Files\Feather Launcher\resources\app.asar.unpacked	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\he.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\ms.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\hr.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\hu.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\mr.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\pl.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\zh-TW.pak	Feather Launcher Setup 1.4.8.exe
File opened for modification	C:\Program Files\Feather Launcher\chrome_100_percent.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\fil.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\sv.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\d3dcompiler_47.dll	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\it.pak	Feather Launcher Setup 1.4.8.exe
File created	C:\Program Files\Feather Launcher\locales\sr.pak	Feather Launcher Setup 1.4.8.exe
File opened for modification	C:\Program Files\Feather Launcher\resources	Feather Launcher Setup 1.4.8.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e578d6b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA7EB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9F8E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e578d6b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI901A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9309.tmp	msiexec.exe
File created	C:\Windows\Installer\e578d7c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\e578d8f.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{AE043016-3897-41D4-870B-1DAEE62CF152}	msiexec.exe
File created	C:\Windows\Installer\e578d7b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e578d7c.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{12A2980B-E47B-491B-92F5-0BC703841ED4}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3548	4816	WerFault.exe	101

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000045e03923b2b2bc3e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000045e039230000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff00000000070001000068090045e03923000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000045e0392300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000045e0392300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Dependents	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\PackageCode = "F96055D82F2822E4CA2882E9779EF982"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30708"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\610340EA79834D1478B0D1EA6EC21F25	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{AE043016-3897-41D4-870B-1DAEE62CF152}v14.30.30708\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30708"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Assignment = "1"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25\Provider	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D\VC_Runtime_Additional	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D\Servicing_Key	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Version = "236877812"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\ProductName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30708"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30708"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{AE043016-3897-41D4-870B-1DAEE62CF152}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25\Servicing_Key	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\PackageCode = "EC0A963907F595049ADA5482152F864A"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Version = "12.0.40649.5"	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Version = "14.30.30708.0"	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Version = "236877812"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\DeploymentFlags = "3"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v12	vcredist_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v12\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.30.30708"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\ = "{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}"	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{AE043016-3897-41D4-870B-1DAEE62CF152}v14.30.30708\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\B0892A21B74EB194295FB07C3048E14D	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.30.30708"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D\Provider	msiexec.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Feather Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Feather Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Feather Launcher.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4396	Feather Launcher Setup 1.4.8.exe
4956	msiexec.exe
4956	msiexec.exe
4956	msiexec.exe
4956	msiexec.exe
4956	msiexec.exe
4956	msiexec.exe
4956	msiexec.exe
4956	msiexec.exe
812	Feather Launcher.exe
812	Feather Launcher.exe
1472	Feather Launcher.exe
1472	Feather Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4396	Feather Launcher Setup 1.4.8.exe
Token: SeBackupPrivilege	1628	vssvc.exe
Token: SeRestorePrivilege	1628	vssvc.exe
Token: SeAuditPrivilege	1628	vssvc.exe
Token: SeBackupPrivilege	3408	srtasks.exe
Token: SeRestorePrivilege	3408	srtasks.exe
Token: SeSecurityPrivilege	3408	srtasks.exe
Token: SeTakeOwnershipPrivilege	3408	srtasks.exe
Token: SeShutdownPrivilege	5116	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	5116	VC_redist.x64.exe
Token: SeSecurityPrivilege	4956	msiexec.exe
Token: SeCreateTokenPrivilege	5116	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	5116	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	5116	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	5116	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	5116	VC_redist.x64.exe
Token: SeTcbPrivilege	5116	VC_redist.x64.exe
Token: SeSecurityPrivilege	5116	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	5116	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	5116	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	5116	VC_redist.x64.exe
Token: SeSystemtimePrivilege	5116	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	5116	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	5116	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	5116	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	5116	VC_redist.x64.exe
Token: SeBackupPrivilege	5116	VC_redist.x64.exe
Token: SeRestorePrivilege	5116	VC_redist.x64.exe
Token: SeShutdownPrivilege	5116	VC_redist.x64.exe
Token: SeDebugPrivilege	5116	VC_redist.x64.exe
Token: SeAuditPrivilege	5116	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	5116	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	5116	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	5116	VC_redist.x64.exe
Token: SeUndockPrivilege	5116	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	5116	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	5116	VC_redist.x64.exe
Token: SeManageVolumePrivilege	5116	VC_redist.x64.exe
Token: SeImpersonatePrivilege	5116	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	5116	VC_redist.x64.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeBackupPrivilege	3408	srtasks.exe
Token: SeRestorePrivilege	3408	srtasks.exe
Token: SeSecurityPrivilege	3408	srtasks.exe
Token: SeTakeOwnershipPrivilege	3408	srtasks.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe
Token: SeRestorePrivilege	4956	msiexec.exe
Token: SeTakeOwnershipPrivilege	4956	msiexec.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4612	4396	Feather Launcher Setup 1.4.8.exe	84
PID 4396 wrote to memory of 4612	4396	Feather Launcher Setup 1.4.8.exe	84
PID 4396 wrote to memory of 4612	4396	Feather Launcher Setup 1.4.8.exe	84
PID 4612 wrote to memory of 3412	4612	vcredist_x64.exe	85
PID 4612 wrote to memory of 3412	4612	vcredist_x64.exe	85
PID 4612 wrote to memory of 3412	4612	vcredist_x64.exe	85
PID 4396 wrote to memory of 3140	4396	Feather Launcher Setup 1.4.8.exe	100
PID 4396 wrote to memory of 3140	4396	Feather Launcher Setup 1.4.8.exe	100
PID 4396 wrote to memory of 3140	4396	Feather Launcher Setup 1.4.8.exe	100
PID 3140 wrote to memory of 4816	3140	VC_redist.x64.exe	101
PID 3140 wrote to memory of 4816	3140	VC_redist.x64.exe	101
PID 3140 wrote to memory of 4816	3140	VC_redist.x64.exe	101
PID 4816 wrote to memory of 5116	4816	VC_redist.x64.exe	102
PID 4816 wrote to memory of 5116	4816	VC_redist.x64.exe	102
PID 4816 wrote to memory of 5116	4816	VC_redist.x64.exe	102
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 3464	3608	Feather Launcher.exe	109
PID 3608 wrote to memory of 4120	3608	Feather Launcher.exe	110
PID 3608 wrote to memory of 4120	3608	Feather Launcher.exe	110
PID 3608 wrote to memory of 3876	3608	Feather Launcher.exe	111
PID 3608 wrote to memory of 3876	3608	Feather Launcher.exe	111
PID 3876 wrote to memory of 812	3876	Feather Launcher.exe	112
PID 3876 wrote to memory of 812	3876	Feather Launcher.exe	112
PID 3876 wrote to memory of 1472	3876	Feather Launcher.exe	113
PID 3876 wrote to memory of 1472	3876	Feather Launcher.exe	113

C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.4.8.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.4.8.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\vcredist_x64.exe
  "C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\vcredist_x64.exe" /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4612
- - C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\vcredist_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{FBCBC707-9547-4D00-B6C7-DA764C1DD0B6} {19F19E92-EAE2-4751-9366-4970B648B50B} 4612
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3412
- C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\VC_redist.x64.exe
  "C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\VC_redist.x64.exe" /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3140
- - C:\Windows\Temp\{0DCC9045-4ED5-4BBD-BF9A-D45581A7A285}\.cr\VC_redist.x64.exe
    "C:\Windows\Temp\{0DCC9045-4ED5-4BBD-BF9A-D45581A7A285}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\VC_redist.x64.exe" -burn.filehandle.attached=672 -burn.filehandle.self=792 /quiet /norestart
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\.be\VC_redist.x64.exe
      "C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{A14BB31E-7BE6-4CAB-A1F5-9E745F4DFE09} {E82FF2E5-119B-44A3-8D34-EE0F1ABD690C} 4816
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:5116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 1068
      4⤵
      Program crash
      PID:3548

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1628

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3408

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4816 -ip 4816
1⤵
PID:1960

C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1724,i,2240718668293756334,15050167954260138933,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3464
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --mojo-platform-channel-handle=1900 --field-trial-handle=1724,i,2240718668293756334,15050167954260138933,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4120
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --no-sandbox --no-zygote --disable-blink-features=GetDisplayMedia --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2356 --field-trial-handle=1724,i,2240718668293756334,15050167954260138933,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3876
- - C:\Program Files\Feather Launcher\Feather Launcher.exe
    "C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-mod-watcher-fork.js"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:812
- - C:\Program Files\Feather Launcher\Feather Launcher.exe
    "C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-skin-watcher-fork.js"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Feather Launcher\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
145.0MB

MD5
93dc9f86cc0b02d0c89599099447ab86

SHA1
2536fa3fdbf311fa0bfb8e7a7c1851b547c65935

SHA256
2c37b6d8125f411c2bc232a4f9c4dc6c11734f25383653e4fa7a1148adcb339f

SHA512
6fc0d61162d690c6013345334e52a1bf01b56becdfdbd976bf7e01793f299b671ad09e8510c6b3b610a22e7c1c5a50aaaa21184cb130e3e7105bee3457b6fcc1

Download Submit
C:\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
145.0MB

MD5
93dc9f86cc0b02d0c89599099447ab86

SHA1
2536fa3fdbf311fa0bfb8e7a7c1851b547c65935

SHA256
2c37b6d8125f411c2bc232a4f9c4dc6c11734f25383653e4fa7a1148adcb339f

SHA512
6fc0d61162d690c6013345334e52a1bf01b56becdfdbd976bf7e01793f299b671ad09e8510c6b3b610a22e7c1c5a50aaaa21184cb130e3e7105bee3457b6fcc1

Download Submit
C:\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
145.0MB

MD5
93dc9f86cc0b02d0c89599099447ab86

SHA1
2536fa3fdbf311fa0bfb8e7a7c1851b547c65935

SHA256
2c37b6d8125f411c2bc232a4f9c4dc6c11734f25383653e4fa7a1148adcb339f

SHA512
6fc0d61162d690c6013345334e52a1bf01b56becdfdbd976bf7e01793f299b671ad09e8510c6b3b610a22e7c1c5a50aaaa21184cb130e3e7105bee3457b6fcc1

Download Submit
C:\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
145.0MB

MD5
93dc9f86cc0b02d0c89599099447ab86

SHA1
2536fa3fdbf311fa0bfb8e7a7c1851b547c65935

SHA256
2c37b6d8125f411c2bc232a4f9c4dc6c11734f25383653e4fa7a1148adcb339f

SHA512
6fc0d61162d690c6013345334e52a1bf01b56becdfdbd976bf7e01793f299b671ad09e8510c6b3b610a22e7c1c5a50aaaa21184cb130e3e7105bee3457b6fcc1

Download Submit
C:\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
145.0MB

MD5
93dc9f86cc0b02d0c89599099447ab86

SHA1
2536fa3fdbf311fa0bfb8e7a7c1851b547c65935

SHA256
2c37b6d8125f411c2bc232a4f9c4dc6c11734f25383653e4fa7a1148adcb339f

SHA512
6fc0d61162d690c6013345334e52a1bf01b56becdfdbd976bf7e01793f299b671ad09e8510c6b3b610a22e7c1c5a50aaaa21184cb130e3e7105bee3457b6fcc1

Download Submit
C:\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
145.0MB

MD5
93dc9f86cc0b02d0c89599099447ab86

SHA1
2536fa3fdbf311fa0bfb8e7a7c1851b547c65935

SHA256
2c37b6d8125f411c2bc232a4f9c4dc6c11734f25383653e4fa7a1148adcb339f

SHA512
6fc0d61162d690c6013345334e52a1bf01b56becdfdbd976bf7e01793f299b671ad09e8510c6b3b610a22e7c1c5a50aaaa21184cb130e3e7105bee3457b6fcc1

Download Submit
C:\Program Files\Feather Launcher\Feather Launcher.exe

Filesize
145.0MB

MD5
93dc9f86cc0b02d0c89599099447ab86

SHA1
2536fa3fdbf311fa0bfb8e7a7c1851b547c65935

SHA256
2c37b6d8125f411c2bc232a4f9c4dc6c11734f25383653e4fa7a1148adcb339f

SHA512
6fc0d61162d690c6013345334e52a1bf01b56becdfdbd976bf7e01793f299b671ad09e8510c6b3b610a22e7c1c5a50aaaa21184cb130e3e7105bee3457b6fcc1

Download Submit
C:\Program Files\Feather Launcher\chrome_100_percent.pak

Filesize
126KB

MD5
a3d4515d3a33a407d313a62818e82a5d

SHA1
967ff9a6774a66f7b3299af4fd5d70961ed54d79

SHA256
662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0

SHA512
0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

Download Submit
C:\Program Files\Feather Launcher\chrome_200_percent.pak

Filesize
175KB

MD5
3bab45c70f22646cf8452c30903810cb

SHA1
40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766

SHA256
d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc

SHA512
85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

Download Submit
C:\Program Files\Feather Launcher\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Program Files\Feather Launcher\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Program Files\Feather Launcher\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Program Files\Feather Launcher\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Program Files\Feather Launcher\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Program Files\Feather Launcher\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Program Files\Feather Launcher\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Program Files\Feather Launcher\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Program Files\Feather Launcher\icudtl.dat

Filesize
10.0MB

MD5
6690f2b2384e1bf8961fda96a4d07691

SHA1
111f6dd9833c653908431621fe8fbc87f1135632

SHA256
cb73d42d36839708013393ad0e4e932fdda9a1acda9275ecdbe74fe89eea8366

SHA512
6a5242fdc0ba09e339151feae1b3f7a9f00a09288b6f4ea9305d1a09d8bc3015c074ee91de35b8d6fc765c2fb55ec37dd91b8e66b7a7bb3148cbc305de19b088

Download Submit
C:\Program Files\Feather Launcher\libEGL.dll

Filesize
458KB

MD5
655672c205e37b079c34a4427118479b

SHA1
e1d595a25e76f2f1be50f0ac3046e82462790d69

SHA256
498fafb59d3d1a91fa24f95a59411dacf3fb373408e8ea5f931e2ed6b2732d36

SHA512
a5ad3ac4e382d28d2d95cfc1b02ffca2ba1b5277567c1db81e14a87891e6ef9e5b8b2b56f4b63f8512c0b527dc3de7a5ebf5bb479dad827dfa17294f5874ab92

Download Submit
C:\Program Files\Feather Launcher\libGLESv2.dll

Filesize
7.1MB

MD5
eb2b911d33f5ba82109a0d5608c28334

SHA1
fbc578fbcfc88a132438b38e97bb87c16a9f698f

SHA256
2404be88c798b43499ab7466e2b04bd58510f0d3fa59049aba6ffb932b65c977

SHA512
19becd2003702813898893f7b1fcd1db179a76fbd201fe34471254b75ba5e98af262922adafe5ef0672302cdf4c0b1e2f8910fd2e51ded0f3c4d6c5a43de489e

Download Submit
C:\Program Files\Feather Launcher\libegl.dll

Filesize
458KB

MD5
655672c205e37b079c34a4427118479b

SHA1
e1d595a25e76f2f1be50f0ac3046e82462790d69

SHA256
498fafb59d3d1a91fa24f95a59411dacf3fb373408e8ea5f931e2ed6b2732d36

SHA512
a5ad3ac4e382d28d2d95cfc1b02ffca2ba1b5277567c1db81e14a87891e6ef9e5b8b2b56f4b63f8512c0b527dc3de7a5ebf5bb479dad827dfa17294f5874ab92

Download Submit
C:\Program Files\Feather Launcher\libglesv2.dll

Filesize
7.1MB

MD5
eb2b911d33f5ba82109a0d5608c28334

SHA1
fbc578fbcfc88a132438b38e97bb87c16a9f698f

SHA256
2404be88c798b43499ab7466e2b04bd58510f0d3fa59049aba6ffb932b65c977

SHA512
19becd2003702813898893f7b1fcd1db179a76fbd201fe34471254b75ba5e98af262922adafe5ef0672302cdf4c0b1e2f8910fd2e51ded0f3c4d6c5a43de489e

Download Submit
C:\Program Files\Feather Launcher\locales\en-US.pak

Filesize
296KB

MD5
1e9b12891461eefd9db12e537965329c

SHA1
bf2346e045f79a70218890764b9318fa86886b36

SHA256
bd67fc968d75e77f2bae7ad552c398ccc4dad8635d74814c2046f813010c45e7

SHA512
3f01b9fc7e07bf6f3f8cda357debb83f73bb24179f6926d0b24114ac0078f42941a68842453bd7ee86cb759ef76e240b84278ebe1541cb659fb7caf3cf5b6820

Download Submit
C:\Program Files\Feather Launcher\resources.pak

Filesize
5.1MB

MD5
2cccd68519bff7f6a45380607940ca9a

SHA1
107ed8e7aaf2ea4d8b290afc023fdede16e47254

SHA256
44387afe96c6d1cc6b24e6e05e42e92eb51d6c520743fc8e2eab06c683ba27e3

SHA512
da3c67f10ff1d741f6c4d5313f8f1887ad3232b33935d5576d321e2d0622f601fde3f3cae24b23f00e8e7f7f48aea49fcf4fde12aef2b396ea5697566f8b7128

Download Submit
C:\Program Files\Feather Launcher\resources\app.asar

Filesize
47.0MB

MD5
a1db8c60c43a7da333609bb27307dfe4

SHA1
7ace1759abd719ace2e638902f1ad3c5188497ba

SHA256
d68f04f3a01fd19b547f9f4e94c59db9b76e71ca35fa2ee509cf091619dbd48e

SHA512
67c14355dbb67e6ccd5416a6d2b71f694a65c5686ba81683767e5c97e7e4c301260c5715aa452e2a6c3c2e74c3aa1bc7a0a3adb442f8934a592b7c02a40a166d

Download Submit
C:\Program Files\Feather Launcher\v8_context_snapshot.bin

Filesize
716KB

MD5
b978b7e83b574a43fe766af2b670c1c4

SHA1
ab0d1211740fefe3b8ddc8bcb2400e68cc88ba4d

SHA256
f59fa568139442c7f547fc8a5a0fd090ddc8427cc409e2fcef0518a9dcb47a96

SHA512
ac0f297b128e83d55788aadf5870849781d81cc61461117c5cf22f757e20089acb640b3ebc2f3bb2fbe1659e75da73a63cb884be4a791a90702758e6c52dc706

Download Submit
C:\Program Files\Feather Launcher\vk_swiftshader.dll

Filesize
4.6MB

MD5
17bb7a2a7cd8ccd96ed19753cfc75bec

SHA1
7c996eaa179fd472a572a0efb3e243a81b283977

SHA256
070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8

SHA512
80ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4

Download Submit
C:\Program Files\Feather Launcher\vk_swiftshader.dll

Filesize
4.6MB

MD5
17bb7a2a7cd8ccd96ed19753cfc75bec

SHA1
7c996eaa179fd472a572a0efb3e243a81b283977

SHA256
070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8

SHA512
80ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4

Download Submit
C:\Program Files\Feather Launcher\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Program Files\Feather Launcher\vulkan-1.dll

Filesize
849KB

MD5
58871cf606db440509b56a3f764e72e3

SHA1
312e810cfcfb663b0da00eac3b87294c0b035cfa

SHA256
ea1f3a66f9322d20da4542c42595eb789e532a224a0338dc488e998ae00e59ea

SHA512
07279c40721414f6ab345f83d9189c3c7012a54fc839359cb33cf4793ea771507535518554be99bac339463b7bee89e263e7a5cdd3f443a550ca6476c350a2a4

Download Submit
C:\Program Files\Feather Launcher\vulkan-1.dll

Filesize
849KB

MD5
58871cf606db440509b56a3f764e72e3

SHA1
312e810cfcfb663b0da00eac3b87294c0b035cfa

SHA256
ea1f3a66f9322d20da4542c42595eb789e532a224a0338dc488e998ae00e59ea

SHA512
07279c40721414f6ab345f83d9189c3c7012a54fc839359cb33cf4793ea771507535518554be99bac339463b7bee89e263e7a5cdd3f443a550ca6476c350a2a4

Download Submit
C:\ProgramData\Package Cache\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\state.rsm

Filesize
716B

MD5
fcc49318d75cf777da15213412bd48c8

SHA1
3b15ac54e0ee3f176b99bd96c65cfb8b652d374a

SHA256
c539feb32a4694b406fe429c3b901a7f8f91210c2dc5229b3bd05318c92c329c

SHA512
817b9427b2c4e10cd266a806f21004ab2dabe741fa69466eabce34fe59c79e46087a1d9f07378a4fa598eeaee9f18462358457018a9f7b038efb3af8d02ce0be

Download Submit
C:\ProgramData\Package Cache\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\vcredist_x64.exe

Filesize
455KB

MD5
622a95e2fccc1657cb2a760688b40665

SHA1
3feda4e77dcd8faf189371c71a35066b01320873

SHA256
e52469f3bce3768b43615ba44bc891dd2cda1b8e05659debd0cdbdebaaf9b199

SHA512
cd7a4705a8b7543d85b9d45d2832641d9783232494c66570d0a1084dbeb67cbfb5f4143e0deda7840f8f53db890f1029f9faf2a8814c1e885aa618f028a0b6b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230208160353_000_vcRuntimeMinimum_x64.log

Filesize
2KB

MD5
d97bc8ac3a397581e2b407ab60e9001c

SHA1
18f320e55b9b12d7e6c140fea641d15cf8a94543

SHA256
eb5027c65a851c37ac9615011668ab65da70e67e168f53bb5bff20effc1fab19

SHA512
95721a7263f4ae763a76e06318d587ba0a33c5f6c23cd5902bbcc1d8a01c653efd5c87f3f666bfc1560b5e47392816d7c571a0d5882189e47ae95274be9dbf08

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230208160353_001_vcRuntimeAdditional_x64.log

Filesize
2KB

MD5
4ae372af7200e056b09c719f72e85927

SHA1
77601d144ff91dbd5844fb6e32cd3fccd6c0d9c1

SHA256
33f4b87ae9854f931114795910cad096bbc6fde4e17b6b81c5c956a339bdbd26

SHA512
f803ca7192476ba45081d5c7b24be3007abc9316704f12506c25ac5a2cde590270902d7b1c87b54397c7eecbcf743b40a91cdef099af27880dc2b90d857fb080

Download Submit
C:\Users\Admin\AppData\Local\Temp\eb76f398-51d1-4ff6-9c74-ed37ad3e9fb8.tmp.node

Filesize
6.9MB

MD5
11ad5152cea4029a01a6f9c6176f1d95

SHA1
4ad08bfb4d8f8142d3bd4d795c0277cbeed751f6

SHA256
b16767c074e5e78da0c8732032889e6559d0786f18357f0ee2a4eab4a5c4a8a4

SHA512
3b23e63bcc38f3de69b1df9e6e95ceefea5f724626e649f3da3a6e2c152fd205a4f893c2e169a0d4f3176de861f55a8681c57fa95c5827f9c07f3014e74f0ba7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\VC_redist.x64.exe

Filesize
24.1MB

MD5
0c86174ca06d892881301203cdf2c32d

SHA1
2b7462bb7732725f011a085349d6d206eed40048

SHA256
5d3d8c6779750f92f3726c70e92f0f8bf92d3ae2abd43ba28c6306466de8a144

SHA512
16c1b043c81394bab65b40c5a9c5b742300cb605d9780226af725bf4d6e38c701f604549b2a3b2138ae951aadfc53faea66c97268c8c61c6c4f0771426ecca62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\VC_redist.x64.exe

Filesize
24.1MB

MD5
0c86174ca06d892881301203cdf2c32d

SHA1
2b7462bb7732725f011a085349d6d206eed40048

SHA256
5d3d8c6779750f92f3726c70e92f0f8bf92d3ae2abd43ba28c6306466de8a144

SHA512
16c1b043c81394bab65b40c5a9c5b742300cb605d9780226af725bf4d6e38c701f604549b2a3b2138ae951aadfc53faea66c97268c8c61c6c4f0771426ecca62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm186B.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.be\vcredist_x64.exe

Filesize
455KB

MD5
622a95e2fccc1657cb2a760688b40665

SHA1
3feda4e77dcd8faf189371c71a35066b01320873

SHA256
e52469f3bce3768b43615ba44bc891dd2cda1b8e05659debd0cdbdebaaf9b199

SHA512
cd7a4705a8b7543d85b9d45d2832641d9783232494c66570d0a1084dbeb67cbfb5f4143e0deda7840f8f53db890f1029f9faf2a8814c1e885aa618f028a0b6b1

Download Submit
C:\Windows\SYSTEM32\VCRUNTIME140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Windows\System32\vcruntime140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Windows\Temp\{0DCC9045-4ED5-4BBD-BF9A-D45581A7A285}\.cr\VC_redist.x64.exe

Filesize
634KB

MD5
464799b58f1090430afa4aa6183bedb6

SHA1
f2b3d878516031e4d968fa8d7b160a14e51688e8

SHA256
42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571

SHA512
7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b

Download Submit
C:\Windows\Temp\{0DCC9045-4ED5-4BBD-BF9A-D45581A7A285}\.cr\VC_redist.x64.exe

Filesize
634KB

MD5
464799b58f1090430afa4aa6183bedb6

SHA1
f2b3d878516031e4d968fa8d7b160a14e51688e8

SHA256
42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571

SHA512
7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b

Download Submit
C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\.be\VC_redist.x64.exe

Filesize
634KB

MD5
464799b58f1090430afa4aa6183bedb6

SHA1
f2b3d878516031e4d968fa8d7b160a14e51688e8

SHA256
42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571

SHA512
7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b

Download Submit
C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\.be\VC_redist.x64.exe

Filesize
634KB

MD5
464799b58f1090430afa4aa6183bedb6

SHA1
f2b3d878516031e4d968fa8d7b160a14e51688e8

SHA256
42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571

SHA512
7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b

Download Submit
C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.4MB

MD5
1a7fda01018e33117041e2b5725916ea

SHA1
513deae0ed56c851c3a877a03b49489b595c621c

SHA256
de8136207a6ad76ab507e7c35f44fbf6ab9692d119453ae5af7f025d24ac138f

SHA512
b672c1e1b5a90299f0b05de15b18f49aab5f8d2a3cec07d4e4290def476ea7e0b643105848d3e814cd82abe68c6663aebe7c4d72ee846cb8bbefc71e9286612d

Download Submit
C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\cab5046A8AB272BF37297BB7928664C9503

Filesize
869KB

MD5
13f098f4d6afca8049843ad230c32902

SHA1
dae3ad20a6966b267469e21d6a55706f762a4afe

SHA256
4f2b1de049338f791dab6d5d8be6edac556a33b5b4abd8b06662a25ed7c17a37

SHA512
cd0d37f5e027792ac6660af9d1b93cfef1ea367415f949f822379781b079cbd2a15d48b29b3c868f70154e9672f5616d19092b321028cd07d5d8e326d482993a

Download Submit
C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\vcRuntimeAdditional_x64

Filesize
180KB

MD5
4963ff6455aad7d1f9d9d47e0ae3fa89

SHA1
bd44672354dc55d828b39bfc1d49543a8f8dce79

SHA256
39699ef0144e0b375091fd1824e940f8c91e4dbb7eb5b568903d4baf70e6d2cf

SHA512
ca419a5ab17533d3c1263c5e9c5334a13290495b87a86b41bf04058872874376114b4d62ca66cee9863c673862d513899dd80dafd4dece6a999702e2ad8c3bff

Download Submit
C:\Windows\Temp\{778C3083-39FB-4E9E-A163-71EC9DFA827D}\vcRuntimeMinimum_x64

Filesize
180KB

MD5
a074f9ba7166e1f8ad9db84ce76d843a

SHA1
2a36a3d8707f8b4fec94e26ec6e2a5df721591eb

SHA256
a3ba9b962f0e5ecdcfa3f9ff7b25bf7b61d78abe5f393ee45f71ef7ce0d9d497

SHA512
8ef81f2680f2b2de0453f2f2e8f209257c38f0e243a55d478a0085415af1483771741b09009eee3b1b78530016ca53c38b00918c5a6a91d947576d3b061bd31f

Download Submit
memory/812-201-0x0000000000000000-mapping.dmp

Download
memory/1472-204-0x0000000000000000-mapping.dmp

Download
memory/3140-148-0x0000000000000000-mapping.dmp

Download
memory/3412-144-0x0000000000000000-mapping.dmp

Download
memory/3464-177-0x0000000000000000-mapping.dmp

Download
memory/3876-181-0x0000000000000000-mapping.dmp

Download
memory/4120-178-0x0000000000000000-mapping.dmp

Download
memory/4612-141-0x0000000000000000-mapping.dmp

Download
memory/4816-151-0x0000000000000000-mapping.dmp

Download
memory/5116-155-0x0000000000000000-mapping.dmp

Download